我正在尝试创建一个假 AP,以airbase-ng
测试邪恶双胞胎的工作原理。
我有一个 WiFi 适配器 TP-link WN4226 [Atheros AR9271 芯片组],它支持监控模式。我的笔记本电脑(运行 Ubuntu 20lts)通过其自己的 WiFi 适配器无线(使用 WPA-PSK)连接到互联网。
这是ifconfig
启动监控模式之前的情况:
wlp4s0 IEEE 802.11 ESSID:"Mir_Sahib"
Mode:Managed Frequency:2.412 GHz Access Point: 90:8D:78:0F:FE:CE
Bit Rate=150 Mb/s Tx-Power=22 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
Link Quality=70/70 Signal level=-33 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:291 Missed beacon:0
wlxf8d111129a12 IEEE 802.11 ESSID:"Mir_Sahib"
Mode:Managed Frequency:2.412 GHz Access Point: 90:8D:78:0F:FE:CB
Bit Rate=40.5 Mb/s Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=69/70 Signal level=-41 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:18 Missed beacon:0
enp0s31f6: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 8c:16:45:82:04:49 txqueuelen 1000 (Ethernet)
RX packets 12337 bytes 13508188 (13.5 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8993 bytes 1146468 (1.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xec200000-ec220000
wlp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.9 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::7d86:5034:5192:6952 prefixlen 64 scopeid 0x20<link>
ether 5c:5f:67:d0:44:be txqueuelen 1000 (Ethernet)
RX packets 17280 bytes 16222452 (16.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10496 bytes 1788185 (1.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlxf8d111129a12: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.10 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::3ff:6be8:710d:7bf8 prefixlen 64 scopeid 0x20<link>
ether f8:d1:11:12:9a:13 txqueuelen 1000 (Ethernet)
RX packets 264 bytes 34466 (34.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 112 bytes 21293 (21.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我已经通过 终止了所有可能干扰监控模式的进程airmon-ng check kill
,我在 Tp-Link WiFi 适配器上启动了监控模式airmon-ng start wlxf8d111129a12
,然后启动了 NetworkManager,以便我的笔记本电脑具有网络连接service Networkmanger start
。我的 TP-Link WiFi 适配器更改为 wlan0mon,显示如下mode:Monitor
内容:
wlan0mon IEEE 802.11 Mode:Monitor Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:off
我使用命令创建了一个假 AP airbase-ng -e Demo -c 11 wlan0mon
,该命令在我的手机中显示一个假 ap 名称Demo
(Redmi Note 7)
这是我dnsconfig.conf
的dnsmasq
:
interface=at0
dhcp-range=10.0.0.20,10.0.0.250,255.255.255.0,12h
dhcp-option=3,10.0.0.1
dhcp-option=6,10.0.0.1
server=8.8.8.8
server=8.8.4.4
server=64.6.64.6
server=64.6.65.6
log-queries
log-dhcp
port=5353
listen-address=127.0.0.1
iptable 规则:
#!/bin/bash
ifconfig at0 up
ifconfig at0 mtu 1500
ifconfig at0 10.0.0.1 netmask 255.255.255.0
route add -net 10.0.0.0 netmask 255.255.255.0 gw 192.168.0.1
iptables --table nat --append POSTROUTING --out-interface enp0s31f6 -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.11:80
然后我运行 iptables 规则和 dnsmasq.conf
dnsmasq -C dnsmasq.conf -d
我的问题是我可以连接到假 AP,但我的 AP 没有任何网络访问权限,我也尝试过将其更改为,但--out-interface
显然wlp4s0
也不起作用,我读到很多人正在使用 DHCP 服务器的强制技术,但我还没有尝试过。我想我的 iptables 规则可能存在问题,但无法找出问题所在。