How to Create Fake Access Points using Scapy in Python?

Last Updated : 15 Nov, 2021

In this article, we are going to discuss how to create fake access points using scapy module in python

This task can be done with the help of the python package scapy-fakeap. The intention behind using this library is not only making Fake Access Point but also Testing of 802.11 protocols and its implementation.

Scapy is a python module used for interacting with the packets on the network. It has several functionalities through which we can easily forge and manipulate the packet. It is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, trace routing, probing, unit tests, attacks or network discovery. It can replace hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark.

Installation :

For using this library you need to have the following python packages installed in your system :

scapy
ip
airmon-ng
dnsmasq (Optional)

These all python packages which can be installed in simple steps via running the below command:

pip3 install scapy-fakeap

Note:

For deep diving into the code we all need to keep your device or network into the monitor mode.
Make sure that you are in to the Unix or Linux based System.

To keep our system in monitor more we some utilities i.e. aircrack-ng. It can be installed using the below command:

apt-get install aircrack-ng

Steps to go into the monitor mode :

Enable monitor mode using airmon-ng command
Firstly, kill all the process of your system using this command:

airmon-ng check kill

Enable your WLAN network for this run the command ifconfig to check active networks in your system and then run the below command:

airmon-ng start (your WLAN name)

This will activate the connection of your WLAN.

You are all set for further process of building fake access point

Now we will generate a random MAC address as well as setting a name of our access point we want to create, and then we create an 802.11 frame, and the fields are:

type=0: This will indicate that this is a management frame.
subtype : This will indicate that this management frame is a beacon frame.
addr1 : This will refer to the destination mac address.
addr2 : This will refer to source MAC address or sender’s MAC address.
addr3 : This will refer to the access point’s MAC address.

Now we will use the same MAC address of addr2 and addr3, because the sender is access point. And then we will create our beacon frame with ssid infos and then stack together and send them using sendp() method of scapy module. Below is the implementation:

Python3

# Import module 
from scapy.all import *
  
# Make an variable interface and assign  
# this name of wlan connection name "my-Wlan" 
interface = "my_Wlan"
  
# This will be sender's MAC address  
# This is there random MAC address generated 
sender = RandMAC() 
  
# Assign access point name 
access_point_name = "Test"
  
# Here we will define 802.11 frame 
dot11 = Dot11(type=0, subtype=8,  
              addr1="ff:ff:ff:ff:ff:ff", 
              addr2=sender, addr3=sender) 
beacon = Dot11Beacon() 
  
# Assign ssid in frame 
e_SSID = Dot11Elt(ID="SSID", info=access_point_name, 
                  len=len(access_point_name)) 
  
# stack all the layers and add a RadioTap  
frame = RadioTap()/dot11/beacon/e_SSID 
  
# Send the frame in layer 2 every 100 milliseconds  
# using the iface interface 
sendp(frame, inter=0.1, iface=interface, loop=1) 

Output:

When you will reach the last line of your script and loop=0 then your system will only send 1 packet as an access point.

When you will reach the last line of code and loop=1 below output will be generated as the system continuously sends the packets as an access point which will be fake.