Raw Fake AP is a program that emulates valid IEEE 802.11 access points using wireless raw injection.

Raw Fake AP application aims to create both beacon and probe response frames and could be used to "hide" real networks from novice wardrivers or for testing wireless intrusion detection systems.

Here are some key features of "Raw Fake AP":

Overall features:

· Raw injection of beacon and probe response frames in monitor mode

· Try to forge coherent sequence numbers and BSS timestamps (depending on driver injection capabilities)

· Try to have a coherent time interval between beacons (which is hard to achieve without a real time kernel)

Command line interface will help you to choose between:

· Randomize Open/WEP/WPA/RSN crypto
· Randomize b/g cards
· Channel hopping
· TXpower hopping
· Randomize ESSIDs (alnum or not)
· Randomize BSSIDs
· Choose beacon interval
· Choose number of fake access points
· Choose a file with valid OUIs
· Choose a file with ESSIDs
· Choose between beacon or probe response frames
· Select a destination MAC address

Requirements:

You basically need:

· A laptop running GNU/Linux
· A PCMCIA IEEE 802.11 wireless card
· Wireless tools (iwconfig) with channel and txpower support

A raw injection enabled wireless driver (you should check excellent Christophe Devine's aircrack webpage for raw injection hints)

This software was successfully tested on:

· Netgear WG511 (prism54 driver)
· Netgear WAG511 (madwifi driver)
· Netgear MA401 (hostap driver)

Prism54 and madwifi drivers enable the tool to inject coherent sequence numbers and BSS timestamps.

Installation:


· make
· make install (as root)

What's New in This Release:

· A probe response mode was added.