Wireless networks were first introduced in 1991. The wireless networking is an invention that makes it possible to transfer data packets over standard network protocols: the only difference is that it uses radio waves rather than wires or optical fibres
Since this signal is broadcast and may be received by all hosts with in the range of an access point, eaves dropping on wireless transmissions is not only easier to do but also virtually undiscoverable.
Each client has access to every transmission sent across the network in Wi-Fi LANs, including usernames and passwords passed on by other users and the URLs of websites they visit. If an attacker takes over an access point, this subjects data to the threat of both eavesdropping and uncontrolled modification of transmissions.
With the help of MitmAP, which is a python based script, you can easily automate the process of creating an evil access point and can sniff all the data of any protocol like HTTP, HTTPS or FTP etc.
Features of MitmAP Python Script –
- SSLstrip2 (For HTTPS Sniffing)
- Driftnet (For image sniffing)
- Full featured access point, with configurable speed limit
- Wireshark (For packet capturing)
- DNS Spoofing
- Saving results to file
To install MitmAP, please type “git clone https://github.com/xdavidhu/mitmAP” in your command line terminal. This won’t take much time and will automatically create a directory named as “mitmAP” in your same location where you are running above command.
After complete installation, you need to type “sudo python3 mitmAP.py” which starts the script and ask to install all dependencies and for that you need to type “Y” in same console.
In the mean time, you can look out the interface name of your wireless card which we need in next step, so in our case, the wireless interface name is “wlan0” and eth0 is the interface from where we’re getting the internet.
In next step you need to fill out all the details step by step like:
- Please enter the name of your wireless interface (for this AP): wlan0 (type iwconfig for this)
- Please enter the name of your internet connected interface: eth0 (type ifconfig for this)
- Use SSLSTRIP 2.0? Y/n: Y
- Capture unencrypted images with DRIFTNET? Y/n: Y
- Create new HOSTAP config file at ‘/etc/hostapd/hostapd.conf’ Y/n: Y
- Please enter the SSID for the AP: YEAHHUB (choose any name)
- Please enter the channel for the AP: 11 (choose any channel from 1 to 13)
- Enable WPA2 encryption? y/N: N
- Set speed limit for the clients? Y/n: n
- Start WIRESHARK on wlan0? Y/n: Y
- Spoof DNS manually? y/N: N
As you configure all the settings, the process will automatically start and will instantly create a Fake AP named as “YEAHHUB” which we filled in above screenshot and will automatically get the internet access from eth0 interface with the help of bridge utilities.
Now as soon as someone connected to your fake AP, that user/victim will get the internet access normally and when he/she tries to access any website like Facebook/Gmail/Youtube etc, you’ll get the complete records of all the requests.
And in the background, two more windows will automatically be opened, i.e. DRIFTNET (for sniffing images) and WIRESHARK (for sniffing passwords).
As you can see that in below screenshot, we successfully sniffed the password of a FTP session in clear text format.
You can even use URLSNARF (for URL sniffing), MAILSNARF (For Mail sniffing) and DSNIFF (for sniffing of more than 25+ protocols).