MITM over wireless

Question

I was trying to perform MITM attack over wireless. The thing I used is

airbase-ng --essid "FAKEAP" -c 10 wlan0mon

to create a fake access point. This created a tap interface at0 on which I ran isc-dhcp-server to hand out IP address.

When a client connects to this access point, it gets IP address and shows connected for like 10 seconds, after that I get disconnected and again connect to my AP for like 10 sec.

This connection and disconnection keeps on repeating. So can somebody tell what can be the possible solution?

Steps I am doing are:

$airmon-ng start wlan0

$vim /etc/dhcp/dhcpd.conf
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.250;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255
option domain-name-servers 8.8.8.8;
}

$vim /etc/default/isc-dhcp-server
INTERFACESv4="at0"

$vim /etc/network/interfaces

ifauto at0
iface at0 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.1
broadcast 192.168.1.255

$airbase-ng --essid "FAKEAP" -c 10 wlan0mon

The above command starts the fake AP

$ifconfig at0 up

$iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

$iptables -A FORWARDING -i at0 -j ACCEPT

$systemctl restart isc-dhcp-server

Answer 1

First of all you do not need to do:

airmon-ng start wlan0

In order to create an AP you do not need to have the WiFi interface in monitor mode.

You should also try to remove other processes using the WiFi interface:

airmon-ng check kill

The documentation says:

“check” will show any processes that might interfere with the aircrack-ng suite. It is strongly recommended that these processes be eliminated prior to using the aircrack-ng suite. “check kill”

Some of these processes could interfere with aircrack.

And in my opinion you should check mana toolkit, is a suitte of scripts focused on mitm attacks over wireless.

For example this script from mana toolkit will create a rogue AP. You will only need to set the network interfaces.