Think twice before connecting to a free public Wi-Fi hotspot at an airports, coffee shops, or hotel… Because a fake Wi-Fi access point set up by a bad hacker called Evil Twin attack. It looks like a legitimate hotspot provided by a nearby Wi-Fi sounds interesting…

But the question is how do they do that? Many bad hackers are eager to crack Wi-Fi passwords to gain free internet, but that kind of attacks will takes long time to crack Wi-Fi password. So that bad hackers are using this new attack.

Back end of an Evil Twin attack?

The evil twin is an access point that looks and acts just like a legitimate AP and entices the end-user to connect to our access point. Our aircrack-ng suite has a tool, airbase-ng, which can be used to convert our wireless adapter into an access point.

Kali Linux
USB Wireless Adapter
Working Internet Connection (To Download Source Files)

Boot into Kali Linux and plug-in your USB Wireless adapter.
To perform this Evil Twin Attack we use a Linux based open source tool called fluxion.

Step 1

Open new terminal and clone the repository from GitHub using the following command.

git clone https://github.com/FluxionNetwork/fluxion

 Step 2

Now navigate to the directory where you have downloaded the fluxion files and type the following command to launch fluxion.





Select the language from the menu shown in the terminal.

Step 3

Here you have to select All channels option to monitor and display all wireless networks in your adapter range. When you find your target network, press CTRL + C to terminate the monitoring of the networks.



After pressing CTRL+C You can see below result, here enter the target Network ID number to lock the target. After that in the select attack option, choose FakeAP – Hostpd (Recommemded). Now it will ask where to save the handshake (path), no need to give the path; press ENTER to skip that process.


Step 4

Choose pyrit in Handshake check step and select Deauth all option in Capture Handshake step. This process will DeAuthenticate all the users who are connected to the targeted router.

Step 5

Wait for the WPA Handshake as shown in Screen 1, it captures the password of target router but the password will be encrypted (unreadable) format. If you don’t receive the handshake, then it is useless.
In Screen 2, we can observe the Deauth process.
If you get the handshake, select Check handshake in Capture Handshake step as shown in screen 3.


Step 6

Now choose Create a SSL certificate option as shown in Screen 1 and select Web Interface option as shown in Screen 2. Then, it will ask to select the language for login page (English recommended).

Step 7

Here, five terminals will suddenly pop-up at a time, observe the screen 5. There you can find target router details and number of clients connected to your fake Wi-Fi Access Point. If people enter the password, it will verify with handshake.


Step 8

The people who are connected to the original wifi network are deauthenticated by us. Although they try to re-connect, they can’t connect to the original wifi network. (This continues until we stop the deauthentication process which we started earlier).
Now the clients can observe another wifi network/access point without any security with the same name (This is the FAKE Access Point which we created above). Hence, there is a chance that most of the people might try to connect to this FAKE Access Point thinking that there is a technical glitch.


When people click on the Fake Access Point, they are immediately connected and a authentication page pops-up asking them to enter the Wifi Password. Once the client enters the password, it is matched with the encrypted password which we received during the handshake process.

If the password is correct, all the previous terminals will disapper and we can be able to see the Wifi Password on our screen.




Please enter your comment!
Please enter your name here