airbase-ng

Create software-based wireless access points for penetration testing

TLDR

Create a fake access point

$ sudo airbase-ng -e "[FakeSSID]" -c [6] [wlan0mon]

Create open AP for capturing handshakes

$ sudo airbase-ng -e "[TargetSSID]" -c [6] -W 1 [wlan0mon]

Create AP with WPA2 encryption

$ sudo airbase-ng -e "[SSID]" -c [6] -z 4 [wlan0mon]

Respond to all probes

$ sudo airbase-ng -e "[SSID]" -P -c [6] [wlan0mon]

SYNOPSIS

airbase-ng [-e essid] [-c channel] [-W wep] [-z wpa] [options] interface

airbase-ng is an aircrack-ng suite tool that creates software access points for penetration testing. It can simulate access points, capture WPA handshakes, perform MITM attacks, and test client security.
The tool creates virtual interfaces (at0) that can be used to route traffic, enabling network analysis of connected clients.

PARAMETERS

-e essid

Access point ESSID (network name)

-c channel

Operating channel

-W 0|1

WEP mode (0: open, 1: shared key)

-z type

WPA encryption (2: TKIP, 4: CCMP)

-a bssid

Set specific BSSID

-P

Respond to all probe requests

-C seconds

Beacon interval

-v

Verbose output

-F prefix

Write captured packets to file

--caffe-latte

Caffe-Latte attack mode

--cfrag

PRGA attack using fragmentation

CAVEATS

For authorized security testing only. Requires interface in monitor mode. Creating fake access points may violate local laws if used without permission. Clients may connect and expose traffic.

HISTORY

airbase-ng is part of the aircrack-ng suite, which evolved from aircrack in the mid-2000s. It was developed to test wireless security by simulating various access point scenarios.