Re: Rogue AP Wireless on Windows/Linux

[James Fryman <jfryman () gmail com>]

Have you looked into using HostAP Daemon? [*nix]

http://hostap.epitest.fi/

This driver specifically is designed to turn a wireless card into an
access point. From there, you can bridge the connection onto the
actual physical network to and simulate a MITM attack by sniffing all
traffic using Ethereal, tcpdump, or your sniffer of choice! Could even
simulate WEP or WPA using the HostAP driver or the wpa_supplicant to
properly simulate the actual access point.

You might be able to force connection by grabbing the MAC address of
the original AP, and spoof the MAC address on the card, and then I can
see cards associating with the heavier signal automatically, as it
will assume you are a simple repeater.

Let me know how it works!

-James

On Apr 8, 2005 1:52 PM, szynkro () gmail com <szynkro () gmail com> wrote:
> Hi,
>
> I'm looking for a way/all in one tool to simulate a wireless Access
> Point on a Windows XP and/or Linux system preferably with built-in
> DHCP daemon and all.
> The goal is to see if we can trick wireless clients in connecting to
> the AP, sniffing for potential credentials and other interesting stuff
> etc...
>
> I've heard about hotspotter, airsnarf and alikes but don't know if
> they are valid...
>
> The scenario would be sniffing the unknown wireless network for valid
> SSID's and setting the SSID on the rogue AP.... then fingers crossed I
> guess that signal is strong enough to get some clients connecting. Can
> we force/help the client in associating with the rogue AP?
>
> Anyone some other valid (recent) Wireless Pen-Test scenario's?
>
> thanks


-- 
----------------------------------------------------
James Fryman
A+, Security+, MCP, MCSA, MCSE