Think long and hard before connecting to a free public wireless hotspot in a cafeteria, airport or hotel. Ever wondered if the public Wi-Fi you just connected to is secure or if it could be an Evil Twin hotspot?
After installing the fake Access Point and connecting to its victim, the attacker launched a MITM attack to intercept data between its victims and the fake AP, for further malicious and harmful actions.
No, it's not a fantasy story. It can very easily happen. In a Wi-Fi network, the MITM attack occurs when the main data transmission path between the victims and the Internet, it is through some device that does an intrusion attack.
Following a successful MITM attack, victims' sensitive information such as Email, accounts, password accesss, credit card number and other important information, which is not protected by security protocols, will be available to the attacker using many tools like Ethercap, Dsniff, Mailsnarf, Urlsnarf, Wireshark, Cain and Able, etc.
Criminals can also use fake wireless hotspots as a way to collect your information. By creating a hotspot, usually in a location where public Wi-Fi is available, such as “Free Public WiFi”, they create real-like networks for the unsuspecting users. In fact, they are monitoring / intercepting your data.
Do we seem exaggerated? See how it can be done with just one laptop running Kali Linux. The funny thing is that usually the perpetrator and the victim are side by side or at least as far as the wifi can catch.
The example below is for educational purposes ONLY. In no case should it be used for illegal activity.
Step 1 - Before creating a fake AP with the help of Kali Linux, make sure that you update your computer with the command "sudo apt-get update” which updates the list of all packages for upgrades to packages that are needed upgrade, as well as the new packages available in the repositories.
Step 2 - You must have access to install it hostapd and dnsmasq. Dnsmasq is a small DNS / DHCP server that we will use in this setting.
At the beginning hostapd, make sure the wireless connection is the first thing you can check / make sure and the command to see this is “iwconfig".
From the above output of orders, it seems that the wlan0 is the name of our wireless interface.
Step 3 - Now you need to put this wireless interface in monitoring mode by typing the following commands:
Mandate: ifconfig wlan0 down
Mandate: iwconfig wlan0 mode monitor
Mandate: ifconfig wlan0 up
Step 4 - To start Hostapd, we need to create a configuration file for this tool, which will contain all the information about SSID, passphrase, channel number, etc.
Just create a directory under / root with the help of “mkdir / root / accesspoint”To maintain everything necessary archives for this installation.
Step 5 - Now create a hostapd configuration file (hostapd.conf) in the / root / accesspoint directory and write the following information to it:
ssid=Το όνομα που θέλετε (π.χ. Free WiFi)
Here we will see what all this means:
- interface = Wireless interface (connection) to host the access point e.g. wlan0
- driver = Nl80211 is the new public 802.11 network interface that is now being replaced by cfg80211
- ssid = Wireless network name
- hw_mode = Sets how the interface and allowed channels work. (Generally uses a, b and g)
- channel = Sets the channel for hostapd to work. (From 1 to 13)
- macaddr_acl = Used to filter Mac (0 - off, 1 - on)
- ign_broadcast_ssid = Used to create hidden APs
- auth_algs = Sets the authentication algorithm (0 - for open, 1 - for shared)
- wpa_passphrase = Contains your wireless password
Step 6 - Just start the Access Point with the following command:
Mandate: hostapd hostapd.conf
As you can see, your hostapd is working successfully with wlan0: AP-ENABLED and with a new hwaddr randomly assigned “90:f6:52:e3:2e:c2” , as well as the ssid you have set.
Step 7 - Now you need to configure the network routing with the dnsmasq tool so that traffic can be switched between network nodes and there is a path available for sending data.
Just create a configuration file in the root directory by name dnsmasq.conf and write the following instructions:
Step 8 - Assign the network gateway and netmask to the wlan0 interface and add the routing table as shown below:
ifconfig wlan0 up 192.168.1.1 netmask 255.255.255.0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
After that you need to start service dnsmasq with the configuration file we created in the above step:
dnsmasq -C dnsmasq.conf -d
Dnsmasq always provides a local DNS server, a DHCP server with support for DHCPv6 and PXE, and a TFTP server. It is designed to be lightweight and have a small footprint, suitable for limited e.gconditions on routers and firewalls. Dnsmasq can also be configured to cache DNS queries for improved speeds search DNS to sites already visited.
Step 9 - To give internet access to your victims, make sure you configure iptables, then only you can collect all the data and perform various further attacks like MITM, DNS Spoofing, ARP Spoofing etc.
iptables –table nat –append POSTROUTING -out-interface eth0 -j MASQUERADE
iptables –append FORWARD –in-interface wlan0 -j ACCEPT
Traffic promotion is a process for IP Forwarding from one network to another.
Step 10 - The last step is to enable IP Forwarding by typing “echo 1> / proc / sys / net / ipv4 / ip_forward ".
The fake AP will provide an Internet connection to its victim via the Ethernet network card to ensure that the device is connected to the fake AP. Now all the traffic of victims will go through the fake AP device.
Protection against fake APs
There are not many ways to defend yourself against this type of attack. You might think that wireless encryption would prevent this type of attack, but it is not effective because Wi-Fi Protected Access (WPA) does not encrypt user data when the victim is already connected to the access point.
One of the ways the iguru team suggests protecting themselves from Evil Twin is to use a virtual private network (VPN). Using the encrypted tunnel provided by the VPN helps to ensure all traffic between your device and the VPN server.