The Evil Twin Wireless attack

I would like to dedicate this article to the CyberCommunity members at the Lebanese University Hadath who organized an amazing workshop recently.

The purpose of this setup is to show how dangerous is to connect to a public Wi-Fi. We will setup a ‘rogue’ access point with the same ESSID as the legitimate access point. Users will connect to the rogue Access Point (AP) instead of the real one. The traffic will be forwarded by the man in the middle to the real access point through the attacker’s device.

To successfully complete the setup, you have to be familiar with Backtrack or Kali Linux and know shell scripting and few networking skills. The provided script is not a plug and play script. It requires customization before using it depending on the environment. You should be able to modify it according the comments inside.

First of all make sure that you have the required hardware: a wireless network interface card (NIC) that supports packet injection to create the rogue AP and another NIC (wireless or Ethernet) to connect the real AP. Then, make sure that you have the required software installed. You will need the operating system backtrack or Kali Linux, you need to install dhcpd3 and bridge utilities using the following two commands (root priviledge):

apt-get install dhcp3-server

apt-get install bridge-utils

Create a backup of dhcp.conf located in /etc/dhcp3/dhcpd.conf and replace it with the provided dhcpd.conf .

Then take a look at the attached script and modify it according to the comments.

The first part of the script kills some running applications to avoid any conflict. Then we setup the bridge and continue to configure NAT (Network Address Translation). I did the search for you, gathered all the commands and put them all in one shell script and tested it (Trust me, it works). At this point I can setup the rogue AP just by running the script. For debugging purpose you might need to test each command alone in the command line if you did not make the customization correctly.

Once you succeed to run the script, you will be asked to enter the ESSID. Choose the same ESSID as the target AP (that is the Evil Twin) or another ESSID like ‘FreeWifi’ to make a normal MITM attack. You will be able to manipulate the user traffic completely by performing DNS spoofing, phishing or any sort of monitoring and MITM attacks (see the comments inside mitm.sh).

As a matter of fact, we used to connect to ‘genie3’ at our faculty which is an AP with no security. This sort of attacks can be easily applied to ‘genie3’ which is really dangerous. To mitigate this attack, always double check the existence of the green bar beside the websites that use SSL and use VPN if possible. Basically do not connect to public wifi when possible.

The script below is provided as it is with no warranty and I take no responsibility of how you use the script. It is just for learning and testing purpose. You can only test the script by connecting a device you own to the rogue access point.

Thank you for logging in to download the script below! Try to complete the challenge.

You should be logged in to see the content. Thank you...
Summary
The Evil Twin Wireless attack
Article Name
The Evil Twin Wireless attack
Description
The Evil Twin Wireless attack forwards the traffic by the man in the middle to the real access point through the attacker’s device.
Author
Alaa Khreis

Leave a Reply