0

Is it possible that for instance I have one access point that it requires a password for authorization to access to modem and internet.

I want to edit this step like a user when he/she click to the wireless adress as usual it will ask password of wifi and whatever when they typed correct or wrong password it will automatilly connect to the modem and i can see the password what they write?

schroeder
  • 125,553
  • 55
  • 289
  • 326
Fi.
  • 1
  • My question was not same as you dublicated one.In evil twins attack the wifi is not secured anyone easly can access it but i was going to ask that corresponding wifi will be looks like secured but whatever when he/she write anything for password i want to see what they write. – Fi. Dec 17 '16 at 20:30

1 Answers1

-1

If you're hacker, you can create "evil twin access point" or called "Rogue access point" by aircrack-ng suite or Reaver, and Pixiewps or wifiphiser. After do follow instruction and wait maybe you can capture password what user login

Rei
  • 34
  • 10
  • 1
    That's not how evil twin attack works... You can't get the wifi password cause client never sends it – Mr. E Dec 17 '16 at 19:57
  • Mr.E with evil twin attack works, I can combined with MITM attack to fool the client and create the password with WPA and when client type true password to login, I can use Ettercap or wireshark to capture it. right?. And this is the tough question. Two way: 1. You just create the access point without password 2. You can use RADIUS server to monitor the client but can't see password what they write I wonder if why you need password they type wrong or true if you allow they login your wireless router – Rei Dec 17 '16 at 20:45
  • I don't understood what you said. What evil twin attack does is clone some AP MAC address and BSSID, then deauthenticate a client to make him connect to your rogue access point (Without password so he can connect). This happens cause WPA protocol can't check AP authenticity. Once he is connected to your AP you can either give him internet access through a bridge and watch all http traffic or you can create an evil portal trying to fool the user to provide the WPA password. But evil twin attack won't give you the WPA password if you can't trick the user to enter it AFTER he connects to rogue AP – Mr. E Dec 17 '16 at 21:49
  • Evil twin attack if attack alone it's impossible, but if it combined with MITM attack and DDOS AP. when client can't get access to true AP.They will get access to fake AP, client give attacker KEY(password of true AP)? someone can trick people with that method. Right , actually if attacker can't trick the user to enter password, after he connect to rogue AP, but if AP can be DDOS attack, ICMP flood and the users can't connect to true AP. What will they do? Mr.E – Rei Dec 17 '16 at 22:12
  • @Mr.E I have no idea whether the attack you describe works. But if it does work, I would consider that a very serious design flaw in WPA. – kasperd Dec 17 '16 at 22:14
  • @Rei During WPA 4-way handshake client never sends the actual password to the AP, they interchange a puzzle that can be solved only if both parties know de shared key (Derived from password). If the puzzle is solved then AP knows that the client knows the correct password but it was never send. So there are 2 scenarios, you make a rogue ap with the same password as original AP (I don't really know if this works) or you make a rogue AP without password, as client knows he can connect to your AP (Cause you have same BSSID) he tries to connect, rogue AP has no password so no puzzle – Mr. E Dec 17 '16 at 22:25
  • Let me more clear.Assume that we have 1 victim AP lets call that as AP1.I am going to use wifi jammer that it provides to block signal of corresponding AP.When its complitally blocked my Fake AP will be step in to the field.There will be only 1 AP which will be same as i blocked one. – Fi. Dec 18 '16 at 12:20
  • .The differiences between evil twin attack and mine is evil twin create a Fake AP which is not secure and everybody can easly connect and it also uses handshake when corresponding user connect the AP it directly redirect to the web browser and as for WPA password.When they write it matches with handshake and get the password.What i want is when the Fake AP been created it will be secure one and will ask for password.Whatever he/she write it.I want to get what they write. – Fi. Dec 18 '16 at 12:21
  • @MehmetNumanGenç You can't get the password that the user types to access the AP cause the password is never sent to the AP. A high level explanation of the 4-way handshake in WPA: 1) The client sends a request to connect to the AP 2) The AP sends a puzzle crafted from the password 3) The client solves the puzzle cause he knows the password 4) From the solved puzzle both AP and client derive the encryption keys for later communication. In this process the password is never sent, you can't get the WPA password with a fake AP – Mr. E Dec 18 '16 at 18:58
  • After achieving a MITM using the Evil Twin attack, attacker redirects all HTTP requests to an attacker-controlled phishing page. Steps: 1. Victim is being deauthenticated from her access point by DOS AP or jam a network by aircrack, wifiphiser 2. Victim joins a rogue access point 3. Victim is being served a realistic specially-customized phishing page When victim enter password, we can GET ALL WHAT CLIENT ENTER in textbox coz client get access through protocol HTTP. It's not 4-way handshake.You asked how can get password what the client enter true or wrong.That's what you need – Rei Dec 18 '16 at 20:13
  • @Mr.E that was my answer thank you i really apperciate that. Rei I know how it works thank you too there is a tool it called fluxion in github after i triedi just wanted to have some easy alternatives to gain password look like its not possible. :) – Fi. Dec 18 '16 at 21:11