Friday

Evil Twin Attack Methodology

• Step 1: We will first scan the air for a target access point. Then create an access point using airbase-ng with the same name and channel of the target access point, hence Evil TWIN attack.

• Step 2:The client is now disconnected repeatedly from the  original access point and as most modern system’s setting says… “Connect back to same ESSID (AP name) if disconnects”.

This also happens because when the client disconnects from any access point it starts sending probe requests in the air with the name of the access point it connected to earlier. Hence BSSID isn’t a barrier, you just need ESSID to spoof the AP

• Step 3: Clients is now connected to the Evil Twin access point and now client may start browsing Internet.

• Step 4: Client will see a web administrator warning saying “Enter WPA password to download and upgrade the router firmware”

• Step 5: The moment client enters the password, s/he will be redirected to a loading page and the password will be stored in the MySQL database of the attacker machine

No comments: