While Wi-Fi networks can be set up by intelligent IT professionals, that does not mean that system users have the same technology. We'll show you how malicious twin attacks can steal Wi-Fi passwords by kicking a user on his or her trusted network while making them almost identical. This forces the victim to connect to a fake network and provide a Wi-Fi password to regain Internet access.



What Is an Evil Twin Attack

Bad twin attacks are a form of Wi-Fi attack that is so effective that most computers and phones will only see the "name" or ESSID of the wireless network. This actually makes it very difficult to distinguish between networks with the same name and the same type of encryption. In fact, most networks will have access points that extend to all networks using the same name to extend access without confusing users.

If you want to see how this works, you can create a Wi-Fi hotspot on your phone and name it according to your home network, and you'll find it hard to tell the difference between two networks or your computer can just see both as the same network. A network sniffing tool like Wigle Wifi on Android or Kismet clearly sees the difference between these networks, but for the average user, these networks will look the same.

This works well for tricking a user into communicating if we have a network with the same name, the same password, and the same encryption, but what if we don't know the password yet? We will not be able to create a network that will trick the user into connecting automatically, but we can try social media attacks to try to force the user to give us a password by removing them from the actual network.


You are using Captive Portal Attack

In the attack of the evil twin gate style of the collateral, we will use the Airgeddon wireless attack framework to try to force the user to connect to an open network with the same name as the network they trust. The capture site is something similar to the screen you see when you connect to an open network at a coffee shop, plane, or hotel. This screen containing terms and conditions is something people are accustomed to seeing, and we will use that to our advantage to create a data theft page that looks like the router is being updated.


Step 1 :-  Make Sure You Have It All

To prepare for our vicious twin attacks, we will need to use Kali Linux or another supported distro. There are still a few distributions, and you can check out the Airgeddon GitHub page to find out which Airgeddon will work with.

You can use Raspberry Pi using Kali Linux for this with a wireless network adapter, but you will need to have access to the GUI and not be SSHed to Pi, as you will need to be able to open and navigate multiple windows in this multi-bash text.

Finally, you will need a good wireless network adapter for this. In our tests, we found that TP-Link WN722N v1 and Panda Wireless PAU07 cards worked well with these attacks. You can find more details by choosing a good wireless network adapter from the link below.


Step 2 :-  Install Airgeddon

To start using Airgeddon wireless attack framework, we will need to download Airgeddon and any other necessary programs. The developer also recommends downloading and installing a tool called CCZE to make the output easier to understand. You can do that by typing the apt-get to install the ccze end window.
apt-get install ccze
Next, we will install Airgeddon with git clone.
git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git
Then change directions and start Airgeddon with the following instructions.
cd airgeddon
sudo bash ./airgeddon.sh
If you see an alien spacecraft, you know that you are ready to hack.


Step 3 :-  Configure Airgeddon

Press Enter to test the various tools the Airgeddon frame relies on. If something is missing (it will say "Error" next to them), you can hit Y and enter immediately to try to automatically replace anything that isn't there, but that usually doesn't work.

Instead, open a new storage window and type the appropriate input tool, replacing the "tool" in the name of the missing tool. If that doesn't work, you can try the Sudo pip install tool again. You have to install all the tools, otherwise, you may encounter problems during your attack, especially if you have lost dnsspoof.



Once you have all the tools, proceed to the next step by pressing Enter. Next, the script will check internet access so we can analyze ourselves when there is a new version.

When that is complete, press Enter to select the network adapter to use. Press the number on your keyboard corresponding to the network adapter in the list, then enter Enter.

After selecting our wireless network adapter, we will proceed to the main attack menu.
Press 2 and enter to enter your wireless card in monitoring mode. Next, select option 7 and enter the "Evil Twin attack" menu, and you will see a menu below this attack module appear.




Step 4 :-  Select the Target

Now that we're in our attack phase, select option 9 and install the "Evil Twin AP attack with the captive portal." We will need to check the indicators, so press Enter, and you will see a window appear showing a list of all available networks. You will need to wait a bit to complete the list of all nearby networks.

Exploring for targets

CH 12 ][ Elapsed: 12 s ][ 2019-12-13 05:28
BSSID          PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
██████████████ -59        9        0    0  11  54e  WPA2 CCMP   PSK  ██████████████
██████████████ -58        5        0    0  11  54e  WPA2 CCMP   PSK  ██████████████
██████████████ -80       12        0    0  11  54e. WPA2 CCMP   PSK  ██████████████
██████████████ -79       14        0    0   6  54e. WPA2 CCMP   PSK  ██████████████
██████████████ -82        6        0    0   1  54e  WPA2 CCMP   PSK  ██████████████
██████████████ -83        6        1    0   2  54e  WPA2 CCMP   PSK  ██████████████
██████████████ -85        2        0    0   6  54e. WPA2 CCMP   PSK  ██████████████

BSSID            STATION            PWR   Rate     Lost    Frames  Probe
(not associated) 00:7E:56:97:E9:B0  -68    0 - 1     29         5
██████████████   E8:1A:1B:D9:75:0A  -38    0 -24e     0         1
██████████████   62:38:E0:34:6A:7E  -58    0 - 0e     0         1
██████████████   DC:3A:5E:1D:3E:29  -57    0 -24    148         5

After working for about 60 seconds, exit through the small window, and a list of targets appears. You will notice that the networks that the user is using appear yellow with an asterisk next to them. This is important because you cannot trick someone into giving you a password if there is no one on the network in the first place.


**************************** Select target ****************************

  N.      BSSID      CHANNEL  PWR   ENC     ESSID
------------------------------------------------------
  1)* ██████████████    11    41%   WPA2   ██████████████
  2)* ██████████████    11    20%   WPA2   ██████████████
  3)  ██████████████     6    15%   WPA2   ██████████████
  4)  ██████████████     6    19%   WPA2   ██████████████
  5)  ██████████████     2    17%   WPA2   ██████████████
  6)  ██████████████     1    18%   WPA2   ██████████████
  7)  ██████████████    11    42%   WPA2   ██████████████

(*) Network with clients
------------------------------------------------------
Select target network:

Select the target number you want to attack, then press Enter to move to the next screen.


Step 5 :-  Video : https://youtu.be/ejTPWPGP0GA