Evil Twin Attack Using Airgeddon
Objective
Learn how to use Airgeddon, a multi-use tool for wireless attacks, to simulate an Evil Twin attack. This lab demonstrates how attackers clone legitimate Wi-Fi networks to trick users into connecting and stealing their credentials.
Prerequisites
- Kali Linux or Any Linux Distro with Airgeddon Installed:
- Verify Airgeddon is installed:
airgeddon --help
- Install it if necessary:
git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git cd airgeddon sudo bash airgeddon.sh
- Verify Airgeddon is installed:
- Wireless Network Adapter:
- Ensure you have a wireless adapter that supports monitor mode.
- Tip: Use the command
airmon-ng
to check compatibility.
- Controlled Environment:
- Perform this attack in a controlled lab setup with permission to test.
- Basic Wireless Knowledge:
- Familiarity with SSIDs, BSSIDs, channels, and encryption types.
Step 1: Launching Airgeddon
- Start Airgeddon in a terminal:
sudo bash airgeddon.sh
- Select your language and press Enter.
- Airgeddon will detect your wireless interfaces. Choose the one you want to use for the attack.
Step 2: Preparing the Wireless Adapter
- Put your wireless adapter into monitor mode:
- Airgeddon provides an option to set your adapter to monitor mode automatically. Select it from the menu.
- Verify that the adapter is in monitor mode:
iwconfig
- Look for
Mode:Monitor
under your wireless interface.
- Look for
Step 3: Scanning for Networks
- Select the Handshake Tools option in Airgeddon.
- Choose the Scan for Targets option to identify nearby Wi-Fi networks.
- Review the list of available networks:
- Note the target SSID, BSSID, and channel.
Tip: Choose a network with active clients for better results.
Step 4: Capturing the Handshake
- Select the target network from the list.
- Deauthenticate connected clients to force them to reconnect and capture the handshake:
- Airgeddon provides automated deauth attack tools.
- Confirm that the handshake was captured:
- Look for a confirmation message in the terminal or a handshake file saved in the Airgeddon directory.
Step 5: Setting Up the Evil Twin Network
- Navigate to the Evil Twin Attack menu in Airgeddon.
- Select the Fake Access Point option.
- Airgeddon will create a cloned version of the target network.
- Configure the Evil Twin:
- Set the SSID to match the target network.
- Choose the same channel as the target.
Insight: Matching the SSID and channel increases the likelihood of victims connecting to the fake network.
Step 6: Capturing Credentials
- Launch the fake access point:
- Airgeddon will set up a captive portal to mimic a legitimate login page.
- Monitor connected clients:
- Airgeddon will display a list of devices that connect to the Evil Twin.
- When users enter their credentials, Airgeddon will log them.
- Tip: Review logs in the designated directory for captured data.
Step 7: Cleaning Up
- Stop all Airgeddon processes:
- Exit the Airgeddon interface to disable the fake access point and monitoring tools.
- Reset your wireless adapter to managed mode:
sudo airmon-ng stop <interface_name>
- Replace
<interface_name>
with your wireless adapter (e.g.,wlan0mon
).
- Replace
- Verify normal operation:
iwconfig
- Ensure the adapter is back in managed mode.
Step 8: Mitigation Techniques
- Educate Users:
- Train users to recognize fake Wi-Fi networks and avoid entering credentials on suspicious portals.
- Use Strong Authentication:
- Implement WPA3 or WPA2-Enterprise for better security.
- Monitor Network Activity:
- Regularly scan for rogue access points on your network.
- Enable Certificate Validation:
- Ensure that legitimate networks use SSL/TLS certificates for login pages.
- Multi-Factor Authentication (MFA):
- Require MFA to prevent credential theft from leading to account compromise.
Additional Tips and Insights
- Ethical Considerations:
- Only perform Evil Twin attacks in environments where you have explicit permission.
- Unauthorized attacks are illegal and unethical.
- Practice in a Lab:
- Set up a controlled lab environment to safely learn and refine your skills.
- Explore Other Airgeddon Features:
- Airgeddon includes tools for WPS attacks, password cracking, and more. Experiment to broaden your understanding.
- Combine Tools:
- Use tools like Wireshark alongside Airgeddon to analyze network traffic and understand how data flows during the attack.
Key Takeaways
- Evil Twin attacks exploit user trust by mimicking legitimate Wi-Fi networks.
- Airgeddon simplifies the process of creating a fake access point and capturing credentials.
- Awareness, education, and strong network security practices are critical to mitigating these attacks.