Fluxion is a security auditing and social-engineering research tool. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It’s compatible with the latest release of Kali (rolling). Fluxion’s attacks’ setup is mostly manual, but experimental auto-mode handles some of the attacks’ setup parameters.
First of all, we need a WIFI card with injection mode and monitor mode enabled capability.
Now let’s start by showing the wireless card information by iwconfig:
Next, we navigate to the folder where Fluxion is and start it with ./fluxion.sh:
We will be presented with two options, will start with option number 2, so we can start capturing the Handshake:
We start scanning for channels as preferred, if your card support both 2.4GHz and 5GHz or just 2.4GHz:
Fluxion will start automatically scanning for the WIFI’s around you and when it’s done just click CTRL+C to stop.
I will pick number 24 as the target:
Select number 2 to skip:
Reset the attack number 2:
Aireplay-ng number 2:
Finally, Number 2:
In the upper left window, the handshake is captured, wait awhile and close the screen to return to the main menu where we are going to start the Evil-Twin wireless network:
Repeat few steps till you get to this screen and chose 1 or 2:
Chose number 2:
Now chose number 2 again:
And we’re going to continue with the hash we captured, number 1:
Now number 1:
Chose number 3:
Now the next screen, I’m going to choose number 47 as it’s a portal to Huawei routers in English, you can pick different ones base on the router type and manufacturer:
The final screen is where we’re going to wait for the victim to connect and enter his password, the script is going to start deauthing the victim wireless network and force him to connect to our Evil-Twin network which has the same name but open, then he will be presented with the Huawei portal and asked to enter his password:
In the phone we can see the two WIFI with the same name but our WIFI is the one which is open:
Now we wait for the victim to enter his password in the portal:
As soon as the victim enters his password, Fluxion will catch it, in the upper right windows we can see the password is already captured and saved on our machine:
Fluxion is very powerful script to create a Evil-Twin and hack any device weather it’s an android device or iPhone or any other type of wireless devices.