Create a Fake Network with Airbase
Next up,
let’s take a look at how you can spoof a network address to trick people
into signing into the wrong network so you can watch what they’re
doing. Hackers might do this so you sign into the fake network thinking
it’s your real one, then performing a man in the middle attack (more on
that in the next section) to gather information about you from your
traffic. This is amazingly easy to do with a tool in Kali Linux called
Airbase.
Essentially,
you’ll turn your Wi-Fi adapter on Kali Linux into an access point with
the same name as another network. In order to do this, you’ll follow the
same line of research as you did above, but the ending’s a bit
different.
Step One: Configure Your Wireless Card
Just like last time, you need to set up your wireless card to monitor traffic. Open up Terminal and type:
airmon-ng
This lists all the wireless cards that support this crack. Yours is likely listed under interface as wlan0.
Next, type in:
airmon-ng start wlan0
Now you’re in monitor mode. It’s time to find the network you want to spoof.
Step Two: Find a Wi-Fi Network to Spoof
In order to spoof a router, you’ll need some information about it. So, type in:
airodump-ng mon0
You’ll see
all the networks in your area. Locate your network from the list and
copy the BSSID, while making a note of its name and the channel it’s on.
This is the router you’re going to spoof. Tap Ctrl+C to stop the
process.
Step Three: Create a Fake Network
Now, you’re
going to create the fake network with Airbase. Type this in, replacing
the information you gathered in the last step for the parenthesis:
airbase-ng -a (router BSSID) --essid "(network name)" -c (channel) mon0
For example, it should read something like:
airbase-ng -a 04:1E:64:98:96:AB --essid "MyNetwork" -c 11 mon0
That’s it.
You’ve now spoofed the router and created a clone with the same name,
channel, and SSID number so it’s indistinguishable from the original.
Unfortunately, the computers on that network will always connect to the
most powerful router with that name automatically, so you need to turn
up the power of your fake network. Type in:
iwconfig wlan0 txpower 27
This bumps
up the power of your fake network to the maximum accepted limit so
hopefully next time they log in, they connect to you automatically. It
shouldn’t do any damage to the card as long as you don’t go higher than
27. Once they do, it’ll be just like you’re both on the same network.
That means you can access whatever they’re doing pretty easily.
How to Use This Information to Stay Safe
Spoofing a
network is tough to find, but you can usually spot it when network
traffic is slow, or if it suddenly doesn’t require a password
authentication. If you’re really paranoid someone is spoofing a router,
you can turn off the ability to automatically connect to Wi-Fi, so you
at least have time to look at the router you’re logging into.
Snoop Another Device’s Traffic with a Man in the Middle Attack with ARP Spoofing
A Man in the Middle Attack is essentially eavesdropping on your network. Here, you’ll intercept network signals between a computer and a router without the computer realizing it. We’ve shown you how to do packet sniffing and today we’ll use ARP spoofing to gather this information. Both sniffing spoofing are about listening in on conversations, but they work a little differently. Sniffing captures traffic by monitoring a network, spoofing pretends to be that network. These types of attacks are often used to grab passwords, images, and pretty much anything else you’re sending over your network.
Step One: Turn On Packet Forwarding
First
things first, you need to make your Kali Linux machine forward any
traffic it gets so the target computer can still access the internet.
Type this into the command line:
echo 1 > /proc/sys/net/ipv4/ip_forward
This will
ensure all information is forwarded after it’s intercepted. That way,
the internet and any other communications between the router and the
target computer will continue to work.
Step Two: Turn On ARP Spoofing
Now you
need to turn on ARP spoofing. This tricks the computer and the router
into thinking that your Wi-Fi adapter is a bridge. When you successfully
spoof, you can monitor all traffic between the devices. You’ll do this
twice so you can capture traffic going to your computer from the router
and from your computer to the router.
To capture traffic from your router type this in, replacing the parenthesis with your network’s information:
arpspoof -i wlan0 -t (router address) (target computer address)
You’ll see a
bunch of number outputting showing that it’s running. Leave that
running, then open another tab in Terminal and do the reverse:
arpspoof -i wlan -t (target computer address) (router address)
Both lines should look something like this:
arpspoof -i wlan0 -t 192.168.1.1 192.168.1.105
arpspoof -i wlan0 -t 192.168.1.105 192.168.1.1
Now, all
the traffic between those two machines is being collected in Kali Linux.
There are a ton of tools to actually capture this information, but
let’s just take a look at a couple of them here.
To track any URLs the computer visits, open up another Terminal tab and type in:
urlsnarf -i wlan0
This will display any web sites the computer visits.
If you’re more interested in images, you can capture any image traffic as well. Type in:
driftnet -i wlan0
A window
will pop up and display any images they load and transfer over the
network. Basically, if there’s any unencrypted information being sent
between the router and the computer, you’ll see it happen.
How to Use This Information to Stay Safe
The best
way to keep people from ARP spoofing your network is to secure your
network with a strong password and make sure they’re not in there in the
first place. That said, turning on afirewall on your machine helps as
well. Also, make sure you’re always using HTTPS when it’s available.
When HTTPS is on, an ARP spoofer won’t capture anything you’re doing.
This is especially important when you’re on public Wi-Fi and can’t
control a network’s security.
