Fake Access Point with BT5/Kali Linux

I’m not sure who to credit with the writing of the script below. It’s all over the Internet and I haven’t been able to determine with any certainty who originally wrote it.

While technically a way to attack wireless clients, I just wanted a quick way to set up and access point. This worked out well since I had a BackTrack 5 VM, a USB wireless NIC, some familiarity with the Aircrack suite, and a bit of free time.

This post assumes that you already have the Aircrack tools installed. You will also have to install and configure DHCP.

apt-get install dhcp3-server

Configure a DHCP scope for use by the wireless clients that connect to your access point. You can edit the one at “/etc/dhcp3/dhcpd.conf” or create a separate one for this task. Just be sure to change the final script to point at the new file location if you create a new one.

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet netmask {
option subnet-mask;
option broadcast-address;
option routers;
option domain-name-servers;

While this configuration uses Google’s DNS for name resolution you may want to configure BIND as well. This may be useful for other reasons…just sayin’.

Use the below script to configure your NIC, DHCP, and start the AP. Be sure to cha


echo "Killing Airbase-ng..."
 pkill airbase-ng
sleep 2;
echo "Killing DHCP..."
 pkill dhcpd3
sleep 5;

echo "Putting Wlan In Monitor Mode..."
 airmon-ng stop wlan0 # Change to your wlan interface
sleep 5;
 airmon-ng start wlan0 # Change to your wlan interface
sleep 5;
echo "Starting Fake AP..."
 airbase-ng -e FreeWifi -c 11 -v wlan0 & # Change essid, channel and interface
sleep 5;

ifconfig at0 up
# Change IP addresses as configured in your dhcpd.conf
 ifconfig at0 netmask 
 route add -net netmask gw

sleep 5;

 iptables --flush
 iptables --table nat --flush
 iptables --delete-chain
 iptables --table nat --delete-chain
 iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE # Change eth3 to your internet facing interface

echo > '/var/lib/dhcp3/dhcpd.leases'
ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid
 dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &

sleep 5;
echo "1" > /proc/sys/net/ipv4/ip_forward