Académique Documents
Professionnel Documents
Culture Documents
Universal Access & Sharing of Your Files. From Any Device, Anywhere. Go to
egnyte.com/Business-File-Sharing
Home
Install Kali
Video tutorials
Fluxion (linset)
I hadn't ventured into Hackforums since a while, and this time when I went there I saw a thread about a
script called Fluxion. It's based on another script called linset (actually it's no much different from linset,
open in browser PRO version
pdfcrowd.com
think of it as an improvement, with some bug fixes and additional options). I did once think about (and
was asked in a comment about) using something like a man in the middle attack/ evil twin attack to get
WPA password instead of going the bruteforce/dictionary route, but never looked the idea up on the
internet nor spent much time pondering over it. However, once I saw the thread about this cool script, I
decided to give it a try. So in this post I'll show you how I used Fluxion, and how you can too.
Disclaimer : Use this tool only on networks you own .Don't do anything illegal.
Contents
Checking if tool is pre-installed, getting it via github if it isn't.
Running the script, installing dependencies if required.
Quick overview of how to use Fluxion.
Detailed walk-through and demonstration with text explanation and screenshots
Video demonstration (not identical to the written demo, but almost the same)
Troubleshooting section
pdfcrowd.com
pdfcrowd.com
Dependencies
If you have any unmet dependencies, then run the installer script.
sudo ./Installer.sh
I had 4 unmet dependencies, and the installer script run
open in browser PRO version
pdfcrowd.com
Anyways, one way or the other, your unmet dependencies will be resolved, and then you can use Flexion.
PS: For those trying to use apt-get to install the missing stuff - some of the dependencies aren't available in
open in browser PRO version
pdfcrowd.com
the default Kali repos, so you'll have to let the script do the installation for you, or manually add the repos
to /etc/apt/sources.list (look at the script to find out which repos you need to add)
Fluxion
Once again, type the following:
open in browser PRO version
pdfcrowd.com
sudo ./fluxion
This time it should run just fine, and you would be asked a few very simple questions.
For the wireless adapter, choose whichever one you want to monitor on. For the channels
question, choose all, unless you have a specific channel in mind, which you know has the
target AP.
Then you will see an airodump-ng window (named Wifi Monitor). Let it run while it looks for
APs and clients. Once you think you have what you need, use the close button to stop the
monitoring.
pdfcrowd.com
pdfcrowd.com
tutorials on this website itself that would prove useful (the first two are theoretical, yet nice, the third one
is a pretty fun attack, which I suggest you try out, now or later):
1. Things you should know about Wireless Hacking - Beginner Level Stuff
2. Things you should know about Wireless Hacking Part II - Intermediate Level Stuff
3. Evil Twin Attack
This is the theoretical stuff. Experience with tools like aircrack-ng, etc. would also be useful. Take a look at
the navigation bar at the top and look at the various tutorials under the "Wireless Hacking" category.
Anyways, with the recommended reading material covered, you can comfortably move on to the actual
hacking now:
pdfcrowd.com
Select language
pdfcrowd.com
pdfcrowd.com
You get to choose a target. I'm going after network number 21, the one my smartphone
is connected to.
pdfcrowd.com
You choose an attack. I am going to choose the Hostapd (first one) attack.
If you had already captured a 4-way handshake, then you can specify the location
to that handshake and the script will use it. Otherwise, it will capture a handshake
in the next step for you. (A tutorial on capturing the handshake separately)
pdfcrowd.com
If you didn't capture a handshake beforehand, then you get to choose which
tool to use to do that. I'm go with aircrack-ng.
Once you have a handshake captured (see the WPA Handshake: [MAC Address] on top, if it's
there, then you have the handhake), then type 1 and enter to check the handshake. If everything's fine,
open in browser PRO version
pdfcrowd.com
Use the Web Interface method. I didn't try the bruteforce thing, but I guess it's just
the usual bruteforce attack that most tools use (and thus no use to us, since that's
not what we are using this script for).
pdfcrowd.com
This offers a variety of login pages that you can use to get (phish) the
WPA network's password. I went with the first choice.
pdfcrowd.com
After making your decision, you'll see multiple windows. DHCP and DNS requests are being handled in
left two windows, while the right two are status reporting window and deauth window (to get users
off the actual AP and lure them to our fake AP)
pdfcrowd.com
In my smartphone, I see two network of the same name. Note that while the original network is WPA-2
protected, the fake AP we have created is an open network (which is a huge giveaway stopping most people
from making the mistake of connecting to it). Anyways, I connected to the fake AP, and the DNS and DHCP windows
(left ones), reacted accordingly.
After connecting to the network, I got a notification saying that I need to login to the wireless network.
On clicking that, I found this page. For some people, you'll have to open your browser and try to open a website (say
facebook.com) to get this page to show up. After I entered the password, and pressed submit, the script ran the
password against the handshake we had captured earlier to verify if it is indeed correct. Note how the
open in browser PRO version
pdfcrowd.com
handshake is a luxury, not a necessity in this method. It just ensures that we can verify if the password
submitted by the fake AP client is correct or not. If we don't have the handshake, then we lose this ability,
but assuming the client will type the correct password, we can still make the attack work.
Aircrack-ng tried the password again the handshake, and as expected, it worked.
We successfully obtained the password to a WPA-2 protected network in a matter of minutes.
Video Demonstration
pdfcrowd.com
PS: The creator of the video has forked the Fluxion repository, and in the video he cloned from it instead.
You may choose to fork from either of those. The original repository being more updated, and forked one
being more stable (but less frequently updated). As of the time of creation of the video, both the
repositories were the same, so it doesn't make a different which one you clone, but this may not always
be the case. In case of any issues, you can probably try cloning both and see which one works for you.
Troubleshooting
Since fluxion and Kali both are constantly evolving (you might be using a different rolling release of Kali, as
well as a different version of Fluxion. There are times when the tool break, and there's an interval of time
open in browser PRO version
pdfcrowd.com
well as a different version of Fluxion. There are times when the tool break, and there's an interval of time
for which it stays broken. Look at the issues page, and you will most probably find a fix for your problem.
Note that the issue may as well be in closed issues (it would most probably be in closed issue).
For those who are able to follow the guide to the second last step, but don't get any Login page on their
device, this issue suggests a solution. [Dated : 17th September 2016, if you're reading this much later then
this might not be relevant, and some other issue would be]
Update : There are some important things mentioned in the README.file on the github repository. See if
that helps.
https://github.com/deltaxflux/fluxion/blob/master/README.md
As of 1st November, 2016 (again, might not be relevant if you read this much later), the README
suggested this for the no fake login page problem (which seems quite common)-
pdfcrowd.com
1. You are doing some step wrong (easy to fix, follow the tutorial again).
2. There is a dependency issue somewhere (some tool has it's wrong version installed). This can be a
pain to fix, and there's no guidance I can provide for it really. You'll have to filter through all the
issues on the github page of the tool. Hopefully, as the tool grows popular, it'll get more full time
developers, and then get integrated in the Kali repository, till then, these problems will continue.
What now?
I illustrated one possible scenario. This script can work with other devices (laptops for example) too as the
fooled clients (not just smartphones). One possible short-coming to this attack is that most
smartphones/laptops these days don't automatically connect to open networks (unless they have before),
and hence the user has to do it manually. If your fake AP has more signal strength than the real one, then
a person who doesn't know about WPA and open networks could very easily end up connecting to your
network instead. So, overall this attack has a fair chance of succeeding.
Have any problems/comments/suggestions, leave them in the comments below.
pdfcrowd.com
72
SHARES
Sponsored
Related Post
msfvenon -...
Kali L...
Network...
pdfcrowd.com
NEXT
SQLMap with Tor for Anonymity
PREVIOUS
63 comments:
1.
Ayush Patidar
August 25, 2016 at 7:38 AM
1
Reply
pdfcrowd.com
1.
Shashwat Chaudhary
1.1
Updated, thanks.
1.1
2.
Saurav sunar
October 30, 2016 at 11:40 PM
1.2
1.2
3.
Shashwat Chaudhary
1.3
pdfcrowd.com
Read up on what sources.list is, and find out if yours has the required
repositories.
I believe these 3 reposdeb http://http.kali.org/kali kali-rolling main contrib non-free
deb http://repo.kali.org/kali kali-bleeding-edge main
deb http://ftp.de.debian.org/debian/ jessie main contrib
Should enable you to install the dependencies via apt-get
2.
Its an exact copy of linset only difference it's in english and offers many attack languages
1.
Shashwat Chaudhary
Reply
2
2.1
pdfcrowd.com
I haven't used Linset yet, so I don't really know how similar the two tools are
(though I know fluxion is built on top of Linset). Anyways, I'll update the post a bit
to reflect your point.
3.
Hector Moreno
1.
Hector Moreno
August 28, 2016 at 3:22 PM
Reply
3.1
3.1
pdfcrowd.com
4.
Dumitru Ion
Wow, romanian language, I am impressed. Thx for tutorial, I will use for tests :D
5.
Reply
4
5
Anonymous
September 4, 2016 at 4:41 PM
No Chance against users with basic technical knowledge, but this spoofing attack maybe much
faster then usual wifi cracking methods. It's worth a try
Reply
1.
Shashwat Chaudhary
5.1
pdfcrowd.com
Basic technical knowledge is a relative term, you never know how many people
might fall for something as simple as this.
Nevertheless, you're right in saying that it doesn't take a lot of thinking for the
client to figure out that something's fishy.
6.
Ferris Eris
I used the VM player with a external wireless card.However the program says there is no wireless
cards. I have not solved it.
Reply
1.
Shashwat Chaudhary
6.1
Maybe the external card is connected to the host, not to the virtual machine. I
use Kali as my primary OS now so don't exactly remember where the option of
switching the wireless card to the guest instead of the host was. Take a look at
open in browser PRO version
6.1
pdfcrowd.com
7.
Ferris Eris
September 5, 2016 at 2:09 AM
I used the VM player with a external wireless card.However the program says there is no wireless
cards. I have not solved it.
Reply
8.
Anonymous
September 12, 2016 at 2:55 AM
8
Reply
8
open in browser PRO version
pdfcrowd.com
1.
Shashwat Chaudhary
8.1
Yes.
You can navigate to the Sites folder inside Fluxion, and edit any of the templates
and change how you want them to look. You can also create new folders there and
add them to the script.
8.1
9.
Anonymous
September 16, 2016 at 3:36 AM
Reply
pdfcrowd.com
1.
Shashwat Chaudhary
9.1
Are you sure you connected to the fake AP and not the real one? Also, what OS is
your smartphone running (for eg. Android)?
9.1
10.
Anonymous
September 16, 2016 at 10:24 AM
yes I'm sure that i connected to the fake AP and my OS is android 4.3 jelly bean
i know it's an old version, but is this effect ??
11.
Shashwat Chaudhary
10
10
Reply
11
pdfcrowd.com
Android 4.3 is fine. I just asked to see if you're using a really uncommon OS or something.
In my case I got a notification right away, clicking which opened the browser window which I posted
in the tutorial. Try choosing a different login page (I chose 1, you may try others, see if they work).
Try using another smartphone device and see if it works on it.
Reply
12.
Anonymous
September 16, 2016 at 1:02 PM
12
I too dont get the prompt asking for the passphrase. I checked using one plus two with android - 6
and macbook pro with yosemite
Reply
12
1.
Anonymous
September 17, 2016 at 1:35 AM
12.1
I get a notification that the wifi connection you are connected to is not connected
to internet, do you want to stay connected or not
12.1
pdfcrowd.com
2.
Shashwat Chaudhary
12.2
That can be solved by giving internet access to the fake AP. For that your Kali
machine should be connected to the internet. This requires two wireless cards,
since the card you are using for creating fake AP can't be used to connect you to
the internet simultaneously. If you don't have two cards, try some other way of
getting internet access to your Kali machine (eg. USB tethering via smartphone,
etc.) and carry out the attack on some other device (not the smartphone used for
tethering). See if that works.
12.2
13.
Anonymous
September 17, 2016 at 7:03 AM
13
I am running Kali on Parallels desktop and it gets internet access from a virtual lan eth0 port which
shares internet to which is my macbook connected. can you guide me how to assign this internet to
the fake AP?
Reply
13
pdfcrowd.com
1.
Shashwat Chaudhary
13.1
I think the tool should do that automatically for you. The FakeDNS terminal
should do just that. However, you can manually bridge the connections too. Take
a look here for something similar. I think that would be helpful.
http://www.kalitutorials.net/2014/07/evil-twin-tutorial.html
14.
Danh V
13.1
14
I had the same problem with him, when I connected to the fake AP, I didn't see any fake login page
or any notification
Reply
14
pdfcrowd.com
1.
Shashwat Chaudhary
14.1
Are you sure you followed all the steps properly? I'm not familiar with the
implementation details of the tool, so I can't really help if it's a problem with the
script.
14.1
If you can properly describe the problem, it would be useful to open an issue on
Fluxion's github. I am not able to re-create the problem myself, and Fluxion
seems to work fine for me.
https://github.com/deltaxflux/fluxion/issues
15.
Anonymous
September 18, 2016 at 5:59 PM
15
No internet connection issue as encounter by others. Running on Kali linux using VMware. Follow
the steps and successfully created fake AP and jammed real AP. When connected to the fake AP,
my smartphone (android 6.0.1) notified me there is no internet on the fake AP. I have LAN cable and
usb wifi adapter connected. Both can connect to internet but since im using the usb wifi for Fluxion
15
pdfcrowd.com
so i connected the system to use LAN cable. I can browser the internet when running Fluxion, so i
am not sure what happen in between as well.
Reply
1.
Anonymous
September 18, 2016 at 7:11 PM
16.
Anonymous
September 19, 2016 at 4:38 AM
15.1
15.1
16
Hi
16
I seem to have a different issue. When I get to the option to select an interface, my wireless card
shows as option 1, but when I type 1 and press enter it just freezes and nothing happens.
pdfcrowd.com
I am running Kali Linux on Virtual box and using an external WLAN card. The WLAN card is picked up
in Linux and I can use it to search for other network.
Is this an issue with the script. It seems to freeze Everything on the VM.
Any help would be appreciated.
Thanks
Reply
1.
Shashwat Chaudhary
16.1
See if the problem is with incompatible versions of Kali and Fluxion. Update kali
to most recent, and Fluxion to it's latest stable release.
16.1
2.
Anonymous
September 23, 2016 at 10:05 AM
16.2
Well I used KAli Linux and Fluxion using Virtualbox and at froze exactly as you
open in browser PRO version
pdfcrowd.com
said. I reinstalled kali linux some three times in Virtualbox and it froze
everytime. Then I shifted to Parallels and it worked fine - fine that it jammed real
AP and created a fake one but could not get beyond that. My mobile or laptop
when connected to the Fake AP did not ever ask for the password
17.
Anonymous
17
1.
Shashwat Chaudhary
Reply
17
17.1
Capture it separately and specify the file when Fluxion asks for it. Take a look
here-
17.1
http://www.kalitutorials.net/2014/06/hack-wpa-2-psk-capturing-handshake.html
open in browser PRO version
pdfcrowd.com
18.
Srishan Bhattarai
18
Could've just mentioned this as evil twin in the title and saved people a click.
1.
Shashwat Chaudhary
Reply
18
18.1
Sorry that you found the title misleading, but there's only so much I can put in
there, and I already have en evil twin tutorial and didn't want to cause confusion
(Evil Twin)
18.1
pdfcrowd.com
19.
Cristian
October 6, 2016 at 5:28 PM
19
Hello, I'm having the issue about NO fake login page, checked issue database and says to use
backup version, but I can't find it, can you please explain how to use it?.
Thanks.
Reply
19
20.
Death Note
October 11, 2016 at 1:54 PM
20
20
pdfcrowd.com
21.
Reply
ssORIGI AL
21
1.
Shashwat Chaudhary
Reply
21
21.1
21.1
open in browser PRO version
pdfcrowd.com
22.
Unknown
22
help me guys i just finished sudo ./Installer.sh command and then i was promoted to white
application that says updating system ......and then says installing isc-dhcp-server at that moment it
promted me to restart system on finishing package or something like that ........after that i felt like
VMware was freezing so finally i restarted it .............so is there any command to begin installing
through isc-dhcp-server instead of doing all those steps
Reply
22
1.
Shashwat Chaudhary
22.1
I don't think restart should be required. If you want to install manually, you can
add the required repositories into sources.list, and then use apt-get.
22.1
23.
open in browser PRO version
TrinityComputer Council
Are you a developer? Try out the HTML to PDF API
pdfcrowd.com
23.
TrinityComputer Council
23
ooh that means by adding those uninstalled list namea in source.list file i must use apt-get
command to install those
Reply
23
1.
Shashwat Chaudhary
23.1
23.1
pdfcrowd.com
24.
Ghazanfar Uruj
October 29, 2016 at 10:48 AM
Hi, I've made a video tutorial on Fluxion, check it out! Hope you find it useful!
https://www.youtube.com/watch?v=k_X375omYtM
25.
Unknown
October 30, 2016 at 4:50 PM
24
24
Reply
25
Here is just a thought, and I would love to hear back about the validity of my idea.
Is it possible to overload an AP until it stops broadcasting?
25
If so, then my idea is to implement such a step after all clients have been kicked off, and before our
fake network is made available. Our network should be a secure connection with a randomly
generated password. But as the system hasn't connected to this network before, The user will be
prompted to input the password again. As it should look basically identical to the real, the target
user shouldn't hesitate to give us the password.
The second question is that can the password input into the system's network manager and sent
over to try to connect with our fake network be logged properly?
Reply
open in browser PRO version
pdfcrowd.com
1.
Shashwat Chaudhary
25.1
1) I don't know enough about how wireless routers behaves when overloaded, so
I can't answer that question (whether or not it will stop broadcasting).
25.1
2) You create a WPA-2 network with a randomly generated password. The only
thing that happens in that case is that the client will try to connect to your
network and fail, since the passwords don't match. Now one may think that since
he typed the correct password while trying to authenticate into the fake network,
the password itself would be sent over to you for validation. However, that's not
true. No step of the WPA handshake involves sending plaintext key. The data the
client will send you will basically be one step of a handshake (remember, you
already have captured a 4-way handshake). The client will wait for your response,
validate it, and only then it will participate further in the handshake. Note that
since you don't know the password, the client won't even complete the
handshake.
Reading what I wrote above, I realize that my explanation is a bit too technical
and I should make it easier to understand. So, in basic terms1) Client will never send you or anyone the actual password (not even the Real
AP).
2) In WPA, the AP verifies that the client knows the correct password, and the
client verifies that the AP knows the correct password. So, if you don't know the
open in browser PRO version
pdfcrowd.com
client verifies that the AP knows the correct password. So, if you don't know the
password, you can't make the AP connect to you. (This is why our fake AP is open)
2.
Shashwat Chaudhary
25.2
PS: I've used WPA and WPA2 interchangeably, assume I mean WPA2 everywhere.
25.2
3.
floater
November 4, 2016 at 12:39 AM
25.3
25.3
pdfcrowd.com
26.
Anonymous
26
1.
Shashwat Chaudhary
26
Reply
26.1
If we can indeed kill the AP, then yes, it would be helpful since our AP would be
the only one remaining, increasing the chances of the client connecting.
26.1
27.
Anonymous
November 4, 2016 at 8:37 AM
27
pdfcrowd.com
Running Android 6.0.1 on my mobile. Everything goes smoothly for the most part, except for two
things: First, updated versions of Chrome seem impervious to this since it just serves up a bad DNS
page instead of the fake page from fluxion. Using Samsung's built-in internet client seems to work
fine, though, but submitting a password does nothing. The fake page just reloads as if nothing was
entered, and no password appears to the right of the client's name as shown in the tutorial video.
Reply
1.
Shashwat Chaudhary
27.1
I'll see if I can recreate these two scenarios, and if I'm able to, I might be able to
suggest workarounds.
27.1
28.
Anonymous
November 6, 2016 at 1:58 AM
28
i,m using kali lite 32 and don,t have fluxion.plus the github command is also not recognized.
Reply
28
pdfcrowd.com
1.
Shashwat Chaudhary
2.
Anonymous
November 9, 2016 at 10:27 AM
28.1
28.1
28.2
ok.fine until the airodump scanning and a wifi monitor shows the available
wifis.but my fluxion does not ask me any further option and the cursor is stable
on a blank screen
28.2
3.
open in browser PRO version
Anonymous
pdfcrowd.com
28.3
28.3
4.
Shashwat Chaudhary
28.4
Glad to see some comment where a person could get it working even after
encountering many difficulties.
28.4
29.
indra tampo
November 7, 2016 at 8:15 AM
29
Reply
pdfcrowd.com
1.
Unknown
November 13, 2016 at 2:22 PM
29.1
@indra tampo
search for a new bully on github and run in a new terminal:
git clone REPLACE_THIS_WITH_THE_NEW_LINK_FROM_GITHUB
29.1
and then you must open the folder "bully" (its in the folder "home")
and in the folder bully you see a text document with the name README.xx open it
and follow the instruchtions for installing bully.
if you dont can find the README.xx try to run in a new terminal:
cd bully
cd src
sudo make
sudo make install
i hope you can install bully with my instructions!
pdfcrowd.com
2.
Anonymous
November 13, 2016 at 2:26 PM
29.2
PS:
There is the link:
https://github.com/aanarchyy/bully
29.2
30.
Anonymous
November 14, 2016 at 10:39 AM
30
gresit daca hack fluxion nu mai merge ruter cum il vede smartfonul daca acesta este oprit de fluxion
Reply
30
pdfcrowd.com
31.
Anonymous
November 16, 2016 at 6:14 PM
31
Hello
I used the terminal commands.
Everything went ok..
But when i type sudo ./Installer.sh
The 4 dependencies stay stuck on installing..and never finish installing...then i tried sudo ./fluxion
and it says they are not installed
Reply
31
Comment as:
Publish
Select profile...
Preview
pdfcrowd.com
Advertisement
Follow Kali Tutorials
Night Mode
Night mode (Still in beta, Will need to refresh page
to get back to day mode, seems to work only in
chrome)
Popular Posts
Tutorial on Hacking With Kali Linux
open in browser PRO version
pdfcrowd.com
Follow By Email
Email address...
Submit
pdfcrowd.com
pdfcrowd.com
Kali Tutorials
5,029 likes
Like Page
Use App
Author
open in browser PRO version
pdfcrowd.com
Shashwat Chaudhary
google.com/+ShashwatChau
udhary
2nd year CSE @ IIIT Delhi
Follow
900 followers
Contact
You can write to us at admin@kalitutorials.net
Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from
open in browser PRO version
pdfcrowd.com
this sites author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is
given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5a LqJcMW7zznffTx Qwta 8JTZsx BDPguC
pdfcrowd.com