Skip to content

Rogue AP

Jump to bottom
Janek edited this page May 2, 2026 · 3 revisions
cyberpunk-banner

🛜 Rogue AP

Rogue AP mode starts a WPA2 access point with captive portal logic for controlled red-team simulations.

Highlights

  • Deauth target networks
  • Custom SSID and password AP started
  • Captive portal integration having the same name
  • Session and credential event monitoring

Notes

Upload htmls to /lab/htmls/ on SD card.

  1. If your SSID is broadcasted on 2.4 and 5ghz under the same name, your phone will switch to the other so no effect. In such a case either rename 5ghz to a different name or use second monster to deauth it too.

  2. Some phones are lazy to show captive portal especially for memorized networks. Turning wifi off and on should help.

Deploy only with explicit authorization.

Commands Workflow

  1. Prepare captive portal HTML:
list_sd
select_html 1
  1. Start Rogue AP:
start_rogueap FreeAirportWiFi 12345678
  1. Monitor output for victim sessions and captured data:
AP: Client connected - MAC: ...
Password: ...
Portal data saved to portals.txt
  1. Stop Rogue AP:
stop

Clone this wiki locally