You may have seen evil twins of characters in movies doing utterly opposite of what their twins do, such as in Spider-man! Well, we will be talking about a similar cyber security-related term, “The evil Twin Attack”. It is one of my favorites because of the simplicity with which one can hack a Wi-Fi within minutes! All you need to have is a laptop with a working Linux distro or Mac OS. 😉
Introduction: Graphical Representation of Evil Twin Attack
What is Evil-Twin Attack? UsingEvil Twin Attack, we create a fake access point similar to the real Wi-Fi access point (Real Wi-Fi) to steal the credentials from the user. In other words, the attacker creates a fake Wi-Fi which is similar to the real one. After that we send De-authentication packets on the real Wi-Fi so all users get disconnected, allowing our fake access point to be the only Wi-Fi source. So, Let’s jump right into the details!
Now I am assuming that you already have a cyber-security background and have a basic knowledge of how Wi-Fi technology works and how do we use the Linux OS. For this purpose, we are going to use a tool called “Airgeddon” which is a Wi-Fi security analyzing tool.
Airgeddon searching for Access Points(Wifi)
- Now install the tool. Installation instructions are given on this link. If you are using Parrot Security OS, then this tool is installed by default. All you have to do is type sudo airgeddon on the terminal.
- You need an external Wi-Fi Adapter to perform this attack smoothly as it is much powerful than the regular network adapter of your computer or laptop. Also, your network adapter may not be compatible with monitor mode, which is essential for this attack. So, Plug in your network adapter.
Open terminal as a root user and type “Airgeddon” to start the tool. As soon as it starts, it will check for all the required scripts, and if something is missing, it will automatically download.
- A menu with numbering will appear in front of you like this one. Select the Evil Twin attacks menu
Airgeddon attempting to grab a handshake
- It will continue seaching until we press CTRL+c
- Now after completing search it will ask you to send de-authentication packets to that wifi.
- Select any one of it , personally I prefer aireplay attack .
This is the video demonstration of the hack to further clarify your doubts! https://www.youtube.com/watch?v=j6ZIYFeBVrA
- After that it will ask you to spoof MAC address or not, its your choice to do whatever you think suits your situation.
- It will ask you if you already have a handshake file, if not then it will try to get a handshake with the target wifi.
How will it work:
When you put the network interface card in monitor mode , a window appears where Airgeddon starts searching for available Wi-Fi access points (Wi-Fi) to target. It will continue searching until you press CTRL+c to stop searching. After that we select the AP to target which creates his evil twin and send disconnect all the Wi-Fi clients from real Wi-Fi to connect to your fake AP of the same name. When they connect with the fake AP, they are presented by a login Portal. They will surely enter their Wi-Fi password out of frustration to get internet access.But you must be thinking how would you know if its the right password.Well, the password they enter is compared automatically with the handshake we got earlier and it matches only then attack get postponed!* Note: This is for educational purpose only. By using this knowledge, you can only test your own Wi-Fi to check your network security and to understand how it works. This can lead to serious consequences if you don’t have the permission for the Attack.