infernal twin Automated Evil Twin Attack

Automated Evil Twin Attack: infernal-twin
Evil twin is a term for a fake WiFi access point, it appears to be a legitimate one offered on the premises, but it has been set up to snoop "spy"  on your wireless communications.
An evil twin is also called wifiphisher it's the wireless version of the phishing scam that hackers use to hack online accounts
The attacker fools wireless users to make them connect to a tainted hotspot by posing as a legitimate provider.

This type of fake wifi attack may be used to steal the passwords of the users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there in a simple word it's wifi phisher

This tool was created to help the auditors and penetration testers to perform wireless security assessment in a quick manner and easing complex attack vectors.

it is an automatic wifi hacking tool, it's a Python suite created to aid penetration testers during wireless assessments,  many of the common attacks can be done automatically by using this tool
which can get complicated and hard to manage when executed manually.

Features	What this tool will do
1-WPA2 hacking  2-WEP Hacking  3-WPA2 Enterprise hacking  4-Wireless Social Engineering  5-SSL Strip  6-Evil Access Point Creation  7-Infernal Wireless  8-Report generation  9-PDF Report  10-HTML Report  11-Note taking function  12-Data is saved into Database  13-Network mapping  14-MiTM  15-Probe Request	1-Set up monitoring interface  2-Set up DB  3-Scan wireless network in the range  4-Connect to the network selected SSID  5-Obtain login page of authentication  6-Modify the login page with attacker controlled php script to obtain the credentials  7-Set up Apache Server and serve fake login page  8-Give a victim an IP  9-Set up NAT table  10-Dump the traffic  11-Perform Deauthentication Attack

how Evil Twin attack work ?

The attacker set up a fake Wi-Fi access point, purporting to provide wireless Internet services
and eavesdropping the user’s traffic. with this type of attack the attacker can know everything your are doing every web you open and steel every password you type, of course they can if you are not protecting yourself

and if the attacker just want to know your Wifi credentials he can serve you to a fake login page asking your for your wifi password to steal the password ,  and not just a fake wifi login page
he can also serve you to a fake login page for any of the website you are trying to open .
yes you  sensitive data is between the attacker hands once you connect to a fake wifi, The attack scenario could be exploited to run man-in-the-middle attacks or to serve malware to the computers in the targeted network.

To avoid  evil twin access point attack...
There is no magic button and you need to know some details about the real AP you are connected to or want to connect to.. Like

1. The MAC address of the real wireless access point
2. The DHCP IP address the gateway and the DNS server that it hand out
3. Apart from that, you might find the evil twin using a different frequency than the original, like the true AP being on 2.4GHz and the evil AP being on 5GHz

it's hard to avoid fake wifi and even almost impossible to have all of that information with you when ever you want to connect to an access point , but this is the only way to know its real and not fake wifi

For wireless network administrator
To protect your users from fake wifi connection you can use EvilAP Defender its an application that will help you discover and prevent Evil Access Points from attacking wireless users.
You can setup the application to run in regular intervals to check if there is any fake access point and protect your wireless network from Evil Twin attacks.
You can also configuring EvilAP Defender to send notifications to your email whenever it discover an evil access point.
and you can configure EvilAP Defender to perform DoS on on the legitimate wireless users to prevent them from connecting to the discovered evil AP, this will give the administrator more time to react.
However, notice that the DoS will only be performed for evil APs which have the same SSID ( wifi Name ) but different BSSID (AP’s MAC address) or running on a different channel.
To avoid DoS your legitimate network. you can read more about it here Link
.
Back to  infernal twin now lets see what we need to start a fake wifi hotspot

To use the tool you need
Apache module
mysql database
Scapy packet manipulation tool for computer networks
wxtools debugging framework.
To install the packages we need follow these steps:
Use sudo if you are not root most of those packages are included in Kali Linux but just in case you are not a Kali user

1234567891011121314151617

apt-get install apache2

apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql

apt-get install python-scapy

apt-get install python-wxtools

apt-get install python-mysqldb

apt-get install aircrack-ng

git clone https://github.com/entropy1337/infernal-twin.git

Now lets Start Infernal Twin by 

123456

cd infernal-twin
python InfernalWireless.py
or
InfernalWireless.py

If it's the first time you use infernal-twin it's a good idea to run configure
to do so..
click File then Configure software

For enterprise packing you need freeradius
you check if you have it or not by
click tools then check freeradius
if you don't have it after clicking "check freeradius" it will give you links for download

keep in mind wifi attack is Legal you should never make a fake wifi hotspot over an  access point you don't manage