Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Captive Portals - Fluxion
r0k
The Boss
*******
Administrators
BOSS
Posts: 1,425
Threads: 44
Joined: Dec 2018
Reputation: 7
HelperGamblin man4$$$Diamond
JokerAward WhoreYoutubeGFX Master
Cool GuyNinjaElite PosterChampion Poster
Stoner
Shack Cash: 2,572
#1
Captive Portals - Fluxion


Exclamation Only use on networks you own or have permission to test.  The purpose of these tutorials are to educate so that you dont fall victim to an attack like this. Exclamation

[Image: fluxion.jpg]

Exclamation Only use on networks you own or have permission to test.  The purpose of these tutorials are to educate so that you dont fall victim to an attack like this. Exclamation




Introduction
Users are always the least secure part of a network. Anyone who has any experience as an admin will tell you that most users know absolutely nothing about security. That's why they're by far the easiest way for an attacker to gain access to your network.

Fluxion is a social engineering tool designed to trick users into connecting to an evil twin network and giving away your wireless network's password. The purpose of this guide is to illustrate the importance of having measures in place to counteract user error and educating your users to the very real security risks that they face.

Using Fluxion and tools like it on a network that you don't own is illegal. This is for educational purposes only.

[hide]


Clone Fluxion From Git
Fluxion doesn't come pre-installed on any distro, and you won't find it in repositories just yet. Since it's really just a series of scripts, you can clone it from Github and use it right away.

cd into the directory where you want to install Fluxion. Then, use Git to clone the repository.
Beware of fake Fluxion repositories. They are more common than you think.

In your terminal type:

git clone https://github.com/FluxionNetwork/fluxion.git






Fluxion Initial Startup
Once the clone finishes,
cd into the Fluxion folder.
Inside, you'll find an install script. Run it.

In your terminal type

./fluxion.sh





Fluxion will check for all of the tools that it needs to carry out the attack and install them. On Kali, most of them will already be installed, so it will move faster.

After it finishes, you can run Fluxion

In your terminal type

./fluxion.sh




It will start up with a nice logo and will ask you for your language. Then, it'll ask which interface it should use. Make sure that the wireless adapter that you choose supports packet injection. This is important for the attack to work.


Scanning For The Target
The next screen will ask you what channel your target network is on. If you know, you can select it. If not, just tell Fluxion to look on all channels.

A new window will pop up running aircrack-ng to scan all of the networks in your area. When you see your network appear on the list, you can press ctrl+c in the window to stop it. 


Fluxion will grab the information from the scan and display it in the main window. Select your network from the list.



Launch The Fake Access Point
Now that Fluxion has a target, it will display the information that it was able to gather about your network and ask you what you want to do. The first option is to launch a fake access point. The second one lets you capture a handshake. You need that first.

Fluxion will ask you how you want it to capture the handshake. Choose to capture one passively. It will take longer, but in a real world scenario, an attacker wouldn't want to raise suspicion. The only way to ensure that they're undetected is to not do anything to interfere. Select Cowpatty for verification.

It will spawn a new airodump-ng window. If you see a handshake appear in the top line of the
window, you'll have what you need, and you can stop it.



The Web Interface
Fluxion will then ask you to create or use an existing SSL certificate. This adds an additional layer of authenticity to your fake access point.

Next, Fluxion will ask you if you want to use that handshake to set up the AP or use it for a brutefoce attack. Start the web interface.

On the following screen, there will be a list of possible web pages to set up. There are generic ones for multiple languages and several specific to router models. Certainly, if there is one that matches your router, that's probably the best and most believable. Otherwise, just choose the generic one for your language. In the future, there is a directory in your fluxion folder where you can place a custom web interface, if you want to make one.

By selecting the page you want to load, you'll be starting the attack. Fluxion will simultaneously jam the real access point with deauthentication requests and launch a seemingly identical one.

People connected to the network will see that they were disconnected. They will then see two networks with the same name. One will be available. The other won't. Most users will try the available one, which is actually your evil twin.

After they connect, they'll see the page that you set, asking them for their login information. Once they enter it, Fluxion will capture the information and immediately shut down the malicious AP, returning everything to normal.

With the user-provided credentials, you can now freely access the network.
[/hide]



[Image: tealwork.png]
(This post was last modified: 01-19-2019, 05:10 AM by r0k.)
01-19-2019, 03:25 AM
Find Reply


Bookmarks

Messages In This Thread
Captive Portals - Fluxion - by r0k - 01-19-2019, 03:25 AM
RE: Captive Portals - Fluxion - by Phaze 0ne - 01-19-2019, 08:39 PM
RE: Captive Portals - Fluxion - by CosmicD - 01-20-2019, 12:42 AM
RE: Captive Portals - Fluxion - by r0k - 01-20-2019, 12:52 AM
RE: Captive Portals - Fluxion - by John Blaze III - 01-23-2019, 06:23 AM
RE: Captive Portals - Fluxion - by CosmicD - 02-03-2019, 11:51 PM
RE: Captive Portals - Fluxion - by zaemon - 12-11-2019, 12:27 PM
RE: Captive Portals - Fluxion - by r0k - 12-11-2019, 05:54 PM



Users browsing this thread: 1 Guest(s)
Optional Text
Powered By MyBB, © 2002-2020 MyBB Group.
Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Online Users
There are currently 98 online users.
» 0 Member(s) | 98 Guest(s)

Latest Threads
Aeowulf's Arrival
Forum:
Last Post: h4cxx
02-13-2020, 04:42 PM
» Replies: 5
» Views: 418
Greetings
Forum:
Last Post: h4cxx
02-13-2020, 04:40 PM
» Replies: 4
» Views: 267
Intro
Forum:
Last Post: h4cxx
02-13-2020, 04:39 PM
» Replies: 4
» Views: 279
Android exploit
Forum:
Last Post: h4cxx
02-13-2020, 04:39 PM
» Replies: 1
» Views: 88
bonjour
Forum:
Last Post: h4cxx
02-13-2020, 04:38 PM
» Replies: 5
» Views: 224
hello everybody!
Forum:
Last Post: h4cxx
02-13-2020, 04:38 PM
» Replies: 3
» Views: 201
Pinapfile Pay Per Install...
Forum:
Last Post: r0k
02-13-2020, 11:25 AM
» Replies: 1
» Views: 402
Hacxx FREE IPTV (6000 cha...
Forum:
Last Post: h4cxx
02-08-2020, 02:37 PM
» Replies: 0
» Views: 541
Privateloader/Hacxx Mega ...
Forum:
Last Post: h4cxx
01-28-2020, 04:16 PM
» Replies: 0
» Views: 67
new member introduction
Forum:
Last Post: Comainiac
01-25-2020, 10:44 AM
» Replies: 4
» Views: 245

Search Forums

(Advanced Search)

Forum Statistics
» Members: 577
» Latest member: californication0310
» Forum threads: 486
» Forum posts: 997

Full Statistics