When hacking into a network during a penetration test, the idea can sometimes be useful to create your own wireless AP simply by plugging a Pi into an available Ethernet port. With This kind of setup, you have your own backdoor wireless connection to the network in a matter of seconds. Creating an AP is actually also helpful while traveling, or needing to share a connection which has a group of people.
There are many reasons you might want to turn your Raspberry Pi into a hotspot. A simple use case is actually having your own cheap DIY travel router to use in hotel rooms while you’re on the road, or even on campus to have a faster private connection to the network. A more nefarious application, such as a rogue access point, could also enable you to trick users into connecting to your network.
Fortunately for your budget, the Pi 3 along with also also Pi Zero W both are capable of working as an access point along with also also should work with whatever Linux distribution you may have running on your Pi. To do so, we’ll be using hostapd along with also also DNSmasq, which have been recently patched after Google’s security team discovered several serious vulnerabilities.
What You’ll Need to Get started out
due to This kind of guide, we will assume of which you already have a Raspberry Pi 3 running Raspbian or Kali Linux. If you don’t, consult our previous How to Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux.
Step 1: Update the OS & Install HostAPD
Before we start, make sure of which the Pi is actually connected to both Ethernet along with also also power. Best practice is actually to make sure of which you are starting off with the Pi running the most up-to-date software, so let’s update first. Open a terminal window along with also also type the following.
sudo apt-get update
sudo apt-get upgrade
After your OS finishes updating, let’s install hostapd along with also also dnsmasq.
Hostapd is actually the package of which will actually let us use the Pi as a Wi-Fi access point. While we are using the internal Wi-Fi in This kind of build, we could use any number of Wireless Network Adapters.
Dnsmasq is actually an easy-to-configure software package of which acts as both a Dynamic Host Configuration Protocol (DHCP) along with also also Domain Name Server (DNS). DHCP is actually the standardized protocol of which dynamically issues network configuration parameters. We will be using the idea to assign IP addresses to interfaces along with also also services.
Don’t Miss: Dynamic Host Configuration Protocol
DHCP is actually why you only have to input a password when connecting to a completely new wireless access point, the idea handles the configuration after of which for you. DNS, on the different hand, translates between IP addresses along with also also domain names along with also also is actually vital to being able to use the internet. the idea is actually why you can go to wonderhowto.com without having to know the IP address the website is actually actually hosted at.
Let’s download both by typing the following into terminal.
sudo apt-get install hostapd
sudo apt-get install dnsmasq
If you ever find of which you need something more robust along with also also are a more advanced Linux user, you can use isc-dhcp-server for DHCP along with also also bind9 for DNS, as they both give the user more advanced control along with also also offer an enterprise-grade solution. We will not be using them in This kind of guide in an effort to keep things as simple as possible.
Step 2: Configure the Interface
By default, dhcpcd handles interface configuration. Because we are going to set up a static wireless IP later we need the idea to ignore wlan0, the default Wi-Fi card, along with also also prevent interfaces coming from using the idea. This kind of should prevent anything coming from interfering with our access point. Open the file in nano for editing.
sudo nano /etc/dhcpcd.conf
Place the following line at the end of the file. If you have added any interfaces, then place This kind of above them in order to deny them wlan0.
On a fresh install, I just placed the idea at the end of the file.
To save our adjustments in nano, we need to Ctrl + X then Y then Enter. Remember This kind of key combo, as we will use the idea a lot.
We’re currently ready to set a static wireless IP for our hotspot, just like any router does. If we didn’t, devices attempting to connect to the hotspot wouldn’t be able to find the idea. We’ll do This kind of by editing the interfaces file by typing the following into terminal.
sudo nano /etc/network/interfaces
The wlan0 settings are the most important for connecting to the Pi. If you decide to change them, be sure to do the same on each step below, or your hotspot will not work. In nano, go ahead along with also also replace everything coming from the line of which says “auto lo” down with the following.
iface lo inet loopback
iface eth0 inet static
dns-nameservers 126.96.36.199 188.8.131.52
iface wlan0 inet static
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
I also set a static Ethernet IP due to This kind of tutorial, nevertheless you may want to leave the idea dynamic by typing iface eth0 inet dhcp into a terminal window, along with also also then leave out the addresses directly after of which. For more details on This kind of, look at the network configuration wiki.
Having a dynamic IP address is actually important if you plan on connecting the idea to an unknown network of which may already have another device using of which IP, otherwise you could end up with IP collisions. IP collisions are when two different devices are given the same IP address, which can confuse the network along with also also cause the idea to ignore packets coming from both.
When you are done the idea should look something like This kind of.
When the idea looks the same, Ctrl + X then Y then Enter to save.
After exiting nano, we need to restart dhcpd to possess the idea load within the adjustments of which we made to the configuration file, along with also also then do the same for wlan0. We will do so by typing the following into a terminal window.
sudo service dhcpcd restart
sudo ifdown wlan0; sudo ifup wlan0
Step 4: Hostapd Configuration
Next, we are going to configure hostapd. To do This kind of, we will open the file with nano by typing the following into terminal.
sudo nano /etc/hostapd/hostapd.conf
Next, add the following lines, which will set up how we want wlan0 to work.
# WifI interface along with also also driver to be used
# WiFi settings
# Use WPA authentication along with also also a pre-shared key
# Network Name
# Network password
The main things you will want to change are the SSID (service set identifier) along with also also wpa_passphrase at the bottom of the file. The SSID is actually the hotspot name, along with also also how your device identifies the network.
The wpa_passphrase is actually the password to the AP. the idea is actually very important to create a strong password, or else anyone could access your network. For the more advanced, you may also wish to change the default channel the AP will transmit on, as 6 is actually the most commonly used by Wi-Fi along with also also easily gets crowded.
If you ever chose to use a network adapter different than the built-in Wi-Fi module, the driver will have to be changed to the driver suitable for the Wi-Fi dongle.
When complete, hitCtrl + X then Y then Enter to save.
Once of which is actually finished, we need to tell hostapd how to find the file. We’ll do This kind of by adding to two files.
The first we can open by typing sudo nano /etc/default/hostapd into a terminal window along with also also change the DAEMON_CONF line near the top to read like so.
When complete, hit Ctrl + X then Y then Enter to save.
The process to add to the second is actually much the same. Open the file by typing sudo nano /etc/init.d/hostapd into a terminal window, along with also also then change DAEMON_CONF line to read as follows.
When the idea looks like the photo above, hit Ctrl + X then Y then Enter to save.
Step 5: Dnsmasq Configuration
The default dnsmasq configuration file is actually complex along with also also wouldn’t work for our needs. the idea will be much easier, in This kind of case, for us to start coming from a blank file.
Because the idea’s not bad practice, along with also also just in case we ever need the idea within the future, we’ll move the default configuration file out of the way. In terminal, we can do This kind of by by typing sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig, along with also also create our own completely new blank file by typing sudo nano /etc/dnsmasq.conf.
With the blank file currently open in nano, add the following lines.
This kind of tells dnsmasq to use wlan0 along with also also listen on 192.168.220.1. We also do a few different things: binding interfaces again to make sure they aren’t sending, forwarding DNS requests to Google, not forwarding short names, dropping non-routed address, along with also also assigning IPs between 192.168.220.50-150 which has a 12-hour lease.
When yours looks like the image above, hit Ctrl + X then Y then Enter to save.
currently, we possess the Wi-Fi side of things set up, nevertheless the idea isn’t going to be much of a hotspot if the idea can’t connect to the internet. Let’s fix This kind of by forwarding the wlan0 traffic to the ethernet connection.
The first thing to do is actually open the sysctl.conf file by typing sudo nano /etc/sysctl.conf into terminal, along with also also then uncomment the following line by removing the #.
When done, the idea should look like below.
Save along with also also exit by hittingCtrl + X then Y then Enter.
This kind of change might normally not be applied until the Pi is actually rebooted, nevertheless we don’t have to do of which. Instead, we can restart the service by typing the following.
sudo sh -c “echo 1 > /proc/sys/net/ipv4/ip_forward”
With the IPv4 forwarding currently working properly, we can get our NAT (network address translation) between wlan0 along with also also eth0 up along with also also running. To do of which, we need to update our iptables. We’ll do This kind of by entering the following lines into terminal, one by one.
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state –state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
the idea should look like the image below.
of which’s the idea! Everything might work currently, nevertheless there is actually one hiccup. The iptables are flushed with every boot, meaning they’d need to be reset. You could go in along with also also update them every time ,nevertheless of which might get annoying fast, along with also also we are lazy, so we need to make them persistent.
Luckily there’s a package for of which. Download the idea by typing the following into terminal.
sudo apt-get install iptables-persistent
When the dialogue box pops up, make sure Yes is actually selected along with also also press Enter This kind of will save our current iptables. the idea will also ask about IPv6 too, the idea shouldn’t affect anything nevertheless save them anyway.
If you ever need to change the iptables within the future, do so, along with also also then save those adjustments by typing sudo netfilter-persistent save into a terminal window.
currently, we only need to enable the service by typing the following.
sudo systemctl enable netfilter-persistent
The last step is actually to start hostapd by typing sudo service hostapd start ,along with also also dnsmasq by typing sudo service dnsmasq start. After typing each, wait a few seconds along with also also check another Wi-Fi enabled device to see if you can see the access point.
This kind of will be different if you used another SSID in step three. Hopefully, your password has been changed too, as raspberry is actually the very definition of an easy-to-guess password. Below, we see the hotspot showing up.
To make sure everything will work properly, the idea’s a not bad idea to go ahead along with also also reboot the Pi with sudo reboot. Make sure the Pi is actually connected to Ethernet, along with also also connect to the Pi’s hotspot again along with also also try to access the internet.
Today, we learned how to quickly turn our Raspberry Pi 3s or Pi zero Ws into a wireless hotspot using a few easy-to-install packages. While simple, the idea is actually still quite useful to have wireless access to any network, or pop up a wireless AP on demand. This kind of project also makes a great building block, which we will be able to expand on within the future. Future projects, such as adding OpenVPN to route all the traffic through a VPN, or enabling a Pi-based surveillance camera, will build off This kind of method.
Thanks for reading, along with also also if you have any questions, please leave a comment here or send me a message on Twitter!