airbase-ng

airbase-ng [options]

-a
    Set Access Point BSSID. Randomly generated if not specified.

-i
    Monitor interface used for creating the AP (required).

-w
    Set WEP key for the fake access point. Requires -z or -W.

-h
    Source MAC address for all frames.

-f
    Fake the AP to be on channel AP-channel. Default: 1

-W <0|1>
    Enable WEP Privacy. If set, do not broadcast the WEP key.

-z
    Enables WEP Cloaking. The WEP IV is hidden from sniffing.

-n
    Disables encryption on the Access Point (Open Network).

-c
    Sets the channel for the fake AP. (This is different from -f because it sets the actual channel, not just faking it.)

--essid
    Sets the ESSID (network name) of the fake AP.

-C
    Sets the time interval to change the ESSID (in seconds). 0 disables ESSID randomization. --essid is required

-Y <0|1>
    Enables/Disables responding to probe requests. Default: 1

-X
    Hides the SSID.

-q
    Enables quiet mode (suppresses most output).

-d
    Reads MAC addresses from a file to assign to clients.

-P
    Captures all probes.

-A
    AP mode. All clients get the same IP. Do not use with -D.

-D
    Use DHCP to assign IP addresses to clients. Do not use with -A. Requires setting up a DHCP server (e.g., dnsmasq).

--dhcp-start
    Start IP address for DHCP. Requires -D.

--dhcp-end
    End IP address for DHCP. Requires -D.

--dhcp-lease-time
    DHCP lease time. Defaults to 86400 (24 hours). Requires -D.

--lockdown
    Disables all connections to the real AP. Requires a second wireless card in monitor mode.

--debug
    Sets the debugging level.

airbase-ng is a command-line tool used for creating fake access points for Wi-Fi penetration testing and security auditing.
It's part of the Aircrack-ng suite. Its primary function is to act as a rogue access point, attracting nearby clients to connect to it.
This allows attackers to capture handshakes, perform man-in-the-middle attacks, or collect client information.
The tool supports various authentication and encryption methods, including WEP and WPA/WPA2.
airbase-ng requires a wireless network adapter that supports monitor mode and packet injection.
It is commonly used to test the security of wireless networks and to evaluate the effectiveness of intrusion detection systems.
By creating a believable fake access point, airbase-ng can reveal vulnerabilities in client devices and network configurations.

airbase-ng requires root privileges to operate correctly.
Monitor mode and packet injection must be properly enabled on the wireless interface.
Using airbase-ng for unauthorized network access or malicious activities is illegal and unethical.

To allow clients connected to the fake AP to access the internet, you can set up bridging between the wireless interface used by airbase-ng and a network interface connected to the internet.
This involves configuring network interfaces and routing tables using commands like ifconfig and route.

An alternative to bridging is using Network Address Translation (NAT).
This involves configuring the system to act as a router, translating the private IP addresses of clients connected to the fake AP to the public IP address of the internet-connected interface.
Tools like iptables can be used to configure NAT.

When clients connect to the fake AP, they need to be assigned an IP address and a DNS server.
This can be achieved by setting up a DHCP server (e.g., dnsmasq) on the system running airbase-ng.
The DHCP server will automatically assign IP addresses, gateway, and DNS server information to the connected clients.

airbase-ng is part of the Aircrack-ng suite, which has been under development for many years.
It evolved as a tool for simulating rogue access points in order to test the security posture of wireless networks.
It has been widely adopted by security professionals and penetration testers.

airodump-ng(1), aireplay-ng(1), aircrack-ng(1)