Follow these instructions to get started:
airodump-ng
to locate the access point's BSSID and ESSID which we would like to emulate in the evil twin: airbase-ng
command: airodump-ng
screen. It is important to note that you will need to run airodump-ng
in a new window with the following command airodump-ng --channel 11 wlan0
to see this new access point: airodump-ng
it is almost impossible to differentiate between both visually: airodump-ng
is unable to differentiate that there are actually two different physical access points on the same channel. This is the most potent form of the evil twin.We created an Evil Twin for the authorized network and used a De-authentication attack to have the legitimate client connect back to us, instead of the authorized network access point.
It is important to note that in the case of the authorized access point using encryption such as WEP/WPA, it might be more difficult to conduct an attack in which traffic eavesdropping may be possible. We will look at how to break the WEP key with just a client using the Caffe Latte attack in a later chapter.
In the previous exercise, run the evil twin on different channels and observe how the client, once disconnected, would hop channels to connect to the access point. What is the deciding factor upon which the client decides which access point to connect to? Is it signal strength? Experiment and validate.
3.141.24.134