Wi-Fi Hacking using Evil Twin Attacks and Captive Portals! — Part 3

Madura Rajapakshe
5 min readFeb 4, 2021

--

Okay so in this section I’m going to show you how to sniff and inject packets into a wireless network. So, first off, I need to scan all the wireless networks around and do that. I would type “airodump-ng” which is a packet sniffer program and the monitoring mode wireless interface “wlan0mon” and press enter to start the scanning.

“airodump-ng wlan0mon”

and you can see useful information from all the wireless networks around like the MAC address, channel number, encryption type, and network name. Now to Stop the scanning process use control plus C. So, let’s see how to sniff packets from one specific network. And in my case the target network is SkyNet. Also, make sure you are doing this test on your own network. So, let’s get started by typing the following command “airodump-ng — bssid” and copy the MAC address from the target network and past it. Then you need to specify the channel using “-c” and the channel number which is 6. Now the next step is to type “-w” for the right and put the file name. This is the file where all the data will be saved. And in my case, I would type capture and lastly put the wireless interface “wlan0mon” and press enter.

“airodump-ng — bssid 38:43:7D:BF:B1:90 -c 6 -w capture wlan0mon”

This will start capturing all the packets from the wireless network in a file called capture-01.cap. So, to find a file I will open a new tab and type ls and you can see capture-01.cap.

Now let’s see how to inject packets into the target network. So, to do that I’m going to type the following command “aireplay-ng — deauth” for the de-authentication attack and put the number of packets which one to send. And for this example, I will use “10” and then type “-a” and put the MAC address for the target network and the wireless interface wlan0mon.

Now let’s analyze the fire to see if I have successfully injected those packets so I’ll type Wireshark and capture file name and press enter.

And now I’m going to look for the authentication packets we can see here. This package will disconnect all the claims from the wireless network.

Now let’s create an access point on Linux. Now the first thing you need to do is to install DNS mask and host APD by typing “apt install dnsmasq hostapd” in the terminal and press enter.

Then you need to stop all the interfering processes using “airmon-ng check kill”.

So, the next step is to create the configuration files for the DNS mask and host APD. And in my case, I already created the files in the home directly. So, if I use “ls” you can see the DNS misconfig file and host APD.

Now let’s understand how these files work.

So, I will type “nano” which is a text editor, and put the name for the config file “nano dnsmasq.conf”.

And here in the first line, you need to put the name for your wireless interface which you can easily find using “iwconfig” command and the next line will set the IP range for the clients. So, when clients call connects to your access point the DHCP server will give them an IP address, and then you have the gateway IP address. In other words, the router and the DNS server which is used to translate domain names into IP addresses. Close this file using [ctrl + x] and open the host APD config file using nano and the name of the file “nano hostapd.conf”.

And here we see some very simple settings and the first line is the wireless interface wlan0 and the second is the wireless network name which you can change it to whatever you want and then you have to put a channel number and the driver. So, at this point you can start the access point using the following commands. “dnsmasq -C” and put the location for the configuration file and press enter.

And now the DNS and the ACP server are running in the background. Once done with that type “hostapd [location]” and put the location for the configuration file and press enter.

And you can see the test Wi-Fi network has been started. Now let’s go to a Windows machine and see the wireless network is visible. And here on taskbar, you can see the test Wi-Fi network.

So, let’s go back to the Kali machine and show you another simple method on how to create an access point. And this time I’m going to use a tool from aircrack called “airbase-ng” so to test follow the below command. “airbase-ng -e [wireless network name]” put a wireless network name then you need to set the channel using “-c” and put the channel number and the wireless interface wlan0 and press enter and known to access point is up and running.

--

--

No responses yet