hotspot - zollak/pentest-notes GitHub Wiki
The first step in creating wireless base station with Hostapd is to make sure the WLAN hardware supports running in access point mode. I'll use TL-WN722N for that.
The next step is to install the software called Hostapd. Our example commands are for Kali rolling. You need to have access to install hostapd and dnsmasq Dnsmasq is a small DNS/DHCP server which we’ll use in this setup. To start simply run:
apt install hostapd dnsmasqAfter that you need to create and edit the configuration file on /etc/hostapd/hostapd.conf:
interface=wlan0
hw_mode=g
channel=6
#driver=
ssid=Test-AP
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256
rsn_pairwise=CCMP
wpa_passphrase=PASS
The relevant parts are a simple WPA2 protected 802.11g network with the SSID ‘Test-AP‘ and password ‘PASS‘. Of course you need to set up your password a strong one. Furthermore you need to check interface name with dmesg or iwconfig commands.
Then we need to have a DNS relay and DHCP server on our wlan0 interface so the clients actually get a working Internet connection, and this can be accomplished by configuring dnsmasq. Like hostapd it also has a very verbose configuration file /etc/dnsmasq.conf, but the relevant parts look like this:
log-facility=/var/log/dnsmasq.log
interface=wlan0
dhcp-range=10.0.0.10,10.0.0.250,12h
dhcp-option=3,10.0.0.1
dhcp-option=6,10.0.0.1
#no-resolv
log-queries
The same computer also runs Network Manager (as for example Kali does by default) you need to edit it’s settings so that if won’t interfere with the new wifi access point. Make sure file /etc/NetworkManager/NetworkManager.conf looks like this:
[main]
plugins=ifupdown,keyfile
dns=dnsmasq
[ifupdown]
managed=false
Next you need to create script as 'startap.sh':
#!/bin/bash
nmcli radio wifi off
rfkill unblock wlan
WLAN="wlan0"
if [ -n "$1" ]; then
WLAN=$1
fi
echo "[*] Start DHCP and DNS server..."
sed -i "/interface/s/=.*/=${WLAN}/" /etc/dnsmasq.conf
service dnsmasq restart
echo "[*] Configure wlan interface..."
ifconfig $WLAN 10.0.0.1/24 up
sleep 2
echo "[*] Start hostapd daemon..."
sed -i "/interface/s/=.*/=${WLAN}/" /etc/hostapd/hostapd.conf
#service hostapd start
hostapd -B /etc/hostapd/hostapd.conf
echo "[*] Configure firewall..."
echo '1' >/proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEAs you can see above the iptables set all http/https traffic from wlan0 to port 8080. If you set burp as a proxy on interface 10.10.10.1:8080 the traffic goes trough that. If you don't need proxy skip the PREROUTING rules (e.g. comment out).
Now all configuration should be done. To be sure all changes take effect, finish by rebooting the computer.
If everything is working, after restart you need to connect the USB WLAN card that should be detected by wlan0 device. Than you just run your startap.sh script.
If you want to stop your AP, you can create 'stopap.sh' script something like this:
#!/bin/bash
WLAN="wlan0"
if [ -n "$1" ]; then
WLAN=$1
fi
echo "[*] Reconfigure firewall..."
echo '0' >/proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
echo "[*] Stop hostapd daemon..."
# 'service' command worked with kali1
#service hostapd stop
pkill hostapd
service hostapd status
echo "[*] Stop DHCP and DNS server..."
# 'service' command worked in kali1
#service dnsmasq stop
/etc/init.d/dnsmasq stop
service dnsmasq status
echo "[*] Turn off wlan interface..."
ifconfig $WLAN down
ip addr flush dev $WLAN
ifconfig $WLANIf you want set up permanently your AP you will find some useful information here.