Fluxion is a remake of linset by vk439 with less bugs and more features. It’s compatible with the latest release of Kali (Rolling).
How it works
- Scan the networks.
- Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
- Use WEB Interface *
- Launch a Fake AP instance to imitate the original access point
- Spawns a MDK3 process, which deauthenticates all users connected to the target network, so they can be lured to connect to the Fake AP and enter the WPA password.
- A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
- A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
- Each submitted password is verified by the handshake captured earlier
- The attack will automatically terminate, as soon as a correct password is submitted.
First of all clone Fluxion from github with command :
git clone https://github.com/deltaxflux/fluxion.git
And execute the script from its folder with command:
./fluxion
After starting it will ask for choosing the interface so select wlan0 by ENTERING 1 and then it will ask you to select the channel to listen to wifi connections so enter 1 to listen to all wifi connections.
It will open a new window for wifi monitoring so wait till your target appears and hit ctrl^c.
Now it will show the list of available targets so select the target by pressing the id no. of that connection as in my case i have selected ttpl by press 2.
Now select option 1 for creating fake AP (access point) and press ENTER.
Now press ENTER to skip and then select 1 for choosing aircrack-ng from handshake checking options.
Now select option 1 to Deauthenticate all clients connected to the target wifi
After selecting 1 it will open 2 windows, one for capturing WPA handshake and other for deauthenticate all clients. Now enter 1 on the MENU window to check handshake without closing the other windows.
After checking handshake it will ask for choosing the Web Interface, so select 1 and press ENTER.
Now it will ask for choosing the language, so select 1 for ENGLISH and press ENTER.
Now it will open 4 windows starting the fake AP and deauthenticating the clients of the wifi network.
Now the fake AP is started and the clients will not be able to connect to the original wifi and will be forced to connect to our fake AP and when the client will open a browser it will be redirected to a login page asking for the WPA password
When the user will enter the correct WPA password all the attacks will be stopped and the password will be shown as in my case KEY FOUND [rajchandel12345].(ATTACKS WILL ONLY STOP WHEN THE CLIENT WILL ENTER CORRECT PASSSWORD)
The post Hack Wi-Fi using Social Engineering with Fluxion (Evil Twin Attack) appeared first on Hacking Articles.