Fluxion 5.8 released: MITM WPA attacks

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It’s compatible with the latest release of Kali (rolling). Fluxion’s attacks’ setup is mostly manual, but experimental auto-mode handles some of the attacks’ setup parameters.

How it works

• Scan for a target wireless network.
• Launch the Handshake Snooper attack.
• Capture a handshake (necessary for password verification).
• Launch Captive Portal attack.
• Spawns a rogue (fake) AP, imitating the original access point.
• Spawns a DNS server, redirecting all requests to the attacker’s host running the captive portal.
• Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key.
• Spawns a jammer, deauthenticating all clients from original AP and luring them to the rogue AP.
• All authentication attempts at the captive portal are checked against the handshake file captured earlier.
• The attack will automatically terminate once a correct key has been submitted.
• The key will be logged and clients will be allowed to reconnect to the target access point.
• For a guide to the Captive Portal attack, read the Captive Portal attack guide

Changelog v5.8

• – minor language tweaks
• – tweak cs language thanks to Strejda
• – remove mdk3 since it is not usable anymore
• – add mdk4 as dependency
• – change default permissions
• – update revision number

Installation

https://github.com/FluxionNetwork/fluxion.git
cd fluxion
./fluxion.sh

Source: https://github.com/FluxionNetwork/