Social Engineering is an attack that relies on human interaction and or tricking people into breaking some security procedures. it is also refers to psychological manipulation,influencing or deceiving of people into performing divulging confidential sort on data information in order to gain control over peoples’ system and access. In this tutorial we will learn how to manipulate people into get an access to their WiFi access, by using Twin-fake AP. This twin act like a trap, which is able to force user to input the WiFi key password into fake AP. Then the twin will verify whether the user’s input password is the actual password as the original AP or not by using a valid handshake.
There are a lot tools to make this kind of attack. It is often refers to Evil Twin AP, Rogue AP, or Fake AP attack. In this occasion, i will using FLUXION, it is the most popular “wireless-network-phising” tool among others, like WiFiPhiser. Fluxion is an automated Evil Twin AP tool by carrying out MiTM WPA POC attacks. Fluxion will does everything for you to conduct this attack, and you dont even need to perform bruteforce attack to break the passwords. Fluxion works by, firstly scan the networks and capture handshake using deauth method, when Fluxion has created a FakeAP to imitate the target Access Point. Fluxion deauth all users connected to target network in order to lure them to connect connect to the FakeAP and enter the WPA password, then Fluxion launch a fake DNS server, and so on and so on. The next detailed explanation will be showed to you along by the tutorial below.
It is recommended to use Kali Linux 2 or the latest’s Kali Rolling version, and certainly, Fluxion will only works on a Linux-based operating system. Also, use an external wifi card.
Fluxion is good, but it is illegal activity . Consider it by yourselves. Author is not responsible for any misuse or damage caused by this program. As you may need to know, I used my own network in this tutorial to teach you. Nothing more than for educational purpose only !
Step 1: Download and Install Fluxion into your Kali Linux
Open up your terminal and hit these commands:
git clone --recursive https://github.com/FluxionNetwork/fluxion.git && cd fluxion/ && ./fluxion.sh
First run Fluxion will automate your missing dependencies download, so rather than manually install like the old version, the version handle it for you.
Step 2: Preparation
- Select your language to use.
- Select WiFi card. I used external WiFi card on Wlan1.
- Scan the air and Select target.
Step 3: Capture Handshake
Before doing an Evil Twin attack, first we need a handshake, we will use “Handshake Snooper – Acquires WPA/WPA2 ecryption hashes” option number 2 first.
For further determination of selecting method, such method of handshake retreival and so on, just select the reliable, efficient and recommended options. From here, select option 2 for “aireplay-ng deauthentication” and then use pyrit to verify the hash. Fluxion will open another terminal to do that. Once the handshake is captured, those will be gone.
Now back to create the Evil Fake AP. Select option 1 “Select another attack”
Step 4: Setup & Create Evil Twin AP
Select option 1 “Captive Portal Creates an “evil twin” access point.” and choose your external wifi card. These are the last preparation you need to setup, select access point service of Rogue AP using hostapd on option number 1.
it then asking you to use the captured handshake file we captured earlier. hit Y to go on to select recommended pyrit verification and create an SSL certificate. Now, select your captive portal interface for the rogue network, it has for about 63 different phising pages.
I recommend you to choose the phising page based on the target device and your region language, if the listed option unavailable with those criteria then just use the Generic Portal on English. Once you selected, it will launch the Evil Twin attack, as shown image below.
Please be patient, in this situation, the client will be deauth-ed or kicked from the original access point, and forced to connect to our Fake AP which is has the same access point name as the original. After the target connected, he will redirected to our web phising page which is asking for the wifi password.
After the target input the password, fluxion will verify by matching the target input and the handshake file. If he enter the right key the attack is done.
The log is saved in a file under directory /fluxion/attacks/Captive Portal/netlog/[target AP-MAC].log