I want to set up a MITM-scenario as an exercise for myself. My setup looks like this:
Internet <——–> Laptop <———-> Client
At this stage I just want to route the traffic from my AP to the internet, without monitoring it.
I use an Alfa-Network-Card in monitor-mode to create an AP with no encryption:
sudo airbase-ng -e demo wlan0mon
My next step was to set the networkinterface at0
up and assign an IP-address:
sudo ip link set at0 up sudo ip addr add 192.133.1.1/24 dev at0
I allowed ip-forwarding like this
sudo sysctl -w net.ipv4.ip_forward=1
My dhcpd.config
file is shown here:
subnet 192.133.1.0 netmask 255.255.255.0 { default-lease-time 600; max-lease-time 7200; option routers 192.133.1.1; option broadcast-address 192.133.1.255; option domain-name "demo"; range 192.133.1.10 192.133.1.50; }
To specify the interface my dhcp-server should listen on I added this line to /etc/default/isc-dhcp-server
file:
INTERFACESv4="at0"
To start the dhcp-server ran this:
sudo dhcpd -cf /etc/dhcp/dhcpd.conf -pf /var/run/dhcpd.pid at0 sudo bash /etc/init.d/isc-dhcp-server start
If I connect now to the AP I get an IP-address and everything looks fine. To route the traffic to my internal laptop wlan interface (wlp5s0) i used iptables
:
sudo iptables -A FORWARD --in-interface at0 -j ACCEPT sudo iptables -t nat -A POSTROUTING -out-interface wlp5s0 -j MASQUERADE sudo iptables -t nat -A PREROUTING -j DNAT --to-destination 192.133.1.1 sudo iptables -P FORWARD ACCEPT
After that my nat-table looks like this:
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT udp -- any any anywhere anywhere to:192.133.1.1 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 438 packets, 36016 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 188 packets, 15827 bytes) pkts bytes target prot opt in out source destination 1874 147K MASQUERADE all -- any wlp5s0 anywhere anywhere
My problem is, that I cannot connect to the internet from a client. I think my iptabes-setup is wrong but I have no clue what to do about it. I guess I need a little help here…