Last updated: February 11, 2023
You like to have free internet access ? Today, most cafes, hotels, shopping malls, airports and other places offer their customers free wifi access. That's good, but are you sure you're really connecting to a real Wifi network and not on something intended to steal all your passwords?
It's hard to know, but to show you how easy this kind of thing is to implement, we're going to introduce you to the mitmAP tool.
mitmAP is a small Python program that automatically creates a fake access point with several features.
In this tutorial we will see how create a wifi hotspot with a computer under Kali Linux. You will be able to use this hotspot to share your connection, but the goal here is to see how hackers can easily manipulate traffic and collect confidential information.
What is a fake WiFi hotspot?
A fake WiFi hotspot is a kind ofhoneypot» created from scratch to intercept the traffic of potential targets who would come to connect to it. The attacker can then listen to the packets (attacks Man-inthe-middle) and retrieve interesting data such as cookies, usernames / passwords or FreeWiFi, SFR WiFi Public connection codes, etc.
Of course, retrieving information in this way is clearly prohibited, but the purpose of our demonstration is to educate users about the risks of open hotspots.
The technique consists of making the victim believe that he is addressing a trusted third party - bank, administration, etc. - in order to extract personal information: password, credit card number, number or photocopy of the national identity card, date of birth, etc.
Example of using mitmAP
In order to set up a test environment, you will need to have a Linux machine and download the mitmAP tool.
Installing the mitmAP tool
To download the mitmAP tool, you can find it here: https://github.com/xdavidhu/mitmAP
Here is the install command:
Launch the mitmAP tool
Then just run it with python3 and it will automatically install all the missing dependencies.
sudo python3 mitmAP.py
Configure Fake Wifi Hostpot
At this stage, you will need two Wifi network interfaces:
- The first device is the wireless interface you want to use as an access point (hostpot)
- The second device is the interface you want to use for the WAN connection.
In this test, we used an external USB Wifi card to act as a hostpot (wlan1) and a wireless card built into our machine (wlan0) to act as a WAN connection. Use the 'ifconfig' command to see your internet interfaces and modify them accordingly.
Once you have sorted your interfaces, run MitmAP again with the command below.
After entering the interface names, you will be asked if you want to use SSLStrip . This tool will attempt to downgrade client connections to HTTP instead of HTTPS. This can be a great way to capture credentials, so we'll enable it.
Next, you will be prompted to enter an SSID (service set identifier) for the access point - this is the name of your fake Wifi Hostpot. If you enable encryption, you will need to set a password.
Then, you are asked if you want to use Tshark. Obviously, for this attack to be useful, we would need a pcap (packet capture) log, so we selected yes.
Finally, MitmAP will ask you if you want to manually configure DNS spoofing. We left the default option of no.
Voila, you are done! Your fake Wifi Hostpot is ready and working perfectly. All you have to do now is wait for the user to connect to your fake Wifi network.
Capture the information circulating on the hotspot
Now that we've captured some information, let's see what we get when we close the evil hostpot.
To shut down the access point, you must use Ctrl + C two times in a row. MitmAP stops and fixes its changes to the system.
All recovered information is stored in the folder mitmAP/logs.
For example, to find the captured passwords in the logs, one needs to run the following command in the terminal:
grep -a site name mitmap-sslstrip.log | grep passwd --color=always.
This command searches the file for the string "passwd" and colors it. The -a argument treats a binary file as if it were text. This is necessary because the generated log is a data file.