Fluxion is a security auditing and social-engineering research tool. It is a remake of linset tool by vk496 which is not upgraded for last 6 years. Fluxion have much more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It’s compatible with our Kali Linux.
Work of Fluxion:
- Scan for a target wireless network.
- Launch the Handshake Snooper attack.
- Capture a handshake (necessary for password verification).
- Launch Captive Portal attack.
- Spawns a rogue (fake) AP, imitating the original access point.
- Spawns a DNS server, redirecting all requests to the attacker’s host running the captive portal.
- Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key.
- Spawns a jammer, de-authenticating all clients from original AP and luring them to the rogue AP.
- All authentication attempts at the captive portal are checked against the handshake file captured earlier.
- The attack will automatically terminate once a correct key has been submitted.
- The key will be logged and clients will be allowed to reconnect to the target access point.
Installation process of fluxion in our Kali Linux is quite easy and simple. As the many other tools we also need to clone fluxion from it’d GitHub repository.
To clone it we use following command in our Kali Linux terminal:
git clone https://github.com/FluxionNetwork/fluxion
This command will clone the fluxion in our system.
Now for the first time we run the bash script called fluxion.sh with -i flag to install the requirements to use fluxion:
sudo ./fluxion.sh -i
From the next time we don’t need to use the -i flag, we just run:
In the following screenshot we can see that we are installing our missing packages:
After installing requirements it will start automatically and prompts for choosing language:
Then it will start searching wireless networks nearby us.
We can do this type of things also in aircrack-ng but fluxion is advanced and user-friendly.
|Handshake Capturing in Fluxion|