Man in the Middle attack using Evil twins in Kali-Linux !

Bad headphones might harm your hearing on long term. That’s why every computer geek should have the best possible equipment. Make sure you are familiar which is the best gaming headset before buying your next audio gear.

Man in the middle attacks (MITM) are one of the easiest ways in which an attacker can steel user credentials from the victim. What basically attacker does is that he will establish a connection with the victim somehow and will route the victim’s traffic through him. Now the attacker can analyse the packets send by the victim to stole his credentials and other valuable things. One of the most common ways to do it is to use ettercap or Evil twins attack in Kali-Linux. We will see how can we use Evil twin attack here.

 

In practical cases, when your PC scans for available Wi-Fi networks, if there are 2 networks with same SSID’s (or same name) , then the PC will display only 1 which have more stronger signal to your Wi-Fi card. This means that, if we are near to the victim than the router, then we can create a Wi-Fi hotspot with the same name and the victim’s PC will only connect to us. Then we can use the DHCP3 to route the traffic to Internet from our PC. So the victim will never come to know that we are playing in between him and the internet. Creating the Evil twin of the real SSID will do the trick and hence the name evil twin attack. Lets see how we can do man in the middle attack using evil twins :

1) Create a airmon-ng monitoring interface. Use this command to do that:

 

sudo airmon-ng start wlan0

This will start a monitoring mode normally mon0 or mon1. Now we need to dump the results of the monitoring to our terminal.

 

2) To dump the results, we use airodump-ng :

sudo airodump-ng mon0

This will show lot of info’s on your terminal like available Wi-Fi networks, channels, users, Mac-address etc. Now from the list , for example, if there is a hotspot named “Public Wi-Fi” and we need to create its evil twin.

 

3) To do that, we use airbase-ng :

sudo airbase-ng --essid "Public Wi-Fi" -c 1 mon0

Now this will start a new hotspot with the name “Public Wi-Fi” the evil twin of the real one. Now what we do is to send Deauth attack to the real Wi-Fi network so that all users connected to it will get disconnected and join to our evil twin.

 

4) To do a deauth attack, we use :

sudo aireplay-ng -0 0 -a XX:XX:XX:XX:XX:XX mon0

Now this will keep on giving deauth attack to the router until we press ctrl+c. XX:XX:XX:XX:XX:XX is the mac-address of the router. So if we keep up the deauth attack , say 20 sec, that’s enough for users to get disconnect and reconnect to our evil twin network. Thats it. We got the victim connected to our PC.


Now you can configure DHCP3 to route the packets to the Internet or you can use Social Engineering Toolkit in Kali-Linux to steal passwords. You can also use Wireshark to do the same. Sometimes, for security reasons the SSID’s will be hidden or the network will be filtered using Mac-address. If so you can read the posts on how to bypass Mac-address filters and how can you find out Hidden SSID’s using Kali-Linux.