Fluxion
Fluxion is a tool that can be used to perform Penetration Testing or Security Auditing on Wireless Access Points. It uses Social Engineering to grab the authentication password from the users. It tries to gather the WPA/WPA2 key from the target Access Point by performing a phishing attack. Two attacks can be performed using Fluxion. One is the Handshake Snooper attack and another is Captive Portal.
The Handshake Snooper attack tries to gather the WPA/WPA2 authentication hashes from the 4-way handshake. It uses the de-authenticator to disconnect all users that are connected to the targeted access point and then when the users try to reconnect to the access point, it captures the hashes. These hashes can be used by the Captive Portal attack,
The Captive Portal Attack tries to gather the targeted access point’s WPA/WPA2 password by creating a rouge network. In a general sense, it performs an Evil-Twin attack where a network is created with the same SID and all the users are disconnected from the targeted access point. Then with the use of phishing attacks the users are fooled into providing the password for the targeted access point.
Note: To perform attacks using Fluxion, you need an external Wi-Fi card with monitoring mode.
Views: 0
