Skip to content
This repository has been archived by the owner on Apr 25, 2019. It is now read-only.

Commit

Permalink
[Hostapd-wpe] Add initial configuration edit
Browse files Browse the repository at this point in the history 
#128
Signed-off-by: binkybear <[email protected]>
  • Loading branch information
@binkybear
binkybear committed Apr 7, 2016
1 parent 04692bd commit 742105c
Show file tree
Hide file tree
Showing 4 changed files with 247 additions and 252 deletions.
247 changes: 7 additions & 240 deletions assets/nh_files/configs/hostapd-wpe.conf
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,14 @@
#
# hostapd-wpe.conf
# Brad Antoniewicz (@brad_anton) - Foundstone
# ------------------------------------------------
#
# Configuration file for hostapd-wpe
#
# General Options - Likely to need to be changed if you're using this

# Interface - Probably wlan0 for 802.11, eth0 for wired
interface=wlan1

# Driver - comment this out if 802.11
#driver=wired
ssid=Free_Internet
hw_mode=g
channel=1
bssid=00:11:22:33:44:00
driver=nl80211

# May have to change these depending on build location
eap_user_file=/usr/share/hostapd-wpe/hostapd-wpe.eap_user
Expand All @@ -21,10 +18,6 @@ private_key=/usr/share/hostapd-wpe/certs/server.pem
private_key_passwd=whatever
dh_file=/usr/share/hostapd-wpe/certs/dh

# 802.11 Options - Uncomment all if 802.11
ssid=Free_Internet
hw_mode=g
channel=1

# WPE Options - Dont need to change these to make it all work
#
Expand Down Expand Up @@ -56,171 +49,15 @@ wpa_pairwise=TKIP CCMP
# default options are set, variables set above are commented out
###############################################################################


##### hostapd configuration file ##############################################
# Empty lines and lines starting with # are ignored

# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
# management frames); ath0 for madwifi
#interface=wlan0

# In case of madwifi, atheros, and nl80211 driver interfaces, an additional
# configuration parameter, bridge, may be used to notify hostapd if the
# interface is included in a bridge. This parameter is not used with Host AP
# driver. If the bridge parameter is not set, the drivers will automatically
# figure out the bridge interface (assuming sysfs is enabled and mounted to
# /sys) and this parameter may not be needed.
#
# For nl80211, this parameter can be used to request the AP interface to be
# added to the bridge automatically (brctl may refuse to do this before hostapd
# has been started to change the interface mode). If needed, the bridge
# interface is also created.
#bridge=br0

# Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd);
# default: hostap). nl80211 is used with all Linux mac80211 drivers.
# Use driver=none if building hostapd as a standalone RADIUS server that does
# not control any wireless/wired driver.
driver=nl80211

# hostapd event logger configuration
#
# Two output method: syslog and stdout (only usable if not forking to
# background).
#
# Module bitfield (ORed bitfield of modules that will be logged; -1 = all
# modules):
# bit 0 (1) = IEEE 802.11
# bit 1 (2) = IEEE 802.1X
# bit 2 (4) = RADIUS
# bit 3 (8) = WPA
# bit 4 (16) = driver interface
# bit 5 (32) = IAPP
# bit 6 (64) = MLME
#
# Levels (minimum value for logged events):
# 0 = verbose debugging
# 1 = debugging
# 2 = informational messages
# 3 = notification
# 4 = warning
#
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2

# Interface for separate control program. If this is specified, hostapd
# will create this directory and a UNIX domain socket for listening to requests
# from external programs (CLI/GUI, etc.) for status information and
# configuration. The socket file will be named based on the interface name, so
# multiple hostapd processes/interfaces can be run at the same time if more
# than one interface is used.
# /var/run/hostapd is the recommended directory for sockets and by default,
# hostapd_cli will use it when trying to connect with hostapd.
ctrl_interface=/var/run/hostapd

# Access control for the control interface can be configured by setting the
# directory to allow only members of a group to use sockets. This way, it is
# possible to run hostapd as root (since it needs to change network
# configuration and open raw sockets) and still allow GUI/CLI components to be
# run as non-root users. However, since the control interface can be used to
# change the network configuration, this access needs to be protected in many
# cases. By default, hostapd is configured to use gid 0 (root). If you
# want to allow non-root users to use the contron interface, add a new group
# and change this value to match with that group. Add users that should have
# control interface access to this group.
#
# This variable can be a group name or gid.
#ctrl_interface_group=wheel
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0


##### IEEE 802.11 related configuration #######################################

# SSID to be used in IEEE 802.11 management frames
#ssid=Free_Internet
# Alternative formats for configuring SSID
# (double quoted string, hexdump, printf-escaped string)
#ssid2="test"
#ssid2=74657374
#ssid2=P"hello\nthere"

# UTF-8 SSID: Whether the SSID is to be interpreted using UTF-8 encoding
#utf8_ssid=1

# Country code (ISO/IEC 3166-1). Used to set regulatory domain.
# Set as needed to indicate country in which device is operating.
# This can limit available channels and transmit power.
#country_code=US

# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
# channels and transmit power levels based on the regulatory limits. The
# country_code setting must be configured with the correct country for
# IEEE 802.11d functions.
# (default: 0 = disabled)
#ieee80211d=1

# Enable IEEE 802.11h. This enables radar detection and DFS support if
# available. DFS support is required on outdoor 5 GHz channels in most countries
# of the world. This can be used only with ieee80211d=1.
# (default: 0 = disabled)
#ieee80211h=1

# Add Power Constraint element to Beacon and Probe Response frames
# This config option adds Power Constraint element when applicable and Country
# element is added. Power Constraint element is required by Transmit Power
# Control. This can be used only with ieee80211d=1.
# Valid values are 0..255.
#local_pwr_constraint=3

# Set Spectrum Management subfield in the Capability Information field.
# This config option forces the Spectrum Management bit to be set. When this
# option is not set, the value of the Spectrum Management bit depends on whether
# DFS or TPC is required by regulatory authorities. This can be used only with
# ieee80211d=1 and local_pwr_constraint configured.
#spectrum_mgmt_required=1

# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
# ad = IEEE 802.11ad (60 GHz); a/g options are used with IEEE 802.11n, too, to
# specify band)
# Default: IEEE 802.11b
#hw_mode=g

# Channel number (IEEE 802.11)
# (default: 0, i.e., not set)
# Please note that some drivers do not use this value from hostapd and the
# channel will need to be configured separately with iwconfig.
#
# If CONFIG_ACS build option is enabled, the channel can be selected
# automatically at run time by setting channel=acs_survey or channel=0, both of
# which will enable the ACS survey based algorithm.
#channel=1

# ACS tuning - Automatic Channel Selection
# See: http://wireless.kernel.org/en/users/Documentation/acs
#
# You can customize the ACS survey algorithm with following variables:
#
# acs_num_scans requirement is 1..100 - number of scans to be performed that
# are used to trigger survey data gathering of an underlying device driver.
# Scans are passive and typically take a little over 100ms (depending on the
# driver) on each available channel for given hw_mode. Increasing this value
# means sacrificing startup time and gathering more data wrt channel
# interference that may help choosing a better channel. This can also help fine
# tune the ACS scan time in case a driver has different scan dwell times.
#
# Defaults:
#acs_num_scans=5

# Channel list restriction. This option allows hostapd to select one of the
# provided channels when a channel should be automatically selected. This
# is currently only used for DFS when the current channels becomes unavailable
# due to radar interference, and is currently only useful when ieee80211h=1 is
# set.
# Default: not set (allow any enabled channel to be selected)
#chanlist=100 104 108 112 116

# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535)
beacon_int=100

Expand All @@ -246,37 +83,6 @@ rts_threshold=2347
# it.
fragm_threshold=2346

# Rate configuration
# Default is to enable all rates supported by the hardware. This configuration
# item allows this list be filtered so that only the listed rates will be left
# in the list. If the list is empty, all rates are used. This list can have
# entries that are not in the list of rates the hardware supports (such entries
# are ignored). The entries in this list are in 100 kbps, i.e., 11 Mbps = 110.
# If this item is present, at least one rate have to be matching with the rates
# hardware supports.
# default: use the most common supported rate setting for the selected
# hw_mode (i.e., this line can be removed from configuration file in most
# cases)
#supported_rates=10 20 55 110 60 90 120 180 240 360 480 540

# Basic rate set configuration
# List of rates (in 100 kbps) that are included in the basic rate set.
# If this item is not included, usually reasonable default set is used.
#basic_rates=10 20
#basic_rates=10 20 55 110
#basic_rates=60 120 240

# Short Preamble
# This parameter can be used to enable optional use of short preamble for
# frames sent at 2 Mbps, 5.5 Mbps, and 11 Mbps to improve network performance.
# This applies only to IEEE 802.11b-compatible networks and this should only be
# enabled if the local hardware supports use of short preamble. If any of the
# associated STAs do not support short preamble, use of short preamble will be
# disabled (and enabled when such STAs disassociate) dynamically.
# 0 = do not allow use of short preamble (default)
# 1 = allow use of short preamble
#preamble=1

# Station MAC address -based authentication
# Please note that this kind of access control requires a driver that uses
# hostapd to take care of management frame processing and as such, this can be
Expand Down Expand Up @@ -1766,43 +1572,4 @@ own_ip_addr=127.0.0.1
#ignore_reassoc_probability=0.0
#
# Corrupt Key MIC in GTK rekey EAPOL-Key frames with the given probability
#corrupt_gtk_rekey_mic_probability=0.0

##### Multiple BSSID support ##################################################
#
# Above configuration is using the default interface (wlan#, or multi-SSID VLAN
# interfaces). Other BSSIDs can be added by using separator 'bss' with
# default interface name to be allocated for the data packets of the new BSS.
#
# hostapd will generate BSSID mask based on the BSSIDs that are
# configured. hostapd will verify that dev_addr & MASK == dev_addr. If this is
# not the case, the MAC address of the radio must be changed before starting
# hostapd (ifconfig wlan0 hw ether <MAC addr>). If a BSSID is configured for
# every secondary BSS, this limitation is not applied at hostapd and other
# masks may be used if the driver supports them (e.g., swap the locally
# administered bit)
#
# BSSIDs are assigned in order to each BSS, unless an explicit BSSID is
# specified using the 'bssid' parameter.
# If an explicit BSSID is specified, it must be chosen such that it:
# - results in a valid MASK that covers it and the dev_addr
# - is not the same as the MAC address of the radio
# - is not the same as any other explicitly specified BSSID
#
# Not all drivers support multiple BSSes. The exact mechanism for determining
# the driver capabilities is driver specific. With the current (i.e., a recent
# kernel) drivers using nl80211, this information can be checked with "iw list"
# (search for "valid interface combinations").
#
# Please note that hostapd uses some of the values configured for the first BSS
# as the defaults for the following BSSes. However, it is recommended that all
# BSSes include explicit configuration of all relevant configuration items.
#
#bss=wlan0_0
#ssid=test2
# most of the above items can be used here (apart from radio interface specific
# items, like channel)

#bss=wlan0_1
bssid=00:11:22:33:44:00
# ...
#corrupt_gtk_rekey_mic_probability=0.0
86 changes: 86 additions & 0 deletions res/layout/mana_hostapd_wpe.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
<ScrollView xmlns:android="http://schemas.android.com/apk/res/android"
android:layout_width="fill_parent"
android:layout_height="wrap_content">

<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:paddingLeft="16dp"
android:paddingRight="16dp"
android:orientation="vertical">

<TextView
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:text="@string/mana_hostapd_wpe"
android:layout_gravity="center_horizontal|center"
android:gravity="center"
android:padding="4dp" />

<TextView
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:text="@string/iface"
android:padding="4dp" />

<EditText
android:id="@+id/wpe_ifc"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:ems="10"/>

<TextView
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:text="@string/bssid"
android:padding="4dp" />

<EditText
android:id="@+id/wpe_bssid"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:ems="10"/>

<TextView
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:text="@string/ssid"
android:padding="4dp" />

<EditText
android:id="@+id/wpe_ssid"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:ems="10"/>

<TextView
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:text="@string/chanel"
android:padding="4dp" />

<EditText
android:id="@+id/wpe_channel"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:ems="10"/>

<TextView
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:text="@string/hostapd_private_key"
android:padding="4dp" />

<EditText
android:id="@+id/wpe_private_key"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:ems="10"/>

<Button
android:id="@+id/wpe_updateButton"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="@string/update" />
</LinearLayout>
</ScrollView>
2 changes: 2 additions & 0 deletions res/values/strings.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
<string name="mana_headline">Evil Access Point</string>
<string name="mana_description">This is the configuration page for MANA, an evil access point implementation by Sensepost. The various MITM logs get written to the /var/lib/mana-toolkit directory in the Kali chroot..</string>
<string name="mana_hostapd">The hostapd configuration file used by Mana.</string>
<string name="mana_hostapd_wpe">The hostapd configuration file used for 802.1x/EAP authentication attack (hostapd-wpe) This is not used with MANA.</string>
<string name="mana_dhcpd">The dhcpd configuration file used by Mana.</string>
<string name="mana_dnsspoof">The dnsspoof configuration file used by Mana.</string>
<string name="mana_nat_full">The Mana script that does full NAT &amp; SSL interception.</string>
Expand All @@ -48,6 +49,7 @@
<string name="hostapd_label">Hostapd Service</string>
<string name="hostapd_headline">Hostapd Config</string>
<string name="hostapd_description">hostapd is a user space daemon for wireless access point and authentication servers. You can use hostapd to easily create a wireless access point using these configuration options:</string>
<string name="hostapd_private_key">Private Key Password</string>

<string name="duckhunter_label">HID Ducky Script Attacks</string>
<string name="select_language">Language</string>
Expand Down
Loading

0 comments on commit 742105c

Please sign in to comment.