Users are almost always the weakest link in the system, so their attacks are often preferred because they are low cost and effective. Especially for those who are less experienced in network security or non-professional small and medium-sized enterprises, their computers or systems there are many vulnerable and unresolved vulnerabilities, such as the default routing management password, it is easy to use Wireless network to attack. For wireless wifi attacks against users, wifi phishing and spoofing attacks is the best method.
Fluxion is evolved from a high-level social engineering attack called Lindset, a rewriting attack that spoofs the inexperienced user’s leaked network.
Fluxion is the only tool that uses the WPA handshake feature to control the behavior of the login page and to control the behavior of the entire script. It blocks the original network and creates a clone network with the same name, causing the user to join after disconnecting. And provides a virtual router to restart or load the firmware and request the network password to continue logging on to the page.
The tool captures the input password by capturing the handshake package, using Aircrack-ng to verify the accuracy of the password, stuck the target AP until the correct password is entered.
Fluxion needs to work with two APs, integrating interference and handshake packets to capture the functionality. Similar to the Wifiphisher function, but Wifiphisher lacks the ability to validate the WPA password.
git clone http://ift.tt/2uOURCo
The post How to use Fluxion get WPA/WPA2 wifi passwords appeared first on Penetration Testing.