Installing AirPWN on Ubuntu Linux
What is AirPWN?
AirPWN? is a tool that first debuted at DefCon 12.
AirPWN? acts as a man in the middle tool for wireless networks. It takes advantage of the time that a website takes to respond to normal page requests. In that lag time, it can inject its own content onto the wireless channel of an access point. For instance, you may request a page from wikipedia.org that takes, round-trip, approximately 125 ms. If someone near you is running the airpwn tool, it will see your request and immediately respond with its own web page and/or content because it is much closer and takes much less time to respond. When your computer receives the data, it will think the original request was answered and display the page. When the real web page is presented, it will either ignore the page, or display some of the content. AirPWN? can be configured to carefully craft responses so that your browser will ignore the real web content as it would with html comments.
In this article, I will walk you through installing AirPWN? on Ubuntu Linux Desktop and Servers.
Note: This article assumes that you have the tools installed and you have a supported wireless card! If not, you're on your own trying to figure out how to put your card into monitor mode.
Read on for more info.
1) Download AirPWN?
# wget http://superb-west.dl.sourceforge.net/sourceforge/airpwn/airpwn-1.4.tgz
2) Extract the AirPWN package
# tar zxvf airpwn-1.4.tgz
3) Change to the AirPWN directory
# cd airpwn-1.4
4) Extract Lorcon Package
# tar zxvf lorcon-current.tgz
5) Change to the Lorcon directory
# cd lorcon-current
6) Edit your wireless.h header file before compiling Lorcon
# sudo nano /usr/include/linux/wireless.h
Add: #include < linux/if.h > (REMOVE THE SPACES BETWEEN THE BRACKETS! MY WEBSERVER WONT DISPLAY IT IF I POST IT WITHOUT THE SPACES, PLEASE REMOVE THEM)
Above:
#ifndef _LINUX_WIRELESS_H
#define _LINUX_WIRELESS_H
7) Configure Lorcon
# sudo ./configure
8) Install Lorcon
# sudo make && sudo make install
9) Change back to the AirPWN directory
# cd ..
10) Install AirPWN dependencies
# sudo apt-get install libnet1-dev libpcap-dev python2.4-dev libpcre3-dev libssl-dev
11) Configure AirPWN
# sudo ./configure
12) Install AirPWN
# sudo make && sudo make install
13) Start your wireless card in monitor mode with airmon-ng (Note: replace "wlan0" with whatever wireless interface you are using!)
# sudo airmon-ng start wlan0
14) Start AirPWN with default greet injection conf
# sudo airpwn -c conf/greet_html -d madwifing -i mon0 -v
15) AirPWN!
Fire up a browser on another computer and you should see a blinking "I'm in your wirelezz!" message on any page that's loaded.
Teh haps'
Thu, 02/02/2012 - 19:52
Tim tweeted "@ThatKevinSmith Happy groundhog day! What's your 60 second review of the movie "Groundhogs Day"? #LIVEfrombehind" 7:52pm#- Tim tweeted "Jay and Silent Bob get old! (@ Edwards Renaissance Stadium 14 for Kevin Smith: Live from Behind w/ 2 others) [pic]: http://t.co/0k3NsmV5" 7:37pm#
Mon, 01/30/2012 - 20:15
- Tim tweeted "I had the pleasure of driving a giant circle around LA during rush hour with uber sore legs." 8:15pm#
- Tim tweeted "Goggle tan FTW! :D" 11:16am#
Sat, 01/28/2012 - 12:38
- Tim tweeted "I'm at Mammoth Mountain Ski Resort (1 Minaret Rd, Mammoth Lakes) w/ 5 others http://t.co/SKvBroDM" 12:38pm#
Fri, 01/27/2012 - 21:46
- Tim tweeted "Mammoth bound!" 9:46pm#
- Tim tweeted "I think I like burritos more than pizza now O_o (@ Baja Fresh) http://t.co/FtMOoGu8" 1:17pm#
Thu, 01/26/2012 - 19:23
- Tim tweeted "Just saw a "Veggie TDI" emblem on the back of a Jetta :D I wonder if they had to take out the turbo for the conversion." 7:23pm#
- Tim tweeted "I just became the mayor of Candolyns Salon on @foursquare! http://t.co/El0GAvDM" 7:21pm#
- Tim tweeted "I love meetings where I come out with a bonus :D" 11:29am#
I, as far as I know got to the final steps of the installation process and when I do the make install command I get an error. I have tried multiple combinations to no avail.
root@bt:~/airpwn-1.4# make && make install
make: *** No targets specified and no makefile found. Stop.
root@bt:~/airpwn-1.4# dir
802_11.h Makefile.in conf.c freq2channel.txt madwifiold_prep.sh
AUTHORS NEWS conf.h install-sh missing
COPYING README config.h.in keygen.c pyscripts
ChangeLog aclocal.m4 configure lorcon wep.c
INSTALL airpwn.1 configure.ac lorcon-current.tgz wep.h
LICENSE airpwn.c content mac80211_prep.sh
Makefile.am conf depcomp madwifing_prep.sh
root@bt:~/airpwn-1.4# make &&make install-sh
make: *** No targets specified and no makefile found. Stop.
root@bt:~/airpwn-1.4# make && make install
make: *** No targets specified and no makefile found. Stop.
root@bt:~/airpwn-1.4# sudo make && make INSTALL
make: *** No targets specified and no makefile found. Stop.
root@bt:~/airpwn-1.4# make install
make: *** No rule to make target `install'. Stop.
root@bt:~/airpwn-1.4# make INSTALL
make: Nothing to be done for `INSTALL'.
root@bt:~/airpwn-1.4# dir
802_11.h Makefile.in conf.c freq2channel.txt madwifiold_prep.sh
AUTHORS NEWS conf.h install-sh missing
COPYING README config.h.in keygen.c pyscripts
ChangeLog aclocal.m4 configure lorcon wep.c
INSTALL airpwn.1 configure.ac lorcon-current.tgz wep.h
LICENSE airpwn.c content mac80211_prep.sh
Makefile.am conf depcomp madwifing_prep.sh
root@bt:~/airpwn-1.4# ./install
- reply
Submitted by Anonymous on Wed, 04/13/2011 - 12:59.I just noticed a typo in step 11. Configure is spelled wrong. After you correct that, it should have a make file for you to install for step 12.
Sorry about that! I'll correct it right now.
- reply
Submitted by Tim Ashley on Wed, 04/13/2011 - 13:12.hi, first thx for the howto
i am using the bt4 final, so not quite ubuntu but i wanted to give it a try.
after step 7 i got this:
~/airpwn-1.4/lorcon# ./configure
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognize dependent libraries... pass_all
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking how to run the C++ preprocessor... g++ -E
checking for g77... no
checking for xlf... no
checking for f77... no
checking for frt... no
checking for pgf77... no
checking for cf77... no
checking for fort77... no
checking for fl32... no
checking for af77... no
checking for xlf90... no
checking for f90... no
checking for pgf90... no
checking for pghpf... no
checking for epcf90... no
checking for gfortran... no
checking for g95... no
checking for xlf95... no
checking for f95... no
checking for fort... no
checking for ifort... no
checking for ifc... no
checking for efc... no
checking for pgf95... no
checking for lf95... no
checking for ftn... no
checking whether we are using the GNU Fortran 77 compiler... no
checking whether accepts -g... no
checking the maximum length of command line arguments... 1572864
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking for correct ltmain.sh version... yes
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC
checking if gcc PIC flag -fPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
configure: creating libtool
appending configuration tag "CXX" to libtool
checking for ld used by g++... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking whether the g++ linker (/usr/bin/ld) supports shared libraries... yes
checking for g++ option to produce PIC... -fPIC
checking if g++ PIC flag -fPIC works... yes
checking if g++ static flag -static works... yes
checking if g++ supports -c -o file.o... yes
checking whether the g++ linker (/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... GNU/Linux ld.so
(cached) (cached) checking how to hardcode library paths into programs... immediate
appending configuration tag "F77" to libtool
checking for platform-specific compiler flags... none needed
checking whether byte ordering is bigendian... no
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking net/if_arp.h usability... yes
checking net/if_arp.h presence... yes
checking for net/if_arp.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking that linux/wireless.h is what we expect... no
configure: error: *** Missing working Linux wireless kernel extensions ***
i guess i should install another something i don't know yet about?
- reply
Submitted by Anonymous on Thu, 02/04/2010 - 12:54.First off, this tutorial was aimed at Ubuntu. Yes, i understand that BT4 is Debian as well, but i'm unsure what they do/don't include for compiling.
Second, it looks like you didnt edit your wireless.h file correctly. Please review the previous step (#6) and ensure you added was is needed.
** EDIT ** Ahh i forgot that this article blanked out the #include that is needed in the wireless.h header. Remove the spaces between the brackets and it will work fine. Sorry i forgot! I also noted it in the article for other users.
- reply
Submitted by Tim Ashley on Thu, 02/04/2010 - 13:59.This was my first step solving the problem, but it makes no difference.
Thx for trying!
- reply
Submitted by Anonymous on Fri, 02/05/2010 - 01:46.Tim, great tutorial. One correction, step 6 should read:
#include
- reply
Submitted by Anonymous on Sun, 07/19/2009 - 06:53.It does say #inlcude
- reply
Submitted by Tim Ashley on Sun, 07/19/2009 - 12:17.what is it your supposed to include in wireless.h? When i configure lorcon it gives me
GNU Make 3.81
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
This program built for i486-pc-linux-gnu
Reading makefiles...
Updating goal targets ....
File 'all' does not exist.
File 'liborcon.la' does not exist
File 'ifcontrol_linux.lo' does not exist.
Must remake target 'ifcontrol_linux.lo'.
/bin/sh ./libtool --made=compile gcc -I./ -DHAVE_CONFIG_H -g -02 -DTX80211_VERSION=20081101 -c ifcontrol_linux.c -o ifcontrol_linux.lo
mkdir .libs
gcc -I./ -DHAVE_CONFIG_H -g -02 -DTX80211_VERSION=20081101 -c ifcontrol_linux.c -fPIC -DPIC -o .libs/ifcontrol_linux.o
In file included from ifcontrol_linux.h:52,
from ifcontrol_linux.c:31:
/usr/include/linux/wireless.h:9:9: error: #include expects "FILENAME" or
make: *** [ifcontrol_linux.lo] Error 1
if I do not put in include I get something like this
checking linux/if_arp.h presence... yes
configure: WARNING: linux/if_arp.h: present but cannot be compiled
configure: WARNING: linux/if_arp.h: check for missing prerequisite headers?
configure: WARNING: linux/if_arp.h: see the Autoconf documentation
configure: WARNING: linux/if_arp.h: section "Present But Cannot be Compiled"
configure: WARNING: linux/if_arp.h: proceeding with the preprocessor's result
configure: WARNING: linux/if_arp.h: in the future, the compiler will take precedence
checking for linux/if_arp.h... yes
checking linux/wireless.h usability... no
checking linux/wireless.h presence... yes
configure: WARNING: linux/wireless.h: present but cannot be compiled
configure: WARNING: linux/wireless.h: check for missing prerequisite headers?
configure: WARNING: linux/wireless.h: see the Autoconf documentation
configure: WARNING: linux/wireless.h: section "Present But Cannot be Compiled"
configure: WARNING: linux/iwireless.h: proceeding with the preprocessor's result
configure: WARNING: linux/iwireless.h: in the future, the compiler will take precedence
checking for linux/wireless.h... yes
checking for nl_handle_alloc in -ini... yes
checking for mac80211 support in netlink library... yes
checking for pow in -lm... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: WARNING: Makefile.in seems to ignore the --datarootdir setting
config.status: creating config.h
config.status: config.h is unchanged
- reply
Submitted by Anonymous on Tue, 08/04/2009 - 13:01.The brackets made it invisible! I corrected it.
- reply
Submitted by Tim Ashley on Tue, 08/04/2009 - 14:13.I still get
configure: WARNING: linux/if_arp.h: present but cannot be compiled
configure: WARNING: linux/if_arp.h: check for missing prerequisite headers?
configure: WARNING: linux/if_arp.h: see the Autoconf documentation
configure: WARNING: linux/if_arp.h: section "Present But Cannot be Compiled"
configure: WARNING: linux/if_arp.h: proceeding with the preprocessor's result
configure: WARNING: linux/if_arp.h: in the future, the compiler will take precedence
checking for linux/if_arp.h... yes
checking linux/wireless.h usability... no
checking linux/wireless.h presence... yes
configure: WARNING: linux/wireless.h: present but cannot be compiled
configure: WARNING: linux/wireless.h: check for missing prerequisite headers?
configure: WARNING: linux/wireless.h: see the Autoconf documentation
configure: WARNING: linux/wireless.h: section "Present But Cannot be Compiled"
configure: WARNING: linux/iwireless.h: proceeding with the preprocessor's result
configure: WARNING: linux/iwireless.h: in the future, the compiler will take precedence
checking for linux/wireless.h... yes
checking for nl_handle_alloc in -ini... yes
checking for mac80211 support in netlink library... yes
checking for pow in -lm... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: WARNING: Makefile.in seems to ignore the --datarootdir setting
config.status: creating config.h
config.status: config.h is unchanged
I included the #include in wireless.h
Also I have the oldschool madwifi drivers wifi0/ath0 will that make a difference if I use -d madwifing or do I have ot use -d madwifiold?
I type in airpwn -c conf/greet_html -d madwifiold -i ath0 -v and I get
LORCON - tx80211_setmode(...) is deprecated, please use tx80211_setfunctionalmode(...) instead
Error enabling athXraw interface.
unable to open interface ath0.
if I use -d madwifing instead I get
LORCON - tx80211_setmode(...) is deprecated, please use tx80211_setfunctionalmode(...) instead
Listening for packets....
and it doesn't do anything from there :(
I've even used airodump-ng -c 6 ath0 to lock onto chan 6 where my AP is on
- reply
Submitted by Anonymous on Tue, 08/04/2009 - 17:21.Start over, you need to rebuild your files. You built them with a badly editing wireless.h file.
You're include is probably messed up also.
Open up the wireless.h
put #include < linux/if.h > (remove the spaces between the brackets)
save, rebuild and try again.
- reply
Submitted by Tim Ashley on Tue, 08/04/2009 - 20:56.I didn't put any spaces I wrote it exactly like "#include " minus the quote marks. I did a locate for wireless.h & if.h & I got the following
/usr/include/linux/wireless.h
/usr/src/linux-source-2.6.20.1/drivers/net/ps3_gelic_wireless.h
/usr/src/linux-source-2.6.20.1/include/config/ipwireless.h
/usr/src/linux-source-2.6.20.1/include/config/wireless.h
/usr/src/linux-source-2.6.20.1/include/config/usb/serial/sierrawireless.h
/usr/src/linux-source-2.6.20.1/include/linux/wireless.h
/usr/src/linux-source-2.6.20.1/usr/include/linux/wireless.h
& for if.h I got
/usr/include/linux/if.h
/usr/include/net/if.h
/usr/src/linux-source-2.6.20.1/include/linux/if.h
/usr/src/linux-source-2.6.20.1/usr/include/linux/if.h
I cut out the ones that wer not expressly if.h So I shall try again I guess. What is with the if_arp.h file. It says the same thing as the wireless.h file when I configure lorcon. It says checking linux/if_arp.h usability...no
linux/if.arp.h presence...yes
does the same with wireless.h
btw i'm using BackTrack 4 Beta. I tried using the PreFinal with Airpwn already installed but I didn't like the ath5k driver. it was a lil too unstable. So I installed BT4 beta on a usb stick with persistent changes. By the way I really appreciate your help & advice Thank you very much. i'm hoping to get this thing up 'n working so I can play with it :D
Could it also be lorcon?? because when I start up airpwn I get that
LORCON - tx80211_setmode(...) is deprecated, please use tx80211_setfunctionalmode(...) instead
Listening for packets...
- reply
Submitted by Anonymous on Tue, 08/04/2009 - 23:58.Yes this "edit" of the wireless.h file is for the lorcon build.
Like i said, start over from scratch, uninstall anything that installed (somewhat)successfully.
Lorcon will not function properly if you build it without editing the wireless.h file BEFORE building the source.
- reply
Submitted by Tim Ashley on Wed, 08/05/2009 - 09:19.Yup I did edit wireless.h. Is it normal to get
checking for linux/if_arp.h usability... no
checking for linux/if_arp.h presence... yes
configure: WARNING: linux/if_arp.h: present but cannot be compiled
&
checking for linux/wireless.h usability... no
checking for linux/wireless.h presence... yes
configure: WARNING: linux/wireless.h: present but cannot be compiled
Should I get a wireless.h & if.h from another distro? Like BT4 Pre final? That has Airpwn built right in and i'm assuming it would work if I had a different wireless card. BT4 pf loads ath5k drivers instead of madwifing drivers. And I tried installing the madwifing drivers but havnt had much luck which is why im using bt4 beta atm. Maybe i'll run it on ubuntu and see if I can get it working that way just to test it out
- reply
Submitted by Anonymous on Wed, 08/05/2009 - 11:50.So I gave up on the install of Airpwn on BT4 beta. I gave Pre Final another shot and was reading up on Airpwns documentation on their site. It says their supported drivers are whatever LORCON supports. The list showed Ath5k, Ath9k and so on. In BT4 PF it uses ath5k as the driver so I decided to do
airpwn -d ath5k -c conf/airpwned_img -i mon0 -vvvvvvvvvvv -l airpwn.log
Went to Google and it worked. Instead of the Google Logo i see the big red AIRPWN logo
tested with conf/greet_html and saw the Hello Defcon! Your wireless is delicious blinking red text
Tried with js_html but it did not work.
Tried conf/puppy_img. Didn't work either
I noticed that my victim computer consistantly disconnects when running airpwn (mostly when the injection is not working) But this is a new set of problems i'll have to try to figure out. Maybe i'll go back and attempt to get Airpwn working on BT4beta as a learning experience. I thank you for your help and welcome any more advice you may have :)
- reply
Submitted by Anonymous on Thu, 08/06/2009 - 09:42.Make sure you install build essentials and linux-headers
- reply
Submitted by Tim Ashley on Wed, 08/05/2009 - 14:57.I put
apt-get install linux-headers-`uname -r` build-essential
(as root of course)
And I get
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package linux-headers-2.6.38.1
- reply
Submitted by Anonymous on Wed, 08/05/2009 - 16:56.Put this instead:
sudo apt-get install linux-headers-2.6.38.1-generic
or
sudo apt-cache search linux-headers (for your kernel header package)
- reply
Submitted by Tim Ashley on Thu, 08/06/2009 - 07:42.