Evil Twin
Some good long passwords are really hard to crack by just a brute force. It’s way more effective to make network owner think the router does not work because it needs upgrade and convince him to enter the password on your own page.
This attack will attack original network and create a new network with the same name as attacked one. When owner connects, will be prompted to enter a password to upgrade router.
Extra feature: If the owner reboots the router frustrated by the deauth attacks, it may start on different channel. Therefore networks are scanned every few minutes to detect if channel has been changed.
- User will run Scan Networks
- Next, user will select networks — Order is important, the first network gives name to the Evil Twin, other selected networks are just deauthenticated
- New clone network is created, its SSID is based on the first selected network with invisible character appended to avoid IPhone SSIDs names grouping
- When a victim connects to the Evil Twin cloned network, will be redirected to a captive portal using SD HTML file which typically looks like a Router Upgrade page asking for password.
- Entered password will be captured and validated (this stops deauth process for a few seconds and tries to connect to the original network).
- In case of successful connection: deauth stops, credentials are logged to a file on SD card(
EVILTWIN.TXT) and presented on flipper screen.
- Prepare targets (first selected network becomes clone SSID):
scan_networks
select_networks 1 2- Prepare captive portal HTML:
list_sd
select_html 1- Start Evil Twin:
start_evil_twin- Monitor output for victim interaction and verification:
AP: Client connected - MAC: ...
Password received: ...
Wi-Fi: connected to SSID='...' with password='...'
Password verified!
- Stop attack:
stop