Amit's Blog

Running WiFi Access point on a Raspberry PI

Amit Nepal -

I needed to spoof a wireless access point with a specific mac address and was looking for a way to temporarily create a "Rogue" access point for testing. It is extremely easy to configure a WiFi Access point with a Raspberry pi that has a Wireless Interface as well as an Ethernet Interface. Below is a shell script that lets you configure such an AP .

Note: The Pi Must have a Wireless interface and an ethernet interface. 

#!/bin/bash



WLAN=wlan0 # Wireless Interface, most of the times it is wlan0
WAN=eth0 # Your Network interface connecting to the internet or the network , mostly eth0
SSID=jack-me # SSID to Serve
GATEWAY=10.42.42.1 # Gateway address 
HWADDR=00:13:37:aa:bb:cc #comment this line if you do not wish to spoof mac address


version_check () {
    echo "(+) Installing Pre-req"
    sudo apt-update 
    sudo apt-get -y install hostapd dnsmasq
	echo "Current System Information"
	echo "=========================="
	git rev-parse --short HEAD
	uname -a
	openssl version
	dnsmasq --version
	hostapd -v
	/usr/bin/env python3 --version
	echo "=========================="
}

create_hostapd_conf()
{
cat << EOF > hostapd.conf
# interface file to control hostapd
ctrl_interface=hostapd_ctrl 	
#SSID 	
ssid=${SSID}		
# Channel for AP 				
channel=1  
# set log level to info to cut down on noise							
logger_stdout_level=4 				
EOF

}

configure_nat(){
	echo "(+) Setting up IP Forwarding"
	sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'	
	sudo iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
	sudo iptables -A FORWARD -i ${WAN} -o ${WLAN} -m state --state RELATED,ESTABLISHED -j ACCEPT 
	sudo iptables -A FORWARD -i ${WLAN} -o ${WAN} -j ACCEPT
}
remove_nat(){
	sudo sh -c 'echo 0 > /proc/sys/net/ipv4/ip_forward'	
	sudo iptables -t nat -D POSTROUTING -o ${WAN} -j MASQUERADE
	sudo iptables -D FORWARD -i ${WAN} -o ${WLAN} -m state --state RELATED,ESTABLISHED -j ACCEPT 
	sudo iptables -D FORWARD -i ${WLAN} -o ${WAN} -j ACCEPT
}

setup () {
	rfkill unblock wifi
	wpa_supplicant_pid=$(pidof wpa_supplicant)
	if [ -n "$wpa_supplicant_pid" ]; then
		echo "(+) Attempting to stop wpa_supplicant"
		sudo kill $wpa_supplicant_pid
	fi

	if test -d /etc/NetworkManager; then
		echo "(+) Stopping NetworkManager..."
		sudo service network-manager stop
	fi

	echo "(+) Configuring AP interface..."
	sudo ip link set $WLAN down
	if [ ! -z $HWADDR ];then 
		echo "(+) Setting up Mac Address : ${HWADDR}"
		sudo ip link set $WLAN address $HWADDR
	fi
	sudo ip addr add $GATEWAY/24 dev $WLAN
	sudo ip link set $WLAN up
	sudo ip route add 10.42.42.0/24 dev $WLAN src $GATEWAY
	sudo ip route add 255.255.255.255 dev $WLAN

	echo "(+) Starting DNSMASQ server for DHCP and DNS"
	sudo dnsmasq \
		--interface=$WLAN \
		--bind-interfaces \
		--listen-address=$GATEWAY \
		--except-interface=lo \
		--dhcp-range=10.42.42.10,10.42.42.40,12h #\
		#--address=/#/$GATEWAY  #this can be used to resolve anything and everything to gateway 

	echo "(+) Starting AP on $WLAN..."
	create_hostapd_conf
	# Read hostapd.conf with interface from stdin for
	# backward compatibility (hostapd < v2.6). See #398
	printf "$(cat hostapd.conf)\ninterface=$WLAN" | sudo hostapd /dev/stdin
}

cleanup () {
	sudo pkill hostapd
	echo "(+) AP closed"

	echo "(+) Stopping DNSMASQ server..."
	sudo pkill dnsmasq
	remove_nat

	if test -d /etc/NetworkManager; then
		echo "(+) Restarting NetworkManager..."
		sudo service network-manager restart
	fi
}

version_check
trap cleanup EXIT
configure_nat
setup