Automated Evil Twin Attack: infernal-twin
What is evil twin attack?
Evil twin is a term for a fake WiFi access point, it appears to be a legitimate one offered on the premises, but it has been set up to snoop “spy” on your wireless communications.
An evil twin is also called wifiphisher it’s the wireless version of the phishing scam that hackers use to hack online accounts
The attacker fools wireless users to make them connect to a tainted hotspot by posing as a legitimate provider.
This type of fake wifi attack may be used to steal the passwords of the users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there in a simple word it’s wifi phisher
This tool was created to help the auditors and penetration testers to perform wireless security assessment in a quick manner and easing complex attack vectors.
it is an automatic wifi hacking tool, it’s a Python suite created to aid penetration testers during wireless assessments, many of the common attacks can be done automatically by using this tool
which can get complicated and hard to manage when executed manually.
|What this tool will do
3-WPA2 Enterprise hacking
4-Wireless Social Engineering
6-Evil Access Point Creation
11-Note taking function
12-Data is saved into Database
|1-Set up monitoring interface
2-Set up DB
3-Scan wireless network in the range
4-Connect to the network selected SSID
5-Obtain login page of authentication
6-Modify the login page with attacker
controlled php script to obtain the credentials
7-Set up Apache Server and serve fake login page
8-Give a victim an IP
9-Set up NAT table
10-Dump the traffic
11-Perform Deauthentication Attack
To create an access point, we need two network adapters, one to connect to the Internet, and the second – this will be the access point i.e. The laptop’s built-in network card and monitor mode WiFi adapter
how Evil Twin attack work ?
The attacker set up a fake Wi-Fi access point, purporting to provide wireless Internet services
and eavesdropping the user’s traffic. with this type of attack, the attacker can know everything you are doing every web you open and steal every password you type, of course, they can if you are not protecting yourself
and if the attacker just want to know your Wifi credentials he can serve you to a fake login page asking your for your wifi password to steal the password, and not just a fake wifi login page
he can also serve you to a fake login page for any of the websites you are trying to open.
yes, your sensitive data is between the attacker’s hands once you connect to fake wifi, The attack scenario could be exploited to run man-in-the-middle attacks or to serve malware to the computers in the targeted network.
To avoid evil twin access point attack…
There is no magic button and you need to know some details about the real AP you are connected to or want to connect to. for example
- The MAC address of the real wireless access point
- The DHCP IP address the gateway and the DNS server that it hand out
- Apart from that, you might find the evil twin using a different frequency than the original, like the true AP being on 2.4GHz and the evil AP being on 5GHz
it’s hard to avoid fake WiFi and even almost impossible to have all of that information with you when ever you want to connect to an access point , but this is the only way to know its real and not fake WiFi
For wireless network administrator
To protect your users from fake wifi connection you can use EvilAP Defender it’s an application that will help you discover and prevent Evil Access Points from attacking wireless users.
You can set up the application to run in regular intervals to check if there is any fake access point and protect your wireless network from Evil Twin attacks.
You can also configure EvilAP Defender to send notifications to your email whenever it discovers an evil access point.
and you can configure EvilAP Defender to perform DoS on the legitimate wireless users to prevent them from connecting to the discovered evil AP, this will give the administrator more time to react.
However, notice that the DoS will only be performed for evil APs which have the same SSID ( wifi Name ) but different BSSID (AP’s MAC address) or running on a different channel.
To avoid DoS your legitimate network. you can read more about it here Link
How to run infernal twin
Back to infernal twin now lets see what we need to start a fake wifi hotspot
To be able to use infernal twin you need
- Apache module
- mysql database
- Scapy packet manipulation tool for computer networks
- wxtools debugging framework.
To install the packages we need to follow these steps:
Use sudo if you are not root most of those packages are included in Kali Linux but just in case you are not a Kali Linux user
apt-get install apache2
apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql
apt-get install python-scapy
apt-get install python-wxtools
apt-get install python-mysqldb
apt-get install aircrack-ng
git clone https://github.com/entropy1337/infernal-twin.git
Now lets Start Infernal Twin by:
If it’s the first time you use infernal-twin it’s a good idea to run configure
to do so…
Click File then Configure software
For enterprise packing you need freeradius
you check if you have it or not by
click tools then check freeradius
if you don’t have it after clicking “check freeradius” it will give you links for download
keep in mind wifi attack is Legal you should never make a fake wifi hotspot over an access point you don’t manage