Monday, March 9, 2015

Manually setup Wifi AP with a captive portal on kali linux

As per the topic, this is a post to show how to create a (i) Wifi AP, (ii) redirect users to a captive portal, and (iii) how to allow user to use the internet after they accept the terms and condition on the captive portal.

This is the environment we will be using:
Local interface which is connected to the internet.

1)
interface configuration are located here /etc/network/interfaces
eth0
IP : 192.168.17.28
Mask: 255.255.255.0
GW : 192.168.17.2

Wireless Network
wlan0
IP : 192.168.0.1
Mask: 255.255.255.0
GW : 192.168.0.0

Assuming you already have eth0 setup properly, turn on wireless network interface
 ifconfig wlan0 192.168.0.1


2)
Configure DHCPD /etc/dhcp/dhcpd.conf
      default-lease-time 300;  
      max-lease-time 360;  
      ddns-update-style none;  
      authoritative;  
      log-facility local7;  
      subnet 192.168.0.0 netmask 255.255.255.0 {  
      range 192.168.0.100 192.168.0.200;  
      option routers 192.168.0.1;  
      option domain-name-servers 192.168.17.2;  
      }


3)
Enable IP forwarding
 echo "1" > /proc/sys/net/ipv4/ip_forward


4)
Flush your iptables rules so that we are on the same settings
 iptables -t nat -F


5)
Configure Iptables to enable traffic masquerading
 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


6)
Configure all Wifi traffic from wlan0 to be redirected to the webserver
 iptables -t nat -A PREROUTING -i wlan0 -p tcp -j DNAT --to-destination 192.168.17.128:80


7)
Configure your hotspot configuration. HOSTAPD is a utility for creating a AP.
create your configuration file /etc/hostapd/hostapd.conf
# Define interface  
interface=wlan0
driver=nl80211
# Select driver  
ssid=myhotspot
# Set access point name  
hw_mode=g
# Set access point harware mode to 802.11g  
# Enable WPA2 only (1 for WPA, 2 for WPA2, 3 for WPA + WPA2)  
# Set WIFI channel (can be easily changed)  
channel=6
#wpa=2
#wpa_passphrase=mypassword


8)
Time to start DHCPD and hostapd. once started use another device to see if there is a myhotspot.  Everytime you try to surf the internet, you will be redirected to your localhost webserver. Whatever your are serving is called the captive portal.
 dhcpd  
 hostapd /etc/hostapd/hostapd.conf  
 /etc/init.d/apache2 start


9)
So how do you enable internet for users? One possible way is to use your captive portal to create Iptable rule which enable a particular device (mac address). For example if your device is 11:22:33:11:22:33
 iptables -t nat -I PREROUTING -m mac --mac-source 11:22:33:11:22:33 -j ACCEPT

Still unclear on step 9? Try looking at pwnstar package.

Having trouble routing ur wifi to ur internet interface ?
https://prahladyeri.wordpress.com/2013/05/26/how-to-turn-your-linux-machine-into-a-wifi-access-point/

Posted by at
Labels: , , ,

1 comment:

Subscribe to: Post Comments (Atom)