LabEx
Log InJoin Free

Modify the DNS Server Configuration in Fluxion

Beginner
Practice Now

Introduction

Fluxion is a popular security auditing and social-engineering research tool. It automates the process of creating a fake Wi-Fi access point and a captive portal to capture credentials. By default, Fluxion uses a pre-configured upstream DNS server (like Google's 8.8.8.8) for its DNS service.

In some scenarios, you might want to change this default DNS server. For example, you might want to use a faster server, one with specific filtering capabilities, or a custom DNS server you control.

In this lab, you will learn how to locate and modify the dnsmasq configuration within the main Fluxion script to change the upstream DNS server address.

In this step, you will navigate to the directory containing the main Fluxion script. The core logic and configurations for Fluxion are stored in shell scripts. The primary script we need to modify is fluxion.sh, which is located inside the lib directory.

First, use the cd (change directory) command to move into the fluxion/lib directory. All the necessary files have already been cloned into your ~/project directory.

cd ~/project/fluxion/lib

Next, use the ls command to list the files in the current directory to confirm that fluxion.sh is present.

ls

You should see fluxion.sh among the listed files.

controller.sh  fluxion.sh  installer.sh  parser.sh  prober.sh  scanner.sh

Open the script in a text editor

In this step, you will open the fluxion.sh script using a command-line text editor. We will use nano, which is a simple and user-friendly editor available in the LabEx environment.

Execute the following command to open fluxion.sh in nano:

nano fluxion.sh

Your terminal will now display the contents of the script inside the nano editor. You can navigate the file using the arrow keys. In the next step, we will search for the relevant configuration section.

For reference, here are some basic nano commands:

  • Ctrl + W: Search for text.
  • Ctrl + X: Exit the editor.

Search for the 'dnsmasq' configuration section

Now that the script is open in nano, you need to find the section where dnsmasq is configured. Fluxion uses dnsmasq to run a DNS server for the fake access point, which redirects all traffic to the captive portal page.

  1. Press Ctrl + W to open the search prompt at the bottom of the editor.
  2. Type dnsmasq and press Enter.

This will take you to the first occurrence of the word dnsmasq. You are looking for a block of code that starts the dnsmasq service. It will look similar to the snippet below. Notice the --server option, which specifies the upstream DNS server.

...
## Start the DNS server (dnsmasq)
"$FLUXION_LIB_DIR/controller.sh" dnsmasq start "$interface" \
  "$gateway" "$portal_address" "$channel" "$essid" &> /dev/null &
...

The actual command being run is inside the controller.sh script, which in turn calls a function containing the dnsmasq command with its parameters. The line we need to change is where the --server parameter is defined. Keep searching if needed until you find the function that defines the dnsmasq startup command, which will contain the line --server=8.8.8.8.

Change the upstream DNS server address

In this step, you will modify the DNS server address. You should have located the line containing the --server option for dnsmasq. By default, it is set to Google's public DNS server, 8.8.8.8.

We will change it to Cloudflare's public DNS server, 1.1.1.1.

Use your arrow keys to navigate to the line:

--server=8.8.8.8 \

Change it to:

--server=1.1.1.1 \

After making the change, you need to save the file and exit nano.

  1. Press Ctrl + X to exit.
  2. nano will ask if you want to save the modified buffer. Press Y for Yes.
  3. nano will then ask for the file name to write. The default is fluxion.sh, which is correct. Press Enter to confirm.

You have now successfully modified the script.

Relaunch the attack and test DNS resolution

In a real-world scenario, the next step would be to relaunch the Fluxion attack. The fake access point would then use your newly configured DNS server (1.1.1.1) for all upstream DNS queries.

In this lab environment, we cannot launch a full Wi-Fi attack. However, we can perform a simple check to ensure that our changes have not broken the script's syntax. We will do this by running the script with the --help flag.

First, navigate back to the main fluxion directory:

cd ~/project/fluxion

Now, run the script. Since Fluxion requires root privileges for many of its operations, you must use sudo.

sudo ./fluxion.sh --help

If the script is syntactically correct, it will display the help menu, confirming that it is still executable after your modification.

fluxion 6.8 (rev. 20210101)

  usage: fluxion.sh [-i] [-k] [-d] [-h] [-v]

  options:
    -i, --install          Install dependencies.
    -k, --check-karma      Check if karma patch is applied.
    -d, --debug            Enable debug mode.
    -h, --help             Print this help screen.
    -v, --version          Print version and exit.

This confirms your change was successful and did not introduce any errors.

Summary

In this lab, you have successfully modified the core script of the Fluxion tool to change its behavior.

You learned how to:

  • Navigate a project's directory structure to find key configuration files.
  • Use a command-line text editor (nano) to view and modify a shell script.
  • Locate a specific configuration, in this case, the dnsmasq service settings.
  • Change the upstream DNS server from the default 8.8.8.8 to 1.1.1.1.
  • Perform a basic syntax check to ensure the script remains functional after modification.

This skill is valuable for customizing and adapting security tools to fit your specific testing requirements and network conditions.