1
00:00:02,010 --> 00:00:09,450
So a variant of the fake AP attack is when the attacker mimics the settings of a legitimate app to create

2
00:00:09,450 --> 00:00:13,140
a virtually identical app called an evil twin.

3
00:00:14,870 --> 00:00:21,380
Appropriately named, I'm sure, so the yes side of both the legitimate AP and the fake AP is exactly

4
00:00:21,380 --> 00:00:21,920
the same.

5
00:00:23,780 --> 00:00:29,330
So now in this lecture, we're going to create an evil twin access point by giving the IP address to

6
00:00:29,330 --> 00:00:35,060
the client that will attempt to authenticate to the access point and then in this way will see the network

7
00:00:35,060 --> 00:00:36,200
traffic of the client.

8
00:00:37,310 --> 00:00:42,030
And actually, we're going to perform a man in the middle attack as well.

9
00:00:42,050 --> 00:00:49,100
So let's start her up, go to Kelli, open up a terminal screen switch usat route with the command.

10
00:00:49,170 --> 00:00:55,490
Pseudolus, you dash check the mode of your wireless adapters interface.

11
00:00:55,610 --> 00:01:00,860
If it's in management, change it with the air and start w land zero command.

12
00:01:02,630 --> 00:01:05,210
And will kill the other wireless interfaces.

13
00:01:10,690 --> 00:01:14,100
All right, so now create a fake access point with air base energy.

14
00:01:14,980 --> 00:01:20,410
This time, I'll create a fake access point with open authentication to authenticate without a key.

15
00:01:22,250 --> 00:01:23,870
So if that will open a new terminal.

16
00:01:24,890 --> 00:01:32,090
Now install DNS mask that provides domain name system or DNS forwarding.

17
00:01:33,190 --> 00:01:39,310
Now, as you should already know, DNS is responsible for resolving name queries, which allows us to

18
00:01:39,310 --> 00:01:46,430
serve the World Wide Web, I don't know, is anybody still call it a dub dub dub or the W w w?

19
00:01:47,650 --> 00:01:50,610
But anyway, that's how we visit websites, right?

20
00:01:50,950 --> 00:01:58,510
So the DNS MASP program assists in providing DHP clients access to the Internet just by forwarding their

21
00:01:58,510 --> 00:02:04,150
DNS queries to actual DNS servers or recursive resolvers of our choosing.

22
00:02:06,430 --> 00:02:11,590
All right, so will install DNS mask with and install DNS mask.

23
00:02:12,870 --> 00:02:13,920
Of course, I already have it.

24
00:02:15,390 --> 00:02:23,610
The gas mask comes with its own DNS, Mazda's config files stored in the cell ACTC slash folder.

25
00:02:24,850 --> 00:02:31,810
And we can view this configuration file just by executing the Nanosolar slash DNS mask.

26
00:02:33,720 --> 00:02:36,710
So we need to add some parameters in this config file.

27
00:02:37,840 --> 00:02:41,020
Right, the parameters that I wrote here into your own config file.

28
00:02:55,200 --> 00:03:01,980
And then use a keyboard, command and control as to save and quit with control ex.

29
00:03:03,820 --> 00:03:12,760
So base energy sets the fake access point on interface at zero, so we must bring this interface up,

30
00:03:12,760 --> 00:03:17,620
configure it, enable IP forwarding as well as a few other parameters.

31
00:03:18,570 --> 00:03:22,650
So first will run if config eight zero up.

32
00:03:23,590 --> 00:03:26,320
So brings up the eight zero interface.

33
00:03:27,480 --> 00:03:41,310
Secondly, if config at zero 10 zero zero one net Marzook 255 255 255 zero, and that sets the eight

34
00:03:41,370 --> 00:03:47,070
zero interface I p address as 10 zero zero one.

35
00:03:47,400 --> 00:03:50,220
And then the sub mascot's last 24.

36
00:03:52,600 --> 00:04:05,110
Root and dash net 10 zero zero zero net Marzook 255 255 255 zero, GW 10 zero zero one.

37
00:04:05,980 --> 00:04:12,100
And then that will create a static root in our routing tables so that any traffic from our clients will

38
00:04:12,130 --> 00:04:21,100
be forwarded to the real gateway at 10 dot zero zero one, which is actually part of the 10 zero zero

39
00:04:21,340 --> 00:04:24,250
zero 24 network.

40
00:04:25,750 --> 00:04:31,210
So IP tables dash p forward xcept.

41
00:04:32,600 --> 00:04:36,050
Creates a policy to accept forwarding in the chain target.

42
00:04:36,900 --> 00:04:39,720
This makes our Linux machine act like a router.

43
00:04:41,430 --> 00:04:44,340
IP tables, dashty nat'l.

44
00:04:45,390 --> 00:04:47,430
Dash a post routing.

45
00:04:48,320 --> 00:04:55,400
Dash o w land zero man dash j masquerade.

46
00:04:56,730 --> 00:05:02,250
That allows us to rout outbound traffic without disrupting the normal flow of traffic on the network

47
00:05:03,210 --> 00:05:06,570
masquerade option kind of acts like a source, Nat.

48
00:05:09,030 --> 00:05:20,190
Echo once again, prognosis slash net, slash IPV for slash IPI forward and Abels IP forwarding, the

49
00:05:20,190 --> 00:05:24,270
one just enables the IP forwarding while a zero will disable it.

50
00:05:25,800 --> 00:05:31,000
All right, so we'll see these commands to a text file, and when you create a fake access point in

51
00:05:31,020 --> 00:05:32,400
a Web cracking section.

52
00:05:33,610 --> 00:05:34,630
We'll use them again.

53
00:05:37,160 --> 00:05:43,100
All right, so we're ready now, so we will run DNA mask using the config file.

54
00:05:45,860 --> 00:05:54,830
So execute DNS, Maska Dash CS etsi dash DNS Mascotte conf dash de.

55
00:05:59,210 --> 00:06:02,450
And then we'll connect to this access point with a phone.

56
00:06:05,140 --> 00:06:12,520
So, see, when I connect to the fake access point, logs appear on the screen and then DNS mask gives

57
00:06:12,520 --> 00:06:14,410
an IP address of the device.

58
00:06:17,150 --> 00:06:24,290
OK, so I actually don't know why right now, but it didn't give the IP address to Zao me, so I'm going

59
00:06:24,290 --> 00:06:26,480
to just try and connect with the iPhone.

60
00:06:29,570 --> 00:06:33,440
OK, so as you can see, I am able to monitor iPhone traffic.