The attack will automatically terminate once a correct key has been submitted.
Spawns a jammer, deauthenticating all clients from original AP and luring them to the rogue AP.Īll authentication attempts at the captive portal are checked against the handshake file captured earlier. Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key. Spawns a DNS server, redirecting all requests to the attacker's host running the captive portal.
Spawns a rogue (fake) AP, imitating the original access point. The downside is social engineering attacks work not every time.Ĭapture a handshake (necessary for password verification). The advantage of this approach is that it does not require a long-time brute-force on a powerful hardware. Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. It's compatible with the latest release of Kali (rolling). The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. Fluxion is a security auditing and social-engineering research tool.