Turn RPi into WAP#
Instruction is based on Kali Revealed course by great guys from Offensive Security team.
Prepare#
Tool | Description |
---|---|
Raspberry Pi 3+ | Single-board computer with wireless LAN and Bluetooth connectivity. |
Kali Linux Official ARM image | "... the same build infrastructure as the official Kali releases for ARM architecture." |
hostapd |
Service which creates Access Point. |
dnsmasq |
Service responsible for DNS forwarding and providing DHCP server. |
dhcpcd5 |
A DHCP client. |
File | Description |
---|---|
/etc/dhcpcd.conf |
DHCP service configuration file. Used to ignore wlan0 setup. |
/etc/network/interfaces |
Used to setup wlan0 interface. |
/etc/hostapd/hostapd.conf |
hostapd service configuration file. Used to setup AP parameters. |
/etc/default/hostapd |
Stores path to necessary hostapd configuration file. |
/etc/dnsmasq.conf |
Used to configure dnsmasq service. |
/proc/sys/net/ipv4/ip_forward |
Store IP forwarding parameter permanently. |
/etc/rc.local |
Used to reload iptables rules after reboot. |
Install Kali on rpi#
- Download latest image version from Kali official website.
- Verify checksum.
shasum -a 256 path/to/file
- Copy downloaded image on microSD card with
dd
command:
dd if=kali-image.img of=/dev/something bs=512k status=progress
Default credentials: kali
, kali
.
Configure Access Point#
- Install required packages:
sudo apt-get install dnsmasq hostapd dhcpcd5
- Tell
dhcpcd
to ignorewlan0
setup. Add the following directive before any interface settingsdenyinterfaces wlan0
:
sudo nano /etc/dhcpcd.con
- Setup wifi interface:
sudo nano /etc/network/interfaces
allow-hotplug wlan0
iface wlan0 inet static
address 172.24.1.1
netmask 255.255.255.0
network 172.24.1.0
broadcast 172.24.1.255
- Restart
dhcpcd
and reload the configuration ofwlan0
:
sudo service dhcpcd restart
sudo ifdown wlan0; sudo ifup wlan0
- Configure
hostapd
:
sudo nano /etc/hostapd/hostapd.conf
Parameter | Value | Description |
---|---|---|
interface |
wlan0 |
The name of the WiFi interface configured above. |
driver |
nl80211 |
Use the nl80211 driver with the brcmfmac driver. |
hw_mode |
g |
Use the 2.4GHz band. |
channel |
6 |
Use channel 6 . |
ieee80211n |
1 |
Enable 802.11n. |
wmm_enabled |
1 |
Enable WMM. |
ht_capab |
[HT40][SHORT-GI-20][DSSS_CCK-40] |
Enable 40MHz channels with 20ns guard interval. |
macaddr_acl |
0 |
Accept all MAC addresses. |
auth_algs |
1 |
Use WPA authentication. |
ignore_broadcast_ssid |
0 |
Require clients to know the network name. |
ssid |
Kali-Pi3 |
The name of the network. |
wpa |
2 |
Use WPA2. |
wpa_key_mgmt |
WPA-PSK |
Use a pre-shared key. |
wpa_passphrase |
paSSphras8 |
The network passphrase. |
rsn_pairwise |
CCMP |
Use AES , instead of TKIP . |
- Test Wireless Access Point works:
sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf
- Specify
dhcpcd
configuration file place. Uncomment line and setDAEMON_CONF="/etc/hostapd/hostapd.conf"
:
sudo nano /etc/default/hostapd
Configure DNS forwarding#
- Setup
dnsmasq
:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf
Parameter | Value | Description |
---|---|---|
interface |
wlan0 |
Use interface wlan0. |
listen-address |
172.24.1.1 |
Set listening address from /etc/network/interfaces . |
bind-interfaces |
Bind to the interface to make sure we aren't sending things elsewhere. | |
server |
1.1.1.1 |
Forward DNS requests to Cloudflare DNS. |
domain-needed |
Don't forward short names. | |
bogus-priv |
Never forward addresses in the non-routed address spaces. | |
dhcp-range |
172.24.1.50,172.24.1.150,12h |
Assign IP addresses between 172.24.1.50 and 172.24.1.150 with a 12 hour lease time. |
Now, we have two interfaces active, and we have a DHCP client for our Pi
and a DHCP server for our wireless guests. Now we need to forward traffic between the Wi-Fi and Ethernet interfaces.
Configure Wi-Fi - Ethernet forwarding#
- Update
/proc
:
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
- Make change permanent through
sysctl
:
sudo nano /etc/sysctl.conf
- Uncomment the line containing
net.ipv4.ip_forward=1
.
Configure iptables
#
Whenever a new connection is encountered (
-t nat
), we want to alter the packets as they are about to go out (-A POSTROUTING
) on our Ethernet interface (-o eth0
). The-j MASQUERADE
target masks private IP address of the client with the external IP address of the firewall/gateway (Kali Pi
).
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Append
-A
rule to theFORWARD
chain packets (packets being routed through the Pi) which accepts-j ACCEPT
packets frometh0
towlan0
--i eth0 -o wlan0
that belong toESTABLISHED
or areRELATED
to existing position.
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
Forward and accept all packets form
wlan0
toeth0
.
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
- Check out rules:
sudo iptables -S
- Save rules to file:
sudo iptables-save | sudo tee /etc/iptables.ipv4.nat
- Apply these rules every time we boot the Pi by editing the /etc/rc.local file:
sudo nano /etc/rc.local
#!/bin/sh -e
iptables-restore < /etc/iptables.ipv4.nat
- Make the file executable:
sudo chmod 711 /etc/rc.local
Enable configured services#
sudo systemctl enable hostapd dnsmasq
Reboot and check that everything works fine.