airbase-ng
Create a rogue access point for attacks
SYNOPSIS
airbase-ng [options]
PARAMETERS
-a
Set Access Point BSSID. Randomly generated if not specified.
-i
Monitor interface used for creating the AP (required).
-w
Set WEP key for the fake access point. Requires -z or -W.
-h
Source MAC address for all frames.
-f
Fake the AP to be on channel AP-channel. Default: 1
-W <0|1>
Enable WEP Privacy. If set, do not broadcast the WEP key.
-z
Enables WEP Cloaking. The WEP IV is hidden from sniffing.
-n
Disables encryption on the Access Point (Open Network).
-c
Sets the channel for the fake AP. (This is different from -f because it sets the actual channel, not just faking it.)
--essid
Sets the ESSID (network name) of the fake AP.
-C
Sets the time interval to change the ESSID (in seconds). 0 disables ESSID randomization. --essid is required
-Y <0|1>
Enables/Disables responding to probe requests. Default: 1
-X
Hides the SSID.
-q
Enables quiet mode (suppresses most output).
-d
Reads MAC addresses from a file to assign to clients.
-P
Captures all probes.
-A
AP mode. All clients get the same IP. Do not use with -D.
-D
Use DHCP to assign IP addresses to clients. Do not use with -A. Requires setting up a DHCP server (e.g., dnsmasq).
--dhcp-start
Start IP address for DHCP. Requires -D.
--dhcp-end
End IP address for DHCP. Requires -D.
--dhcp-lease-time
DHCP lease time. Defaults to 86400 (24 hours). Requires -D.
--lockdown
Disables all connections to the real AP. Requires a second wireless card in monitor mode.
--debug
Sets the debugging level.
DESCRIPTION
airbase-ng is a command-line tool used for creating fake access points for Wi-Fi penetration testing and security auditing.
It's part of the Aircrack-ng suite. Its primary function is to act as a rogue access point, attracting nearby clients to connect to it.
This allows attackers to capture handshakes, perform man-in-the-middle attacks, or collect client information.
The tool supports various authentication and encryption methods, including WEP and WPA/WPA2.
airbase-ng requires a wireless network adapter that supports monitor mode and packet injection.
It is commonly used to test the security of wireless networks and to evaluate the effectiveness of intrusion detection systems.
By creating a believable fake access point, airbase-ng can reveal vulnerabilities in client devices and network configurations.
CAVEATS
airbase-ng requires root privileges to operate correctly.
Monitor mode and packet injection must be properly enabled on the wireless interface.
Using airbase-ng for unauthorized network access or malicious activities is illegal and unethical.
BRIDGING
To allow clients connected to the fake AP to access the internet, you can set up bridging between the wireless interface used by airbase-ng and a network interface connected to the internet.
This involves configuring network interfaces and routing tables using commands like ifconfig and route.
NAT
An alternative to bridging is using Network Address Translation (NAT).
This involves configuring the system to act as a router, translating the private IP addresses of clients connected to the fake AP to the public IP address of the internet-connected interface.
Tools like iptables can be used to configure NAT.
DNS AND DHCP
When clients connect to the fake AP, they need to be assigned an IP address and a DNS server.
This can be achieved by setting up a DHCP server (e.g., dnsmasq) on the system running airbase-ng.
The DHCP server will automatically assign IP addresses, gateway, and DNS server information to the connected clients.
HISTORY
airbase-ng is part of the Aircrack-ng suite, which has been under development for many years.
It evolved as a tool for simulating rogue access points in order to test the security posture of wireless networks.
It has been widely adopted by security professionals and penetration testers.
SEE ALSO
airodump-ng(1), aireplay-ng(1), aircrack-ng(1)