Disclaimer: If you are simply looking for practical how to a video link has been provided at the end.
Evil twin attack according to me is a blend of social engineering with a minimalist technicality as a hacker to convince our victim to part with his/her sensitive information. How this works is a hacker will set up a fake access point or Wi-Fi Network which looks exactly like it’s legitimate counterpart and then intercept any and all information that is entered on this fake network.
How Evil Twin Attack Works
- The reason why Evil Twin Attack is possible is that our devices cannot distinguish between two signals with same SSID.
- Attacker sets up an access point with the same name of the victims Wi-Fi network but with a much faster internet speed or signal strength.
- Disconnect the victim from its original access point.
- Wait for the victim to connect to the fake access point, this can be done by dumping a large number of packets onto the network to disconnect its users.
- Once connected, ping the victim with a page or a prompt asking them to enter id and password as confirmation of their identification for any believable reason of your choice. Some of the most common prompts include: Software Update, Email Login, etc.
Risks Of Evil Twin Attack
- Eaves Dropping,
- Establish Man In the Middle
- Extract Sensitive Information
- Stealing of Credential
- Plant Back Doors and Espionage Software
Prerequisites: Linux Distribution(preferably Kali or Parrot OS), root user privileges, internet connectivity, wireless card, close proximity with the victim.
- Set the Wi-Fi or Network Card to Monitor Mode.
- Set up the configurations for the Route Access Point the you wish to setup.
- Set up DNS Mask for forwards.
- Route gateway.
- Allow your Network Access to the Internet.
- Use Apache and DNS spoofing to setup a landing page for the victim so that you can lure them into giving up credentials.
How To Avoid
- Always keep the auto connect at the disable mode to avoid accidental connection into a malicious network.
- Stay wary of any out of place SSIDs in public spaces.
- A hacker may patiently wait for the victim to automatically connect to the evil twin but often they might try to flood the network to disconnect users, be wary when a Wi-Fi with good signal strength suddenly starts to constantly connect and disconnect.
- Never connect to open Wi-Fi servers offering internet for free.
- Make sure to check the “https” and “secured” signs when entering your credentials on any website.
- It is difficult for normal users to keep an eye for any changes in the behavior of the website but if something feels off about the page you are visiting can be a red flag.
- VPN-Not Working: VPNs can secure your connection even if you are using an evil twin. So many malicious networks often take some measures to block them so that a user in an urgency would disable the VPN before connecting. This can be viewed as another Red Flag in your journey.
The blog couldn’t have been possible without the amazing free content available on the internet. If you wish to have a more practical insight about the process and amazing video content check out zSecurity. They really have some great content relating to Penetration Testing and I have definitely learned a lot from them.