Fluxion: The Future of MITM WPA Attacks


Fluxion: The Future of MITM WPA Attacks

Fluxion is a Wi-Fi cracker which attempts to retrieve a Wi-Fi password through a social engineering (phishing) attack. It represents Fluxion is a remake of linset by vk496 with enhanced functionality. Although most of Fluxion’s attacks’ setup is manual, there are some semi-auto options available to aid the user.

Disclaimer: Fluxion’s authors don’t own the logos under the /attacks/Captive Portal/sites/ directory. “Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. “

Fluxion: MITM Wi-Fi Cracker

Fluxion first scans for the target Wi-Fi network. After finding the network, it will launch the ‘Handshake Snooper’ attack where it will attempt to retrieve WPA/WPA2 password hashes (the four-way handshake) for key verification. Subsequently, the ‘Captive Portal’ attack will be launched which will create a rogue network and captive portal. Fluxion will then find the corresponding password when the target enters the correct password into the dummy network.

How It Works (Attack Mechanism)

Fluxion uses two main attack mechanisms, Handshake Snooper and Captive Portal. We will explain both in more details below.

Handshake Snooper

After selecting the target network, the user should use a target interface which supports network mode. This will allow the user system to monitor all traffic on the target network. This will ensure that all successful handshake keys are captured. After this, the user must select one of two methods of attack, passive or aggressive.

Passive Method: This method will make the attack invisible and allow for better listening. This method is preferred for situations where there is only a single target and they are far away from the access point. The disadvantage is that the user must wait until someone connects to the target network.
Aggressive Method: This method basically breaks the connection between the target network and all of its clients basically forcing all of them to reconnect. During reconnection, a 4-way handshake will be performed which should be captured by Fluxion.  In addition to these steps, the user must select a hash verifier to check the hash key, a verification interval to set how often Fluxion must check for a handshake and set the verifier’s synchronicity. Here, the user can choose to capture data simultaneously (asynchronously) or in a serial manner (synchronously).

Captive Portal Attack

In this attack, the user will have to target the user towards the authentication captive portal. This is basically a login page where the user will be required to enter the password for the Wi-Fi network. Fluxion will then test the password on the original network.

If the password is correct, the user will then be allowed to connect to the original access point, and we will get the WIFI password. However, if the password is incorrect, the clients will be informed of the invalid password and then given the opportunity to enter the correct password.

Before executing this attack, the user must select various options including the target network, wireless network interface to disconnect the clients, network interface to serve the captive portal, location of the verification hash file, whether to serve an SSH/TLS certificate and the user interface for the captive portal.

Features:

  • Attack WPA/WPA2 password protected networks
  • User can attack passively or aggressively depending on conditions
  • Simple to install and execute
  • Updated weekly with new features, improvements and patches

Supported Platforms:

  • Linux

Requirements:

  • Linux -based OS (Kali Linux Rolling + external Wi-Fi card is recommended)
  • Git

Install

Important: Before installation process, read this carefully.

Clone the repo:

$ git clone git@github.com:FluxionNetwork/fluxion.git

# Or if you prefer https 

$ git clone https://www.github.com/FluxionNetwork/fluxion.git

Navigate to the working directory and and run the installation script (dependencies will be installed automatically):

$ cd fluxion
$ sudo ./fluxion.sh

On Arch Linux:

$ cd bin/arch
$ makepkg

or use the BlackArch repo:

$ pacman -S fluxion

Fluxion Usage

From the Fluxion directory, execute fluxion. You can optionally pass parameters:

$ ./fluxion.sh

or with parameters:

# Kills any processes utilizing wireless interfaces selected.
# NOTICE: For a complete list of parameters, read the Flags & Preferences section.

./fluxion.sh -k

# Or using legacy flags like below.
export FLUXIONWIKillProcesses=1; ./fluxion.sh

Available Options:

-v or --versionPrints script version & revision.
-h or --helpPrints help information.
-d or --debugEnables debugging messages & behavior.
-k or --killerKills processes using selected interface (UNSAFE & DISCOURAGED).
-r or --reloaderReloads the selected interface’s wireless driver.
-n or --airmon-ngEnables the use of airmon-ng for monitor mode switching, rather than fluxion.
-m or --multiplexerEnables the usage of tmux, rather than xterm (currently not implemented).
-e or --essidTargets the specified ESSID (requires BSSID, & channel to be specified).
-b or --bssidTargets the specified BSSID (requires ESSID, & channel to be specified).
-c or --channelTargets the specified channel (requires BSSID, & ESSID to be specified).
-l or --languageSets the language to be used for the command line interface.
-a or --attackSets the target to be launched.
--ratioSets the xterm windows’ ratio.

For detailed information and available options for attacks, click on the ‘documentation’ button below.

Documentation Box
Download Box