CREATING FAKE ACCESS POINT - HONEYPOT
This is another method through which we can become the man in the middle
In this method, we replace the access point with the hacker machine
Now once we become the Man in the middle we will be able to intercept all the traffic
For this attack, a wireless adapter is required and an interface connected to a WiFi network
Here the interface will be our virtual interface i.e eth0
If you are unsure which network adapter to buy you can search it on amazon and then buy any one which suits you and you can connect it to your virtual kali linux by refferint to the post below 👇
Once we set up our wireless access point then the devices that connect to us will not notice any difference they will be able to surf the internet normally.
But now all the requests that they send will be sent through our interface and we will be able to analyse and intercept the data thus putting us in between the connection and automatically making us the man in the middle.
Now we will also be able to execute all the Man In the Middle attacks
To make our computer an access point we need to do a few things :
- We need a wireless interface to broadcast the signal
- The wireless interface should be able to forward the request from the clients
- It should also take the response and should be able to forward it to the correct client
Now there are many ways in which we can make our computer an access point some are done manually and some do most of the things by themselves.
For now, to keep things simple we will be learning an easy way but in future, I will also upload the method to all this manually which is a bit more advanced version.
STARTING THE HONEYPOT ATTACK
First we will make our network setting to use NAT network for our kali machine in virtualbox
We have to take care of one thing that the eth0 interface is connected to the internet but the wlan0 interface that is the interface of our wireless adapter is not connected to any network
To check this we will do ifconfig and we will be able to see an IP for eth0 but no IP for wlan0 and this confirms that the eth0 is connected to a network but wlan0 is not connected to any interface
Once this is configured we will start the attack
For this attack, we will be using a tool called WiFi hotspot and first, we will install it using the git hub link
To download the software on your terminal type the following commands
>> sudo apt install -y libgtk-3-dev build-essential gcc g++ pkg-config make hostapd libqrencode-dev libpng-dev
>> git clone https://github.com/lakinduakash/linux-wifi-hotspot
>> cd linux-wifi-hotspot
>> make
>> make install
Now we will simply open the application by searching for it in the kali menu
A graphical interface would be opened
Now SSID would be the name of our fake wifi hotspot let's keep it a honeypot for now
If we check on open then anyone would be able to connect to it even without the password
Wifi interface is the field in which we will put the name of our adapter through which we will broadcast the signal which is wlan0 in our case
The Internet interface is the field in which we will put the interface which has internet access i.e eth0 in our case
Now we will just select create a hotspot
Now we will use some other device to access the newly created wifi
In this scenario, I will be using my phone to connect to our hotspot
One thing to keep in mind is that whenever we will be using any Man In the Middle attack we have to use the broadcasting interface as the one to be sniffed and in our case that is wlan0
Once we are done we will click on stop to stop the fake access point.
Congratulations you have now successfully created a fake access point and learned how to become a man in the middle.