4.1 Experiment SetupWe perform this

4.1 Experiment Setup
We perform this experiment with two Sony Vaio Z1 laptops
running the Linux operating system. The unsuspecting
client will be configured to connect to the corporate network
with SSID “CORP” and have the WEP key entered into his
machine (Figure 1).
The gateway machine has a D Link DWL-650 PCMCIA
WiFi card and a Netgear MA101 USB WiFi card. The Netgear
card is configured to be a client on the “CORP” network
with the WEP key “SECRET” and use the Linux Atmel
driver[12].
The D Link card is configured with the Linux hostap
driver[8] to operate in Master mode, or to behave like an Access
Point, with SSID “CORP”. It also uses the “SECRET”
WEP key.
After the proper configuration of the wireless interfaces
an ARP proxy bridge was established between the two interfaces
using parprouted[6]. After setting the appropriate
routes, the gateway machine was ready to begin transparently
bridging traffic. Appendix A contains a script that can
be used for configuring the interfaces and bridge.
With the bridge enabled it is time to target a download.
We set up a sample target download web page which contained
a downloadable binary, a link to that downloadable
binary and an MD5SUM of that binary. This download
scenario is relatively common, where the MD5SUM is intended
to verify that package was downloaded properly.
Since the clients traffic is already passing through the
gateway machine it makes our job much easier. To accomplish
this in a wired network is possible via ARP spoofing,
DNS spoofing, or by compromising a legitimate gateway
machine. Since we have already established ourselves as
a legitimate gateway, all that is required is that we redirect
the clients traffic destined to the Target website through our
user space proxy. In this case, the redirection is handled via
Netfilter in Linux. The following iptables command will
accomplish this: