What is an Evil Twin Attack?
The evil twin attack refers to essentially duplicate the wireless network. And the attacker tries to spoof the name and MAC address of the wireless access point of the network. An attacker plans on doing this in the hope that the victim will connect to your access point. Once the victim connects to the fake access point created by an attacker, the attacker owns the victim’s computer.
So technically, an Evil Twin Attack is where the attacker sets up a fake Wi-Fi network that looks legitimate access point to steal the victim’s sensitive information. Mostly the victims of this attack are ordinary people who have less knowledge about security.
For example, suppose you go to a coffee shop with a free Wi-Fi network available like Starbucks. Then there comes the role of an evil twin. You connect to a Wi-Fi network that looks legitimate with the same name and better signal strength. You don’t even know that you are using the network impersonated by the attacker. In this case, the attacker can view all the information that flows between you and the internet. The information is maybe sensitive like credit card details, usernames, passwords, etc.
How Evil Twin Attack works?
The evil twin attack works by the following steps:
1} The attacker starts the fake access point with an identical name as the target network.
2} Then the attacker disconnects the victim from the real network.
3} Wait for the victim to connect back to the fake network created by the attacker.
4} Once the victim connects, the attacker automatically displays a page that asks for the network key.
5} Attacker gives internet access through a fake access point.
6} Then steal sensitive information of the victim by monitoring the network traffic.
How to perform an evil twin attack?
Note: This tutorial is for educational purposes only.
For performing The Evil Twin attack, we will be requiring any Linux Distribution installed on your computer and a wireless network. Any Debian Linux/GNU is preferred over any other Linux distribution. Kali Linux is the best hacking OS developed by Offensive Security.
Suppose you are sitting at a coffee shop and using their Wi-Fi network. The name of the network is ‘Starbucks’. Connect to that network and boot up your Linux OS and start the terminal.
Type the following commands in the terminal.
This command will make a directory named ‘eviltwin’.
This command will change its directory to eviltwin directory.
This command will create a bash script file.
Type the following code in the bash script. This code will flush the iptables in your OS and enable IP forwarding. press ‘ctrl + O’ to save and ‘ctrl + x’ to exit.
This will run the bash script.
This command will install tools for further attack.
this command will make dnsmasq configuration file. Dnsmasq is tool which will allocate IP address when connected to fake access point.
Type the following code and save the file.
This command will make hostapd file. hostapd is a tool used to create and configure wireless access point.
Type following code and save the file.
Type following two commands to run the attack.
How to defend from an Evil Twin Attack?
The most effective and best way to protect from an Evil Twin Attack is using a VPN. VPN stands for Virtual Private Network. All the traffic flowing through the device using a VPN and the internet is encrypted. So, even if the attacker manages to make you connect to the fake access point, he won’t be able to monitor the traffic. All the data sent between you and the internet is encrypted. So, everything the attacker will see is nothing but gibberish.
Another way to protect is to educate the users. Educate them to connect to the right access point. Never enter the passphrase or the network key on a web interface. Unless and until you are using Captive Portals, the access point will never ask you to enter the network key on a web interface.
