Creating a fake access point (honeypot)

Fake access points can be handy in many scenarios, one example is creating an open AP, this will attract a lot of clients, many of which will automatically connect to it. Then we can sniff all the traffic created by the clients that connect to it, and since its open, the traffic will not be encrypted!

In order to do this, we need two cards:

1. One connected to the Internet.

2. WiFi card to broadcast as an access point.

Clients now send requests to the hacker's wifi card, the hacker sets up his machine so that every request coming from the wifi card is forwarded to the 2nd card that's connected to the Internet.

The response comes back from the 2nd card, through the hacker's machine to the wifi card which forwards it to the client that requested it.

Tool: Mana-Toolkit

Mana-Toolkit makes the whole progress very simple, it automatically creates a new AP and starts sslstrip/firelamp and even attempts to bypass HSTS which is used by Gmail and Facebook.

Mana has 3 main start scripts:

1. Start-noupstream: starts an AP with NO internet connection.

2.Start-nat-simple: this starts a regular AP using Internet connection in the upstream interface.

3.start-nat-full: starts AP with an Internet connection, it also starts sslstrip, sslsplit, firelamp and attempts to bypass HSTS.

apt-get install mana-toolkit

gvim /etc/mana-toolkit/hostapd-mana.conf

gvim /usr/share/mana-toolkit/run-mana/start-nat-simple.sh

bash /usr/share/mana-toolkit/run-mana/start-nat-simple.sh

The first ethernet card connects to the Internet.

The second wifi card is ready for use.

Download and install Mana from https://github.com/sensepost/mana.

Modify the start-nat-simple.sh file.

Modify the hostpad-mana.conf file.

Run mana script successfully.

bash start-nat-simple.sh

But it doesn't work well. Please see the detailed information:

https://www.slideshare.net/sensepost/improvement-in-rogue-access-points-sensepost-defcon-22

More information about hostpad setting:

https://github.com/sensepost/hostapd-mana/blob/master/hostapd/hostapd.conf

I will try Berate_ap or BetterCap later.

https://github.com/sensepost/berate_ap

https://www.bettercap.org/intro/

Ethical Hacking - NETWORK PENETRATION TESTING(6)的更多相关文章

  1. Ethical Hacking - NETWORK PENETRATION TESTING(15)

    ARP Poisoning - arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of ...

  2. Ethical Hacking - NETWORK PENETRATION TESTING(22)

    MITM - Wireshark WIreshark is a network protocol analyser that is designed to help network administa ...

  3. Ethical Hacking - NETWORK PENETRATION TESTING(14)

    MITM - ARP Poisoning Theory Man In The Middle Attacks - ARP Poisoning This is one of the most danger ...

  4. Ethical Hacking - NETWORK PENETRATION TESTING(13)

    Nmap Nmap is a network discovery tool that can be used to gather detailed information about any clie ...

  5. Ethical Hacking - NETWORK PENETRATION TESTING(12)

    Post Connection Attacks Sophisticated attacks that can be used after connecting to the target AP. Ga ...

  6. Ethical Hacking - NETWORK PENETRATION TESTING(11)

    Securing your Network From the Above Attacks. Now that we know how to test the security of all known ...

  7. Ethical Hacking - NETWORK PENETRATION TESTING(10)

    WPA Craking WPA was designed to address the issues in WEP and provide better encryption. The main is ...

  8. Ethical Hacking - NETWORK PENETRATION TESTING(8)

    WEP Cracking Basic case Run airdump-ng to log all traffic from the target network. airodump-ng --cha ...

  9. Ethical Hacking - NETWORK PENETRATION TESTING(7)

    Gaining Access to encrypted networks Three main encryption types: 1. WEP 2.WPA 3.WPA2 WEP Cracking W ...

  10. Ethical Hacking - NETWORK PENETRATION TESTING(5)

    Deauthentication Attacks Theory This attack is used to disconnect any device from any network within ...

随机推荐

  1. cb46a_c++_STL_算法_逆转和旋转reverse_rotate函数advance

    cb46a_c++_STL_算法_逆转和旋转reverse_rotateSTL算法--变序性算法reverse() 逆转reverse_copy()一边复制一般逆转rotate()旋转,某个位置开始前 ...

  2. Beta冲刺<2/10>

    这个作业属于哪个课程 软件工程 (福州大学至诚学院 - 计算机工程系) 这个作业要求在哪里 Beta冲刺 这个作业的目标 Beta冲刺--第二天(05.20) 作业正文 如下 其他参考文献 ... B ...

  3. 获取系统的IP地址

    获取linux主机的IP地址 问题描述 在很多软件配置过程中,都需要设置ID信息,通常我选择使用系统配置的eth0网卡的IP地址信息,比如salt-minion-id,在通过cobbler批量安装操作 ...

  4. Linux 开放指定端口号

    1.开启防火墙 [root@localhost opt]# systemctl start firewalld 2.查看当前防火墙状态 [root@localhost opt]# systemctl ...

  5. LQR要点

    新的“A”变成着了这样:Ac = A - KB 基于对象:状态空间形式的系统 能量函数J:也称之为目标函数 Q:半正定矩阵,对角阵(允许对角元素出现0) R:正定矩阵,QR其实就是权重 下面这段话可能 ...

  6. Ubuntu18.04 IP配置问题

    18.04 LTS 提供了通过 netplan.io 轻松配置网络连接 参考 Ubuntu18.04 发行release cn.ubuntu.com/server

  7. 改变securecrt背景色

    下拉菜单中点击 Session Options--->

  8. python编码--解码

    在py3中只有两种数据类型:str  bytes str:  存unicode(万国码)编码--全球通用的 bytes:存的是16进制的 1.str s='ehllo 丽庆'  --->它存在内 ...

  9. (私人收藏)蓝色夜空背景的通用商务PPT模板

    蓝色夜空背景的通用商务PPT模板 https://pan.baidu.com/s/1tsmPEdE5gjDDSxIyMDJGCA0m28

  10. 每日一题 - 剑指 Offer 31. 栈的压入、弹出序列

    题目信息 时间: 2019-06-25 题目链接:Leetcode tag:栈 难易程度:中等 题目描述: 输入两个整数序列,第一个序列表示栈的压入顺序,请判断第二个序列是否为该栈的弹出顺序.假设压入 ...