Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,180 --> 00:00:08,710 Okay now that we have our website cloned modified and stored in our web server we're ready to go to 2 00:00:08,710 --> 00:00:14,020 the next step which is creating our fake access point. 3 00:00:14,020 --> 00:00:20,140 Now I've covered creating fake access points before I covered how to do that manually use an airbase 4 00:00:20,200 --> 00:00:24,030 N.G. and I covered how to do that using a script that's called mine. 5 00:00:24,040 --> 00:00:27,400 I took it both of these methods are good. 6 00:00:27,610 --> 00:00:34,060 But what I want to show you today is a generic method that's first of all it's a manual method that's 7 00:00:34,060 --> 00:00:42,520 first of all faster than airbase ngi and it's also what man a tool kit uses to generate it's fake access 8 00:00:42,520 --> 00:00:43,330 point. 9 00:00:43,360 --> 00:00:44,310 So why now. 10 00:00:44,380 --> 00:00:49,540 Fluxion wife Fisher and all these scripts rely on the method. 11 00:00:49,600 --> 00:00:54,320 I'm going to show you today to create their fake access points. 12 00:00:54,340 --> 00:01:00,010 The reason why I'm kind of going low level on this is because first of all I want you to understand 13 00:01:00,220 --> 00:01:07,270 how a wireless access point works and how to manually generate one so that in the future if any of these 14 00:01:07,270 --> 00:01:15,010 tools broke and just didn't work or if you had a certain scenario or if you were just in a certain position 15 00:01:15,160 --> 00:01:20,620 where you had to kind of customize your attack then you'll know how to do that yourself without being 16 00:01:20,620 --> 00:01:22,160 limited to these tools. 17 00:01:23,720 --> 00:01:29,660 So before we do anything I just want to give you an overview a simplified version of the components 18 00:01:29,660 --> 00:01:31,730 used in an access point. 19 00:01:32,240 --> 00:01:38,630 So first of all you need a wireless device that will broadcast a signal that's going to broadcast Wi-Fi 20 00:01:38,630 --> 00:01:39,800 signal. 21 00:01:39,800 --> 00:01:44,780 Now we have a wireless interface that's going to do that for us and we're going to use a program called 22 00:01:44,780 --> 00:01:47,030 Host APD. 23 00:01:47,300 --> 00:01:53,270 Now like I said this is the program that's used by Mynah toolkit so literally my tool kit runs this 24 00:01:53,270 --> 00:01:59,030 program in the background to give you to broadcast the access point that it generates Fluxion and all 25 00:01:59,030 --> 00:02:03,840 these other tools also use host APD to create their access point. 26 00:02:04,070 --> 00:02:09,680 So we're basically removing a layer and we're literally going down layer two and we're going to be doing 27 00:02:09,710 --> 00:02:12,890 this manually ourselves through the command prompt. 28 00:02:14,440 --> 00:02:20,980 Then you'll also need a server that will give IP addresses to the client that connects to our fake access 29 00:02:20,980 --> 00:02:21,530 point. 30 00:02:22,380 --> 00:02:27,640 Now you can use a normal DTP server or you can use dnsmasq. 31 00:02:28,020 --> 00:02:35,490 I like to use DNS mask because it's a two in one server because we can actually also use it as a DNS 32 00:02:35,490 --> 00:02:38,260 server to handle DNS requests. 33 00:02:38,370 --> 00:02:44,550 And and our particular example it's going to be very useful because we're going to use it to redirect 34 00:02:44,820 --> 00:02:51,810 any requests that go to any Web site and redirect them to our logon page because we want this to work 35 00:02:51,840 --> 00:02:58,530 as a captive portal so that if people try to go to any Web site they'll end up in our logon page instead 36 00:02:58,530 --> 00:03:00,930 of actually giving them the website that they want. 37 00:03:01,990 --> 00:03:04,190 So we have three main components. 38 00:03:04,240 --> 00:03:08,910 We have a host APD that's going to generate our wireless network. 39 00:03:08,950 --> 00:03:13,840 We have a DHP server that's going to give IPs to the people that connect to this network. 40 00:03:14,170 --> 00:03:20,260 And we have a DNS server that's going to resolve DNS requests and in our example we're going to make 41 00:03:20,260 --> 00:03:25,430 it redirect any request to the IP were our fake log in page is installed. 42 00:03:25,570 --> 00:03:29,000 And that's usually our own IP. 43 00:03:29,170 --> 00:03:33,780 Now let me do this manually and it'll become more clear to you. 44 00:03:34,300 --> 00:03:36,200 So I have my Callimachi in here. 45 00:03:36,730 --> 00:03:42,680 And the first thing that I'm going to do is install DNS mask and host APD. 46 00:03:43,000 --> 00:03:56,470 So I'm going to go on my terminal and I'm just going to do up to get host APD DNS mosque so we've used 47 00:03:56,470 --> 00:04:02,890 this command so many times by now all we have to do is just do apt get install the programs that we 48 00:04:02,890 --> 00:04:07,300 want to install and we're installed and host a PDA which is the program that's going to generate the 49 00:04:07,300 --> 00:04:13,980 wireless network and dnsmasq which is our DNS server and DHP server. 50 00:04:14,320 --> 00:04:15,520 I'm going to hit enter. 51 00:04:15,760 --> 00:04:20,710 And for me they're both already installed so it's not going to solve anything for me but for you it's 52 00:04:20,710 --> 00:04:25,360 going to ask Who do you actually want to install that you're going to have to type why hit enter and 53 00:04:25,360 --> 00:04:27,700 it'll install for you. 54 00:04:27,700 --> 00:04:28,870 What's done with that. 55 00:04:28,900 --> 00:04:34,360 I'm going to connect my wireless adapter through my U.S. port. 56 00:04:34,750 --> 00:04:36,430 I'm going to go to devices. 57 00:04:37,660 --> 00:04:41,010 Us be and make sure that the adapter is selected. 58 00:04:41,060 --> 00:04:43,360 And as you can see mine is already selected. 59 00:04:43,760 --> 00:04:46,370 So if I do it config it should be there now. 60 00:04:48,170 --> 00:04:51,010 As you can see I have Landseer are already there. 61 00:04:51,170 --> 00:04:53,290 So we're good to go. 62 00:04:53,510 --> 00:04:57,690 Now the first step is going to be disable in network manager. 63 00:04:57,710 --> 00:05:05,120 The reason why I do this because he usually manages this interface and it'll prevent it from working 64 00:05:05,120 --> 00:05:10,080 properly and it's prevent it from being used to broadcast a Wi-Fi signal. 65 00:05:10,490 --> 00:05:18,520 So we're going to do a service network manager stop and that's done. 66 00:05:18,640 --> 00:05:22,460 And notice the network icon disappears from here from the top. 67 00:05:23,690 --> 00:05:27,020 Now the next step is actually not a mandatory step. 68 00:05:27,020 --> 00:05:28,350 It's an optional one. 69 00:05:28,510 --> 00:05:34,190 Well I like to do it every time I've done something like this or try to become the man in the middle. 70 00:05:34,190 --> 00:05:40,220 The reason why because I'm going to run a number of commands that's going to enable IP forwarding so 71 00:05:40,220 --> 00:05:46,640 that the packets can flow through my computer without being dropped and it it'll also delete any IP 72 00:05:46,640 --> 00:05:50,210 tables rules that might interfere with what I'm trying to do. 73 00:05:50,210 --> 00:05:52,060 So it's going to flush IP tables. 74 00:05:52,130 --> 00:05:58,490 Remove any redirections any chains that might interfere with packets that might be redirecting packets 75 00:05:58,490 --> 00:06:00,500 to places that they shouldn't go. 76 00:06:00,530 --> 00:06:08,100 So it's literally clearing any firewall rules that might be redirecting packets to somewhere else. 77 00:06:08,150 --> 00:06:12,280 Now by default you shouldn't need to do this because there shouldn't be any rules at all. 78 00:06:12,320 --> 00:06:18,200 But you never know what programs modify and add IP table the rules in the background. 79 00:06:18,380 --> 00:06:20,500 So to be safe we're going to do that. 80 00:06:20,510 --> 00:06:26,900 And I usually started this in a file in a bash script so I can just run it from terminal just to bash 81 00:06:27,140 --> 00:06:28,930 and type in the name of the script. 82 00:06:29,270 --> 00:06:35,450 But for now I'm actually just for the sake of completion I'm going to open it with a text editor and 83 00:06:35,450 --> 00:06:40,960 I'm just going to copy all the commands here so you can see the first command just enables IP forwarding. 84 00:06:41,240 --> 00:06:48,830 The second command will just flush IP tables will flush the table with the lead chains and will enable 85 00:06:48,830 --> 00:06:52,100 forwarding an IP tables. 86 00:06:52,100 --> 00:06:53,710 So again this is optional. 87 00:06:53,770 --> 00:06:59,300 It's not mandatory but it's better to do it to make sure that your IP tables is clear. 88 00:06:59,340 --> 00:07:03,580 There's nothing that's going to interfere with our attack and that it's going to work. 89 00:07:03,590 --> 00:07:07,620 And so that if it fails we'll know it's something it's nothing to do with IP tables. 90 00:07:08,120 --> 00:07:11,640 So I'm just going to paste everything here you can actually paste multi lines. 91 00:07:11,900 --> 00:07:17,750 And as you can see all of them get executed without showing any errors which means that all of them 92 00:07:17,750 --> 00:07:19,500 got executed successfully. 93 00:07:20,580 --> 00:07:25,140 Now so far we actually haven't done anything to generate our fake access point. 94 00:07:25,140 --> 00:07:27,320 We said we have two three main components. 95 00:07:27,360 --> 00:07:35,500 First start fake access point using host APD second started the HGP server and third start DNS server. 96 00:07:35,520 --> 00:07:36,480 We haven't done any of that. 97 00:07:36,480 --> 00:07:42,430 We just stopped our eyeless adapter and then we deleted any rules that might interfere with our attack. 98 00:07:42,840 --> 00:07:48,420 Now in the next lecture I'll show you how to properly configure all of these services start them. 99 00:07:48,420 --> 00:07:54,630 So we have a fully functioning fake access point that people can't connect to and use just like normal 100 00:07:54,630 --> 00:07:55,600 access point. 10737