make your own ap

1. #!/bin/bash
2. #y0-
3.  
4. # dependencies
5. # sudo apt-get install dnsmasq hostapd dhcp3-server
6.  
7. version=0.1
8. show_help(){
9.         echo "A rogue AP setup utility v$version inspired from Airsnarf Shmoo. "
10.     echo "Copyright (c) 2011 USIM Student Batch 2007-2011. All rights reserved"
11.     echo
12.         echo "Usage:    $0  [options]"
13.         echo "Options:"
14.         echo "-s    : show config"
15.         echo "-r    : run this config"
16.         echo "-h    : show this help message and exit"
17. }
18. show_config(){
19. head -n 68 $0
20. }
21.  
22. while [[ $# != 0 ]]; do
23.     arg_name=$1; shift
24.     case "$arg_name" in
25.       -h) show_help; exit 0;;
26.       -s) show_config; exit 0;;
27.       -r) t=$arg_name;break;;
28.       *) echo "invalid option: $1"; show_help;exit 1;;
29.     esac
30. done
31. [ "$t" != "-r" ] && { show_help; exit 1; }
32.  
33.  
34. ################################################
35. # Here are some variables you may want to edit
36. ################################################
37. BMODE="non-bridge" #
38. MODE="simple" #
39.  
40. INET_IFACE="ppp0" #ppp0 #tun0 kalau lalu openvpn
41. HOSTAP_WIFI_IFACE="wlan0" # Tested on ath5k/ath9k/rt73usb based cards
42. # broadcom card majority tak support
43. BRIDGE_IFACE="br0"
44. CHAN="7" # channel wifi, berbeza ikut card
45. SSID="mysabily.blogspot.com" # Boleh tukar SSID kepada nama lain
46.  
47. INET_GW="113.211.116.196" #10.8.0.6 # Set external IP di sini check guna whatismyipaddress.com
48. LAN_IP="192.168.2.1"
49. NETMASK="255.255.255.0"
50. NETWORK="192.168.2.0/24"
51. BROADCAST_IP="192.168.2.255"
52. SUBNET="192.168.2.0"
53. RANGE_IP="192.168.2.3 192.168.2.254"
54. DHCP_MIN="192.168.2.3"
55. DHCP_MAX="192.168.2.254"
56. DOMAIN="usim.edu.my"
57. OPTION_NETBIOS_NAME_SERVERS="192.168.2.252"
58. ACL_LOCALNET_SRC="192.168.0.0/16"
59. #OPDNS="208.67.222.220, 208.67.222.222, 4.2.2.1, 4.2.2.2, 208.67.216.132, 208.67.216.132"
60. #OPDNS="8.8.8.8,8.8.4.4"
61. OPDNS="58.71.136.10,58.71.132.10" # Set DNS di sini, boleh tukar ikut contoh di atas.
62. DNS="$INET_GW, $OPDNS" ##DNSpppX = "YOUR ISP DNS SERVER, $OPDNS"
63. #DNS="$OPDNS"
64.  
65. #payload="" # payload can be : sbd/vnc/wkv/other (what to upload to the user). vnc=remote desktop, sbd=shell, wkv=View WiFi keys. (/path/to/file), only used if payload is "other"
66. #backdoorPath="/tmp/backdoor.exe"
67. #port=$(shuf -i 2000-65000 -n 1)
68.  
69.  
70.  
71.  
72.  
73.  
74.  
75.  
76.  
77.  
78. echo "----------------------------------------------------------------------"
79. echo "A rogue AP setup utility v$version inspired from Airsnarf Shmoo. "
80. echo "Copyright (c) 2011 USIM Student Batch 2007-2011. All rights reserved"
81. echo "----------------------------------------------------------------------"
82.  
83. echo  "[*] Testing internet connection...";
84. command=$(ping -I $INET_IFACE -c 1 google.com |grep "64 bytes from" |cut -d' ' -f 4);
85. if [ -z $command ] ; then echo "[!] Internet access failed. "; exit 1 ; else echo "[-] Got internet access..." ; fi;
86.  
87. mkdir -p "$(pwd)/tmp/"
88. HOME_DIR="$(pwd)/tmp"
89.  
90. # Create the hostapd.conf
91. mkdir -p /tmp/hostapd > /dev/null 2>&1
92. rm /tmp/hostapd/hostapd.conf > /dev/null 2>&1
93. rm /tmp/hostapd/hostapd.pid > /dev/null 2>&1
94.  
95. cat > /tmp/hostapd/hostapd.conf << EOF
96. driver=nl80211
97. logger_syslog=-1
98. logger_syslog_level=2
99. logger_stdout=-1
100. logger_stdout_level=1
101. ssid=$SSID
102. hw_mode=g
103. channel=$CHAN
104. beacon_int=100
105. dtim_period=2
106. max_num_sta=255
107. rts_threshold=2347
108. fragm_threshold=2346
109. macaddr_acl=0
110. auth_algs=3
111. ignore_broadcast_ssid=0
112. #wmm_enabled=1
113. eapol_key_index_workaround=0
114. eap_server=0
115. own_ip_addr=127.0.0.1
116. # WPA settings. We'll use stronger WPA2
117. # bit0 = WPA
118. # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
119. wpa=2
120.  
121. # Preshared key of between 8-63 ASCII characters.
122. # If you define the key in here, make sure that the file is not readable
123. # by anyone but root. Alternatively you can use a separate file for the
124. # key; see original hostapd.conf for more information.
125. # Set WPA key di sini
126. wpa_passphrase=passwordaku
127.  
128. # Key management algorithm. In this case, a simple pre-shared key (PSK)
129. wpa_key_mgmt=WPA-PSK
130.  
131. # The cipher suite to use. We want to use stronger CCMP cipher.
132. wpa_pairwise=CCMP
133.  
134. # Change the broadcasted/multicasted keys after this many seconds.
135. wpa_group_rekey=600
136.  
137. # Change the master key after this many seconds. Master key is used as a basis
138. # (source) for the encryption keys.
139. wpa_gmk_rekey=86400
140.  
141. EOF
142.  
143. echo "interface=$HOSTAP_WIFI_IFACE" >> /tmp/hostapd/hostapd.conf
144.  
145. echo "INTERFACES=\"\"" > /etc/default/dhcp3-server
146.  
147. if [ "$BMODE" == "non-bridge" ]; then
148. ifconfig $HOSTAP_WIFI_IFACE down && sleep 2
149. ifconfig $HOSTAP_WIFI_IFACE up && sleep 2
150. ifconfig $HOSTAP_WIFI_IFACE $LAN_IP netmask $NETMASK
151. route add -net $SUBNET netmask $NETMASK gw $LAN_IP
152.  
153. echo -e "[*] Starting DHCP Server.. "
154.  
155. # Create custom dhcpd.conf
156. path="$HOME_DIR/dhcpd.conf"
157. if [ -e "$path" ] ; then rm "$path"; fi
158. echo -e "#
159. ddns-update-style none;
160. ignore client-updates; # Ignore all client requests for DDNS update
161. authoritative;
162. default-lease-time 86400; # 24 hours
163. max-lease-time 172800;    # 48 hours
164. log-facility local7;\n
165. subnet $SUBNET netmask $NETMASK {
166. range $RANGE_IP;
167. option routers $LAN_IP;
168. option subnet-mask $NETMASK;
169. option broadcast-address  $BROADCAST_IP;
170. option domain-name \"$DOMAIN\"; " >> $path
171.  
172. echo " option domain-name-servers $DNS;" >> $path
173. #echo " option domain-name-servers $LAN_IP;" >> $path #non tranparant
174.  
175. echo -e " option netbios-name-servers $OPTION_NETBIOS_NAME_SERVERS;\n}" >> $path
176.  
177. cp $HOME_DIR/dhcpd.conf /etc/dhcp3/dhcpd.conf
178. rm /var/run/dhcpd.pid
179. ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid
180. dhcpd3 -cf /etc/dhcp3/dhcpd.conf $HOSTAP_WIFI_IFACE -pf /var/run/dhcpd.pid
181.  
182. echo -e "[*] Starting DNS forwarder... "
183.  
184. path="$HOME_DIR/dnsmasq.conf"
185. if [ -e "$path" ] ; then rm "$path" ; fi
186. echo -e "#
187. interface=$LAN_IFACE
188. domain=$DOMAIN
189. #dhcp-range=$DHCP_MIN,$DHCP_MAX,24h
190. #dhcp-authoritative
191. #dhcp-option=3,$LAN_IP # Gateway" >> $path
192. #echo -e "dhcp-option=6,$LAN_IP # DNS" >> $path #non tranparant
193. echo -e "dhcp-option=6,$DNS # DNS" >> $path ; fi
194. echo -e "log-queries
195. #log-dhcp
196. log-facility="$HOME_DIR/dnsmasq.log"" >> $path
197.  
198. # Solve our DNS Forwarder
199. dnsmasq -C $HOME_DIR/dnsmasq.conf&
200.  
201. ##########################################################################
202. # Simple WLAN setup (clients can access Internet)
203. if [ $MODE = "simple" ];then echo -e "[*] Starting simple WLAN setup...."
204. iptables --flush
205. iptables --table nat --flush
206. iptables --delete-chain
207. iptables --table nat --delete-chain
208.  
209. iptables -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
210. iptables -A FORWARD -i $HOSTAP_WIFI_IFACE -j ACCEPT
211. iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to $INET_GW
212.  
213. echo 1 > /proc/sys/net/ipv4/ip_forward
214. sleep 1
215.  
216. /etc/init.d/dhcp3-server restart > /dev/null 2>&1
217. sleep 1
218.  
219. echo "Starting AP..."
220. hostapd -dd -P /tmp/hostapd/hostapd.pid /tmp/hostapd/hostapd.conf
221.  
222.