diff --git a/Captive-Portal-Attack.md b/Captive-Portal-Attack.md new file mode 100644 index 0000000..ab8a230 --- /dev/null +++ b/Captive-Portal-Attack.md @@ -0,0 +1,30 @@ +The `Captive Portal` attack attempts to retrieve the target access point WPA/WPA2 key by means of a rogue network with a border authentication captive portal. It's recommended this attack is done in close to semi-close proximity to the target access point. This is due to the fact the attack host will be serving the captive portal, meaning clients will need to have a decent Wi-Fi connection to the host machine. + +To successfully execute a `Captive Portal` attack with Fluxion, the following steps must be completed. + +* From the fluxion directory, execute fluxion, optionally including special `flags`: +``` +./fluxion.sh +``` +or with flags: +``` +# FLUXIONWIKillProcesses kills any wireless-interface (WI) blocking processes: +export FLUXIONWIKillProcesses=1; ./fluxion.sh +``` + +* When prompted, select a network interface which supports injection. +* Run a scan utilizing the selected wireless interface & select a target network. +* Select an attack on the target network. +The `Captive Portal` attack requires the handshake `.cap` file from the target access point. This file may be given to Fluxion manually (by inputting the path when prompted), or automatically by running and retrieving it with the `Handshake Snooper Attack` at which point Fluxion will auto-detect the handshake file and will not ask for it. +**If you do not have the `.cap` file, you must first complete the `Handshake Snooper` attack.** +**Once you've got the handshake file, select the `Captive Portal` attack.** +* When prompted, select an access point service (recommendations are there for a reason). +* When prompted, select an SSL certificate option for the captive portal. +If you've got a personal certificate, you must save it at `fluxion/attacks/Captive Portal/certificate/server.pem` and the attack will automatically detect it. If you don't have a personal certificate, select the option to automatically generate one. +* When prompted, select a UI for the captive portal. +By default, Fluxion comes with the generic interfaces only. Extra interfaces may be downloaded from [the sites' repository](https://github.com/FluxionNetwork/sites). +Select an interface suitable to the manufacturer of the device (scroll up if you don't see the manufacturer). + +After selecting a suitable interface, the attack will start. The rogue network will be created and the captive portal will be accessible through it. **Fluxion can only find the WPA/WPA2 key if the clients enter the corresponding password.** If a client enters an invalid/wrong password, the captive portal will notify the client of the invalid password and will give the option to renter a new password. + +Once a corresponding password has been given and Fluxion detects it, the rogue network will be killed, the deauthenticator will stop jamming the target access point, and the clients will be allowed to reconnect to the original access point. \ No newline at end of file