How to: E-Z setup a Multi Mode WLAN based on a Fake AP

[radojko]

Does this script works with sslsnif v0.6, anybody test this?

For me, sslsnif 0.2 perfectly works, but with 0.6 there is no broadcast SSID, driver is mad_wifi.

[Nick_the_Greek]

Quote:

Originally Posted by radojko

Does this script works with sslsnif v0.6, anybody test this?

For me, sslsnif 0.2 perfectly works, but with 0.6 there is no broadcast SSID, driver is mad_wifi.

I can assume that you mean sslstrip and not sslsniff. Because if you mean sslsniff I will be glad to know how you achieve this.

As I already said to you in your replied PM, prefer to post and not to PM. The answer that you will get may be founded useful for someone else.

As for your question, yes I test it with v0.6 and it works except some delay in sending back data to clients. (Comparing to v0.1).

Sslstrip has nothing to do with the broadcasting ESSID.

[radojko]

Hi Nick,


you'r right for pm because of other members.

I made mistake because I'm trying to setup sslnif, actualy I had problem with sslstrip.
It seems manual installation from 0.3-0.5 works ok, but not and 0.6.

I try upgrade 0.6 with wlan.conf scriupt and problem is solved.

Cheers

radojko

[dudeman02379]

Nick,

The "from" in wlan.conf was a type. I did not actually put that word in my wlan.conf file only in my post here by accident. I will play around with the MTU settings possibly tomorrow and post my findings. I will also do some research on using an alfa (or other atheros) wireless card with FakeAP. If I find anything that I think will help I will let you know. Again thanks for the great script!

[madirish]

Hi Nick , thanks for the script , I gave it a quick try with the modes 1 & 3 & madwifi on an Atheros card ,working well for me , though sslstrip mangled the Gmail login page a little on my victim machine. I did recover the login / pass ok.I couldn't login to my bank account either.
I'm guessing that this is a limitation of sslstrip ,your script seemed to work fine.

re: the MTU problems with the alfa card , I've been busting my nuts with this for months , still no solution, so you're not alone !

I saw the other thread you started regarding MTU values & thought maybe I been lurking here on the forums long enough (since BT2)

I made a spreadsheet documenting the results of various tests I've done with Airbase & making soft AP's using an Atheros AR5007 & an Alfa awus036H
I don't have it here with me , from memory this is how it is:

the variables were
: card/chipset
; drivers
; MTU size
; distance from victim box

& the tests were
:Netstumbler (victim box) signal power
;ping time
;web browsing speeds
;streaming bbc 1 minute news
;Download a 10mB file from rapidshare

I realise that this is all probably useless information to anyone else , but here's what I found

Atheros - Best results were with Madwifi drivers & "wlanconfig ath0 create wlandev wifi0 wlanmode ap" , not using airbase.I maxed out my 1MB connection , all tests performed as if I was on ethernet!
Airbase & atheros & madwifi gave much poorer speeds , though it was usable

Alfa - r8187 ieee drivers , using various MTU , practically useless , seems to drop connection , retransmission & Dup packets seen in wireshark.
Alfa - rtl8187 mac drivers , slightly better than r8187 but still unusable , varied MTU

The tests were done using BT4 pre 2.6.29.4 , aircrack-ng 1.0 rc4 1683 ? , a basic ap- "airbase-ng -e Free -v mon0", no scripts,just transparent iptables settings , cache was cleared on the victim box before each test.

The fact that the ath0 maxxed out using madwifi ap method , and then slowed markedly using airbase-ng , with the same drivers , makes me think the 'problem' is in the airbase code -No disrepect meant whatsoever to the developers.

The ap signal strength of the alfa is very weak (I used various txpower settings up to 25 & tried highpower 1 with r8187) , I had to move the card to within 1 metre of the victim box to be able to connect , I'm thinking the next step would be to compare a beacon packet with one from a 'normal' router , look at the Beacon interval maybe ? For me the problem is not so much MTU but simply the strength of the signal , have you noticed the same ?

I found this post which may be some help -post by NetRolller 3D

"The ieee80211 stack (on which r8187 is based) doesn't allow raising the MTU above 1500, as 1500 is the highest MTU that fullmac cards can handle (ieee80211 was originally designed for Intel's IPW2xxx fullmac cards) - you must use mac80211 drivers (e.g. rtl8187) to be able to set MTUs that are allowed by 802.11, but not by wired Ethernet. (Not sure about madwifi - it uses net80211, and therefore is not affected by ieee80211's MTU limit - but it may have another limit.)"

hxxp://forum.aircrack-ng.org/index.php?PHPSESSID=7b783bbeb2071a1b50ae3e8afd7d31 9e&topic=3983.0

Thanks again for the script Nick - I'm still picking it apart , I'll post back with more when I get anything relevant

[Nick_the_Greek]

WOW madirish.

The clouds are gone now. You already answered most of my questions. Basically, for now, we can say that Alpha cards 8187 based are not recommended for the creation of a fake AP using airbase-ng.

Quote:

For me the problem is not so much MTU but simply the strength of the signal , have you noticed the same ?

It's not the best situation to have a fragment network but particularly in the fake AP matter one of the most important things is the strength of the signal.

Quote:

I made a spreadsheet documenting the results of various tests I've done with Airbase & making soft AP's using an Atheros AR5007 & an Alfa awus036H

If it happens to find that spreadsheet please make it public. There aren't useless informations. Just informations.

Quote:

I'm still picking it apart , I'll post back with more when I get anything relevant

Looking forward for any suggestions recommendations.

Nick

PS. I have a France language certificate (I got it at the end of 80's) and I remember...rien.

[MeX_latina]

This site is a gold mine and I'm running around trying to grab as much as I can....But there's so much gold I don't know where to start........Thank you all for the knowledge you share. WHAT POWER!!!

[archangel.amael]

Quote:

Originally Posted by MeX_latina

This site is a gold mine and I'm running around trying to grab as much as I can....But there's so much gold I don't know where to start........Thank you all for the knowledge you share. WHAT POWER!!!

The best way to thank people is to not go running around trying to one up the ol post count by saying thank you in every thread you come across.

[MeX_latina]

Quote:

Originally Posted by archangel.amael

The best way to thank people is to not go running around trying to one up the ol post count by saying thank you in every thread you come across.

With all do respect senior I was just puting this into practice.



hXXp://forums.remote-exploit.org/tutorials-guides/7767-important-tutorials-7.html

[khemael]

Hum.

Can't get that working even in Simple WLAN (mode 1).

Using BT4-PF
Eeepc
internet from eth0
AP Soft Wlan0 (Alfa networks)

The associated client get hist IP from the DHCP, but can't ping neither do anything. Even pinging the Gateway (192.168.2.129) doesn't work :/