Bookmark and Share

Rogue AP on customized Samsung Galaxy S2

1. Root phone

2. Install custom ROM (I use the famous CYANOGENMOD)

3. Install Kali (though any ol linux distro that can run nginx, dnschef, ssh will do)

4. Setup remote root login allowed on sshd_config

5. Set root password

6. Run firewall rule to route DNS traffic from port 53 to another port (You can't kill the dns server on the phone)

  • iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-port 60000

7. Setup your dnschef sitelist file with any fake sites you want to run

8. Run dnschef

  • dnschef --fakeip -i -p 60000 --file=/home/ashr/dnschefsetup/sitelist

9. Drop your fake sites on the phone whereever you want em

10. Configure nginx to host the sites

  • server {
        listen 80;
        root /var/www/html/blah;
        index index.html index.htm;

11. Make sure to run a default site as well, apart from specific rogue sites, to direct traffic to the rogue sites. I like to make a landing page that looks like AlwaysOn paid wifi access sites. Seems legit and helps your cause.

12. Profit ?