Social engineering goes beyond hardware to target the most vulnerable part of any device, and Fluxion is one tool that makes it incredibly simple.
What is Fluxion?
Fluxion is a research platform for security auditing and social engineering. It’s a remake of vk496’s linset tool, which hasn’t been updated in 6 years. Fluxion has a lot of features. Using a social engineering (phishing) attack, the script attempts to extract the WPA/WPA2 key from a target access point. It works with our Kali Linux.
How Fluxion Works?
- Scan for a wireless network that you want to connect to.
- Enable the Handshake Snooper attack.
- Take a picture of a handshake (necessary for password verification).
- Attack with the Captive Portal.
- Creates a rogue (fake) access point that mimics the initial access point.
- Creates a DNS server, which redirects all requests to the attacker’s host, which is running the captive portal.
- Creates a web server that serves the captive portal, asking users for their WPA/WPA2 key.
- Creates a jammer, which de-authenticates all clients from the original AP and redirects them to the rogue AP.
- All captive portal authentication attempts are compared to the previously captured handshake file.
- Once a valid key is entered, the attack will be immediately terminated.
- The key will be saved, and clients will be able to connect to the target access point again.
Note: This post is for educational purposes only. Do not try this on an individuals device.
How to install and run Fluxion in Kali Linux?
Update the system through command Sudo apt-get update.
To get the Fluxion running on your Kali Linux system, clone the Git repository with git clone https://github.com/FluxionNetwork/fluxion
Check for missing dependencies by navigating to the folder, then list the contents to see what’s in it.
If you run for the first time with ./fluxion.sh (if not root, use sudo ./fluxion.sh).
When you see the message some dependency packages are missing or not installed. Run the following command to install missing packages. The installation of missing packages will start. Be patient and wait for finishing the installation.
./installer.sh or apt install < package name >
After all the dependencies are met, you can proceed to the attack interface. Run the Fluxion command again with ./fluxion.sh (or sudo ./fluxion.sh) to get hacking.
The first option is to select the language. Type the number next to the one you want and press Enter to proceed.
👉 Read Also:
As you see I have two wireless cards the first wireless card is a PC’s internal wireless card and I am NOT going to use so I have another wireless card on the LAN 1 interface I will use in this tutorial.
So after completing the installation, you will select a language your language could be your regional language but I go with the English language so I will select five.
As you can see now we have two options we first capture a four-way handshake of the target Wi-Fi network with the second option handshake Snooper then we use the same handshake to verify the entered password by the victim when we create a rogue Wi-Fi with the captive portal option but first select the second option to capture a four-way handshake of the Wi-Fi now.
Now select a wireless LAN adapter that is compatible with wireless hacking and I have that on LAN 1.
Select the channel or a channels range you can scan all channels of 2.4 gigahertz with the first option and you can use the second and the third options as well or a specific channel of the Wi-Fi otherwise select one of the first and a third Channel after selecting the channel or channels it starts and scans available Wi-Fi networks in your neighborhood.
If your wireless adapter supports monitor mode then it brings Wi-Fi networks at the terminal and any Wi-Fi network you are going to test must be yours because you are not allowed to run the test on someone’s device without the permission of the owner of the Wi-Fi network, I am going to test his mind and that must have a connected device to capture a four-way handshake when you get your Wi-Fi network in the list then you stop the scanning with the ctrl + C shortcut Key.
The Wi-Fi networks you saw on the other terminal you will get that Wi-Fi here as a list now select the Wi-Fi network from the list enter the number of the Wi-Fi then press ENTER.
Now specify the LAN interface to tracking the target specify the same LAN interface which you are using to capture a handshake or you should skip it to capture a handshake of the target Wi-Fi.
We need to disconnect a connection from the Wi-Fi when it reconnects to Wi-Fi we will get the handshake so you can use airplay or MDK three tools and I am going to use the arrow Plate tool in this tutorial.
Now specify the interface to send the authentication packets to disconnect the device and I will use the land one interface for it.
After capturing handshake or you can call it Wi-Fi password hash as well we need to verify that hash with one of these tools to make sure that hash or handshake is not corrupted so enter 3 to select the third option.
Now set 30 seconds to check handshake after 30 seconds and if you didn’t get it in the first 30 seconds then it tries again until it gets the handshake.
If you have a fast system then use the asynchronous option otherwise have a low budget system as I have then use the synchronous option.
The error plate to list sending the authentication packets to disconnect the connected device when that device reconnects to the target Wi-Fi you will get a handshake so until it gets waits for it as you can see I got a handshake now time to move to the next attack so press the ctrl + C shortcut on the second terminal and select another attack on the first terminal we just have complete the password hash as a handshake now we start rogue or evil to an access point so select the captive portal option.
I have captured the password hash of the Wi-Fi this is saved in the Fluxion database and this is the target so enter Y then press enter now skip the LAN interface for tracking the target with the Skip option on the 3rd.
Now select the LAN interface for jamming and I am using LAN 1 for it.
Select the LAN interface for a fake access point and select the same LAN interface if it supports both monitor mode and ap mode.
Select rogue ap host a PD option the first option then presses Enter.
we already have a hash or handshake file in the Fluxion so select the first option to use hash found or if you have a handshake captured without Fluxion then specify that handshake cat-file path with the second option if you following me then use the first option.
👉 Read also:
Set Cat Pattie verification to verify the hash.
Now we create an SSL certificate so use the first option then select an Internet connectivity type for the rogue network disconnected.
Now we need to do is pick a web portal where the user puts a Wi-Fi password so I am going to use the generic portal of the English version if you don’t know about the Wi-Fi router manufacturer.
As you can see fake Wi-Fi has been created and let’s move on to my Android device here you can see is this device is disconnecting to the Wi-Fi it doesn’t matter how hard I tried to connect to Wi-Fi there is Adi authentication attack is running which doesn’t let the device to connect with the Wi-Fi when guys like me frustrated then they connect to the fake Wi-Fi.
When I connect to the Wi-Fi and open a browser that is not updated and tried to visit any site and what I got a security warning properly you shouldn’t visit and secure pages but here is a thing I am an idiot and I will ignore the warning and process to an insecure site as you can see I got a portal there I am going to put my Wi-Fi password because I have no idea about this so I am entering the password but you shouldn’t and after entering the password attacks on the Wi-Fi has been stopped and password has been saved on this path in the Fluxion folder so get in there and get the password now.
If you don’t want to be a victim of such an attack then first you should keep updated your systems apps and firmware and if you find two Wi-Fi with the same name then understand there is something wrong and free public Wi-Fi which takes your credentials to connects then you should avoid that Wi-Fi so I hope somehow this post is helpful for you and thanks for reading see you soon in the next tutorial.