Multiplatform Reverse TOR shell:
A stealth remote reverse shell over the TOR network with some sort of port knocking implementation. [
Jafas aka Just Another Fake Ap starter:
A flexible yet simple fake ap “manager”, set your parameters trough interactive mode, configuration file , or command line and you’re on the way! You can set Ap name, Bssid, channel and all the things you need to start a Fake AP plus Dhcpd configuration and also VirtualHost config. The main concept:
python2.7 jafas.py -i #starts the program in the interactive mode
python2.7 jafas.py -f #load config file and then start jafas
python2.7 jafas.py -m 2 -w wlan0 -d eth0 -e default -b 00:11:22:33:44:55 –sniff –route #Starts jafas in mode 2 with ap name “default”, MAC address 00:11:22:33:44:55 with sniffer and internet sharing enabled.
What if one or two parmater is missing? Jafas will simply load default values for example: wlan0, mac address 00:11:22:33:44:55
What about the modes:
This is the funny thing. Really. Jafas supports 3 operating modes:
- Captive: with this mode Jafas starts all the stuff such as Fake AP with your setting, DHCPD server, DNSspoofing…and yes that’s right with dnsspooifng enabled by default actually every requeste is resolved into the ip of your fake ap so whatever the user types in the address bar will be redirected (captive portal) to your own configured fake login portal. Isn’t cool?
- Multi-fake: with this mode Jafas starts Apache and virtualhosts (as many as you want) so let’s say we have 2 virtualhosts like fake1 and fake2. Of course we share internet connection and jafas will set up a selective dns spoofing so if the user types http://www.google.com the real web site will be displayed. But if he types http://www.fake1.com will redirect to your web server with your fake login, the same of course for fake2 virtualhost. So we can set a bunch of fake logins such as facebook.com, gmail.com and and running a stealthy and very effective user credentials grabbing. That’s the core of Jafas project so the mode 2 is the default one.
- fake ap: this is useful if you want to start the AP withouth Apache and Dnsspoofing (but of course you can enable sniffing) and want to do some testing, also this mode is useful if you just want to create an AP just to share internet. For example: jafas.py -m 3 -e share -d eth0 -w wlan0 -c 6 –route , will start “share” essid on channel 6 sharing the internet from eth0 with the other default values (such as 00:11:22:33:44:55 for the MAC address)