search

wifiphisher / roguehostapd

Hostapd fork including Wi-Fi attacks and providing Python bindings with ctypes.
BSD 3-Clause "New" or "Revised" License
171 stars 67 forks source link

The problem of cloning a router that does not participate in an attack #9

Closed Dissfall closed 5 years ago

Dissfall commented 6 years ago

commit eb077f0f67daeeef1cc878312508fe8f9f3f4c7f elementary OS 0.4.1 Loki (Ubuntu 16.04.3 LTS)

Hi! I encountered this problem when using wifiphisher. When I create an access point using karma attack (-kA) for reasons I do not understand, the access point has the name of my router to which this interface was previously connected.

Examples

Just create an access point with karma: sudo python run.py -ssid rogue -i wlp1s0 -kA Output:

Configuration file: /tmp/hostapd.conf
Using interface wlp1s0 with hwaddr b0:c0:90:47:28:83 and ssid "rogue"
wlp1s0: interface state UNINITIALIZED->ENABLED
wlp1s0: AP-ENABLED 
wlp1s0: interface state ENABLED->DISABLED
Removing karma station da:a1:19:23:93:21
Removing karma station da:a1:19:4d:bf:05
Removing karma station b4:18:d1:2f:53:e6
wlp1s0: AP-DISABLED 
nl80211: deinit ifname=wlp1s0 disabled_11b_rates=0

APs on my phone: img_2906 1 - My router, my phone is connected 2 - New cloned AP

wlp1s0 info:

Link encap:Ethernet  HWaddr b0:c0:90:47:28:83  
inet addr:192.168.0.104  Bcast:192.168.0.255  Mask:255.255.255.0
inet6 addr: fe80::4507:ef70:3672:7797/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1400  Metric:1
RX packets:633046 errors:0 dropped:1 overruns:0 frame:0
TX packets:520182 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 
RX bytes:737631348 (737.6 MB)  TX bytes:66158646 (66.1 MB)

Using wifiphisher: sudo wifiphisher -aI wlp1s0 -eI wlx20e317038ec9 -iI enp0s20u2

[*] Starting Wifiphisher 1.4GIT ( https://wifiphisher.org ) at 2018-06-15 10:05
No handlers could be found for logger "wifiphisher.interfaces"
[+] Selecting wlx20e317038ec9 interface for the deauthentication attack
[+] Selecting wlp1s0 interface for creating the rogue Access Point
[+] Changing wlp1s0 MAC addr (BSSID) to 00:00:00:4b:1c:87
[+] Changing wlx20e317038ec9 MAC addr to 00:00:00:7a:e7:46
[*] Cleared leases, started DHCP, set up iptables
[+] Selecting Firmware Upgrade Page template
[*] Starting the fake access point...

img_2907 1 - My router, my phone is connected 2 - New cloned AP 3 - My target AP (evil twin)

sophron commented 6 years ago

Hi @Dissfall,

These networks are only visible to you. Have a look at my answer here and let me know if you have further questions.