Fluxion (Linset) : Hacking WPA/WPA2 Without Dictionary/bruteforce: Fluxion Night Mode

27/9/2016
Home
HackingWPA/WPA2withoutdictionary/bruteforce:FluxionKaliLinuxHackingTutorials
Install Kali
Hack With Kali
Hacking WPA/WPA2 without dictionary/bruteforce : Fluxion

By Shashwat Chaudhary August 25, 2016 aircrack-ng, client, evil twin, Fluxion, linset, man in the middle, social
engineering, user, wifi, wireless, wpa, wpa2
Fluxion (linset)
I hadn't ventured into Hackforums since a while, and this time when I went there I saw a thread about a
script called Fluxion. It's based on another script called linset(actually it's no much different from linset,
Night Mode
Night mode (Still in beta, Will need to refresh page
to get back to day mode, seems to work only in
chrome)
Search This Blog
think of it as an improvement, with some bug fixes and additional options). I did once think about (and
was asked in a comment about) using something like a man in the middle attack/ evil twin attack to get
WPA password instead of going the bruteforce/dictionary route, but never looked the idea up on the
internet nor spent much time pondering over it. However, once I saw the thread about this cool script, I
decided to give it a try. So in this post I'll show you how I used Fluxion, and how you can too.
Popular Posts
Disclaimer : Use this tool only on networks you own .Don't do anything illegal.
Just double checking

The first thing I did was make sure that Kali
doesn't already have this tool. Maybe if you
are reading this post a long time after it was
written, then you might have the tool preinstalled in Kali. In any case, try this out:
fluxion
I, personally tried to check if linset or fluxion
came pre-installed in Kali (though I didn't
expect them to be there).
Tutorial on Hacking With Kali Linux

Hack WPA/WPA2 WPS - Reaver - Kali Linux
Wifi Hacking - WEP - Kali Linux Aircrack-ng suite
Evil Twin Tutorial
Hacking Website with Sqlmap in Kali Linux
Penetration Testing - Hacking XP
Wifite : Hacking Wifi The Easy Way : Kali Linux
Hack WPA/WPA2 PSK Capturing the Handshake
Kali Linux 1.1.0 Released
Hack Facebook Account : Stuff You Should Know
Getting the script

Getting the script is just a matter of cloning the github repository. Just use the git command line tool to do
Follow By Email
it.
git clonehttps://github.com/deltaxflux/fluxion
If you have any problems with this step, then you can just naviagate to the repostitory and manually
download the stuff.
Emailaddress...
Facebook
Running the script

Just navigate to the fluxion directory or the directory
containing the scripts in case you downloaded them
manually. If you are following the terminal commands I'm
using, then it's just a simple change directory command for
you:
http://www.kalitutorials.net/2016/08/hackingwpawpa2without.html
1/15
27/9/2016
KaliTutorials
cd fluxion
4752Megusta
Now, run the script.

sudo ./fluxion
Megustaestapgina
Usaraplicacin
Selprimerodetusamigosenindicarquetegusta
esto.
KaliTutorials
Ayeralas4:22
Dependencies
Useveilevasiontohelpyourpayloads
bypassantivirussoftware.
If you have any unmet dependencies, then run the installer

script.
There are 4 dependencies that need to be installed
http://www.kalitutorials.net//antivirus
evasionbypassing
sudo ./Installer.sh
I had 4 unmet dependencies, and the installer script run
was a buggy experience for me (though it might be
becuase I have completely screwed up my system, editing
files I wasn't supposed to and now I can't get them back in
order) .It got stuck multiple times during the process, and
I had to ctrl+c my way out of it many times (though ctrl+c
Advertisement
didn't terminate the whole installer, just the little update

popup). Also, I ran the installer script twice and that
messed up with some of the apt-get settings. I suggest that
after installation is complete, you restore your/etc/apt/sources.list to it's original state, and remove the
bleeding edge repositories (unless you know what you're doing). To know what your repository should
look like, take a look here.
Author
Anyways, one way or the other, your unmet dependencies will be resolved, and then you can use Flexion.
PS: For those trying to use apt-get to install the missing stuff - some of the dependencies aren't available in
the default Kali repos, so you'll have to let the script do the installation for you, or manually add the repos
to /etc/apt/sources.list (look at the script to find out which repos you need to add)
Shashwat Chaudhary
google.com/+ShashwatChau
udhary
Fluxion
2nd year CSE @ IIIT Delhi
Follow
Once again, type the following:
829 followers
sudo ./fluxion
This time it should run just fine, and you would be asked a few very simple questions. For the wireless
adapter, choose whichever one you want to monitor on. For the channels question, choose all, unless you
Contact
have a specific channel in mind, which you know has the target AP.
You can write to us at admin@kalitutorials.net
Then you will see an airodump-ng window (named Wifi Monitor). Let it run while it looks for APs and
2/15
27/9/2016
clients. Once you think you have what you need, use the close
button to stop the monitoring.
You'll then be prompted to
select target.
Then you'll be prompted to select attack.

Then you'll be prompted to provide handshake.
handshake
If you don't have a handshake captured already, the script
will help you capture one. It will send deauth packets to
achieve that.
After that, I quit the procedure (I was using the script in
my college hostel and didn't want to cause any troubles to
other students).
If you are with me so far, then you can either just close this website, and try to use the tool on your own (it
look intuitive enough to me), or you can read through the test run that I'm going to be doing now.
Getting my wireless network's password by fooling my

smartphone into connecting to a fake AP
So, in this example run, I will try to find out the password of my wireless network by making my
smartphone connect to a fake AP, and then type out the password in the smartphone, and then see if my
Fluxion instance on my Kali machine (laptop) gets the password. Also, for the handshake
handshake, I will deauthenticate the same smartphone.
PS: You can probably follow this guide without having any clue how WPA works, what handshake is, what
is actually going on, etc., but I suggest you do read up about these things. Here are a few links to other
tutorials on this website itself that would prove useful:
1. Things you should know about Wireless Hacking - Beginner Level Stuff
2. Things you should know about Wireless Hacking Part II - Intermediate Level Stuff
3. Evil Twin Attack
This is the theoretical stuff. Experience with tools like aircrack-ng, etc. would also be useful. Take a look at
the navigation bar at the top and look at the various tutorials under the "Wireless Hacking" category.
Anyways, with the recommended reading material covered, you can comfortably move on to the actual
hacking now:
The real stuff begins!

3/15
27/9/2016
This section is going to be a set of pictures with captions below them explaining stuff. It should be easy to
follow I hope.
After selecting language, this step shows up. Note how I am not using any
external wireless card, but my laptop's internal card. However, some internal cards may
cause problems, so it's better to use an external card (and if you are on a virtual machine
you will have to use an external card).
The scanning process starts, using airodump-ng.
You get to choose a target. I'm going after network number 21, the one my smartphone
is connected to.
4/15
27/9/2016
You choose an attack. I am going to choose the Hostapd (first one) attack.
If you had already captured a 4-way handshake

handshake, then you can specify the location
to that handshake and the script will use it. Otherwise, it will capture a handshake
in the next step for you. (A tutorial on capturing the handshake separately)
If you didn't capture a handshake beforehand, then you get to choose which
tool to use to do that. I'm go with aircrack-ng.
Once you have a handshake captured (see the WPA Handshake

Handshake: [MAC Address]on top, if it's
there, then you have the handhake), then type 1 and enter to check the handshake
handshake. If everything's fine,
you'll go to the next step.
5/15
27/9/2016
Use the Web Interface method. I didn't try the bruteforce thing, but I guess it's just
the usual bruteforce attack that most tools use (and thus no use to us, since that's
not what we are using this script for).
This offers a variety of login pages that you can use to get (phish) the
WPA network's password. I went with the first choice.
After making your decision, you'll see multiple windows. DHCP and DNS requests are being handled in
left two windows, while the right two are status reporting window and deauth window (to get users
off the actual AP and lure them to our fake AP)
6/15
27/9/2016
In my smartphone, I see two network of the same name. Note that while the original network is WPA-2
protected, the fake AP we have created is an open network (which is a huge giveaway stopping most people
from making the mistake of connecting to it). Anyways, I connected to the fake AP, and the DNS and DHCP windows
(left ones), reacted accordingly.
After connecting to the network, I got a notification saying that I need to login to the wireless network.
On clicking that, I found this page. For some people, you'll have to open your browser and try to open a website (say
facebook.com) to get this page to show up. After I entered the password, and pressed submit, the script ran the
password against the handshake we had captured earlier to verify if it is indeed correct. Note how the
handshake is a luxury, not a necessity in this method. It just ensures that we can verify if the password
submitted by the fake AP client is correct or not. If we don't have the handshake
handshake, then we lose this ability,
but assuming the client will type the correct password, we can still make the attack work.
Aircrack-ng tried the password again the handshake

handshake, and as expected, it worked.
We successfully obtained the password to a WPA-2 protected network in a matter of minutes.
Troubleshooting
Since fluxion and Kali both are constantly evolving (you might be using a different rolling release of Kali, as
well as a different version of Fluxion. There are times when the tool break, and there's an interval of time
for which it stays broken. Look at the issues page, and you will most probably find a fix for your problem.
Note that the issue may as well be in closed issues (it would most probably be in closed issue).
7/15
27/9/2016
For those who are able to follow the guide to the second last step, but don't get any Login page on their
device, this issue suggests a solution. [Dated : 17th September, if you're reading this much later then this
might not be relevant, and some other issue would be]
What now?
I illustrated one possible scenario. This script can work with other devices (laptops for example) too as the
fooled clients (not just smartphones). One possible short-coming to this attack is that most
smartphones/laptops these days don't automatically connect to open networks (unless they have before),
and hence the user has to do it manually. If your fake AP has more signal strength than the real one, then
a person who doesn't know about WPA and open networks could very easily end up connecting to your
network instead. So, overall this attack has a fair chance of succeeding.
Have any problems/comments/suggestions, leave them in the comments below.
Share with your friends

218
Sponsored
Related Post
WPA/WPA2 cracking using
Hack WPA/WPA2 PSK Capturing
Wifite : Hacking Wifi The Easy Way
Dictionary ...
the Han...
...
NEXT
SQLMap with Tor for Anonymity
PREVIOUS
How to hack facebook using kali linux :

CREDENTIALS HARVESTER ATTACK
Posted by Shashwat Chaudhary at August 25, 2016
34 comments:
1.
Ayush Patidar
August 25, 2016 at 7:38 AM
It's "sudo ./Installer.sh"
1
Reply
8/15
27/9/2016
1.
Shashwat Chaudhary
August 25, 2016 at 7:49 AM
1.1
Updated, thanks.
2.
HACKS AND GEEKS
August 26, 2016 at 12:40 PM
Its an exact copy of linset only difference it's in english and offers many attack languages
1.
Shashwat Chaudhary
August 26, 2016 at 12:56 PM
Reply
2.1
I haven't used Linset yet, so I don't really know how similar the two tools are
(though I know fluxion is built on top of Linset). Anyways, I'll update the post a bit
to reflect your point.
3.
Hector Moreno
August 28, 2016 at 2:08 PM
gsettings-desktop-schemas : Breaks: mutter (<3.19.92) but 3.18.2-1 is to be in stalled

E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by he ld packpages.
1.
Hector Moreno
August 28, 2016 at 3:22 PM
Reply
3.1
Ignore it, is a sourcelist problem..
4.
Dumitru Ion
September 2, 2016 at 11:34 AM
Wow, romanian language, I am impressed. Thx for tutorial, I will use for tests :D
5.
Anonymous
September 4, 2016 at 4:41 PM
4
Reply
5
9/15
27/9/2016
No Chance against users with basic technical knowledge, but this spoofing attack maybe much
faster then usual wifi cracking methods. It's worth a try
Reply
1.
Shashwat Chaudhary
5.1
Basic technical knowledge is a relative term, you never know how many people
might fall for something as simple as this.
Nevertheless, you're right in saying that it doesn't take a lot of thinking for the
client to figure out that something's fishy.
6.
Ferris Eris
I used the VM player with a external wireless card.However the program says there is no wireless
cards. I have not solved it.
Reply
1.
Shashwat Chaudhary
6.1
Maybe the external card is connected to the host, not to the virtual machine. I
use Kali as my primary OS now so don't exactly remember where the option of
switching the wireless card to the guest instead of the host was. Take a look at
this pic, it should help.
http://geek-university.com/wp-content/images/vmwareplayer/connect_usb_device.jpg
7.
Ferris Eris
I used the VM player with a external wireless card.However the program says there is no wireless
cards. I have not solved it.
Reply
8.
Anonymous
hey it is possible to change these templates into your own idea?
1.
Shashwat Chaudhary
Reply
8.1
10/15
27/9/2016
Yes.
You can navigate to the Sites folder inside Fluxion, and edit any of the templates
and change how you want them to look. You can also create new folders there and
add them to the script.
9.
Anonymous
i apply all the procedures and every thing goes OK

until last step
in my smart phone i connected to the fake AP but didn't ask me to login or to insert the password
two last pictures didn't appear
what is the wrong
i will very thankful for replaying me ^^
1.
Shashwat Chaudhary
Reply
9.1
Are you sure you connected to the fake AP and not the real one? Also, what OS is
your smartphone running (for eg. Android)?
10.
Anonymous
yes I'm sure that i connected to the fake AP and my OS is android 4.3 jelly bean
i know it's an old version, but is this effect ??
11.
Shashwat Chaudhary
10
Reply
11
Android 4.3 is fine. I just asked to see if you're using a really uncommon OS or something.
In my case I got a notification right away, clicking which opened the browser window which I posted
in the tutorial. Try choosing a different login page (I chose 1, you may try others, see if they work).
Try using another smartphone device and see if it works on it.
Reply
12.
Anonymous
12
I too dont get the prompt asking for the passphrase. I checked using one plus two with android - 6
and macbook pro with yosemite
Reply
1.
Anonymous
11/15
27/9/2016
12.1
I get a notification that the wifi connection you are connected to is not connected
to internet, do you want to stay connected or not
2.
Shashwat Chaudhary
12.2
That can be solved by giving internet access to the fake AP. For that your Kali
machine should be connected to the internet. This requires two wireless cards,
since the card you are using for creating fake AP can't be used to connect you to
the internet simultaneously. If you don't have two cards, try some other way of
getting internet access to your Kali machine (eg. USB tethering via smartphone,
etc.) and carry out the attack on some other device (not the smartphone used for
tethering). See if that works.
13.
Anonymous
13
I am running Kali on Parallels desktop and it gets internet access from a virtual lan eth0 port which
shares internet to which is my macbook connected. can you guide me how to assign this internet to
the fake AP?
Reply
1.
Shashwat Chaudhary
13.1
I think the tool should do that automatically for you. The FakeDNS terminal
should do just that. However, you can manually bridge the connections too. Take
a look here for something similar. I think that would be helpful.
http://www.kalitutorials.net/2014/07/evil-twin-tutorial.html
14.
Danh V
14
I had the same problem with him, when I connected to the fake AP, I didn't see any fake login page
or any notification
Reply
1.
Shashwat Chaudhary
14.1
Are you sure you followed all the steps properly? I'm not familiar with the
implementation details of the tool, so I can't really help if it's a problem with the
script.
12/15
27/9/2016
If you can properly describe the problem, it would be useful to open an issue on
Fluxion's github. I am not able to re-create the problem myself, and Fluxion
seems to work fine for me.
https://github.com/deltaxflux/fluxion/issues
15.
Anonymous
15
No internet connection issue as encounter by others. Running on Kali linux using VMware. Follow
the steps and successfully created fake AP and jammed real AP. When connected to the fake AP, my
smartphone (android 6.0.1) notified me there is no internet on the fake AP. I have LAN cable and
usb wifi adapter connected. Both can connect to internet but since im using the usb wifi for Fluxion
so i connected the system to use LAN cable. I can browser the internet when running Fluxion, so i
am not sure what happen in between as well.
Reply
1.
Anonymous
15.1
No Fake Login Page due to no internet connection.

https://github.com/deltaxflux/fluxion/issues/119
16.
Anonymous
16
Hi
I seem to have a different issue. When I get to the option to select an interface, my wireless card
shows as option 1, but when I type 1 and press enter it just freezes and nothing happens.
I am running Kali Linux on Virtual box and using an external WLAN card. The WLAN card is picked up
in Linux and I can use it to search for other network.
Is this an issue with the script. It seems to freeze Everything on the VM.
Any help would be appreciated.
Thanks
Reply
1.
Shashwat Chaudhary
16.1
See if the problem is with incompatible versions of Kali and Fluxion. Update kali
to most recent, and Fluxion to it's latest stable release.
2.
Anonymous
16.2
13/15
27/9/2016
Well I used KAli Linux and Fluxion using Virtualbox and at froze exactly as you
said. I reinstalled kali linux some three times in Virtualbox and it froze
everytime. Then I shifted to Parallels and it worked fine - fine that it jammed real
AP and created a fake one but could not get beyond that. My mobile or laptop
when connected to the Fake AP did not ever ask for the password
17.
Anonymous
17
i could not get the 4 ways handshake ??? please help?
1.
Shashwat Chaudhary
Reply
17.1
Capture it separately and specify the file when Fluxion asks for it. Take a look
herehttp://www.kalitutorials.net/2014/06/hack-wpa-2-psk-capturing-handshake.html
handshake
18.
Srishan Bhattarai
18
Could've just mentioned this as evil twin in the title and saved people a click.
1.
Shashwat Chaudhary
Reply
18.1
Sorry that you found the title misleading, but there's only so much I can put in
there, and I already have en evil twin tutorial and didn't want to cause confusion
(Evil Twin)
Enteryourcomment...
Commentas:
Publish
Unknown(Google)
Preview
Signout
Notifyme
14/15
27/9/2016
Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this sites author and/or owner is strictly prohibited. Excerpts
and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5a LqJcMW7zznffTx Qwta 8JTZsx BDPguC
15/15

Fluxion (Linset) : Hacking WPA/WPA2 Without Dictionary/bruteforce: Fluxion Night Mode

Uploaded by

Copyright:

Available Formats

Fluxion (Linset) : Hacking WPA/WPA2 Without Dictionary/bruteforce: Fluxion Night Mode

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fluxion (Linset) : Hacking WPA/WPA2 Without Dictionary/bruteforce: Fluxion Night Mode

Uploaded by

Copyright:

Available Formats

What is Fluxion and what does it do?

What is Fluxion and what does it do?

What steps are required to run Fluxion?

What steps are required to run Fluxion?

27/9/2016

Hack With Kali

Hacking WPA/WPA2 without dictionary/bruteforce : Fluxion

Search This Blog

Just double checking

Tutorial on Hacking With Kali Linux

Getting the script

Running the script

Now, run the script.

If you have any unmet dependencies, then run the installer

There are 4 dependencies that need to be installed

didn't terminate the whole installer, just the little update

2nd year CSE @ IIIT Delhi

Once again, type the following:

Then you'll be prompted to select attack.

Getting my wireless network's password by fooling my

The real stuff begins!

The scanning process starts, using airodump-ng.

If you had already captured a 4-way handshake

Once you have a handshake captured (see the WPA Handshake

Aircrack-ng tried the password again the handshake

Share with your friends

WPA/WPA2 cracking using

Hack WPA/WPA2 PSK Capturing

Wifite : Hacking Wifi The Easy Way

How to hack facebook using kali linux :

Posted by Shashwat Chaudhary at August 25, 2016

It's "sudo ./Installer.sh"

August 25, 2016 at 7:49 AM

HACKS AND GEEKS

August 26, 2016 at 12:40 PM

August 26, 2016 at 12:56 PM

August 28, 2016 at 2:08 PM

gsettings-desktop-schemas : Breaks: mutter (<3.19.92) but 3.18.2-1 is to be in stalled

Ignore it, is a sourcelist problem..

September 5, 2016 at 4:27 AM

September 5, 2016 at 2:07 AM

September 5, 2016 at 4:24 AM

September 5, 2016 at 2:09 AM

September 12, 2016 at 2:55 AM

hey it is possible to change these templates into your own idea?

September 13, 2016 at 3:29 AM

September 16, 2016 at 3:36 AM

i apply all the procedures and every thing goes OK

September 16, 2016 at 10:10 AM

September 16, 2016 at 11:04 AM

September 17, 2016 at 3:54 AM

September 17, 2016 at 7:03 AM

September 17, 2016 at 3:09 PM

September 18, 2016 at 10:46 AM

September 18, 2016 at 12:25 PM

September 18, 2016 at 5:59 PM

No Fake Login Page due to no internet connection.

September 19, 2016 at 4:38 AM