Settings
Log out
In this session we are going to see how a fake access point can be created and used to capture the data that we sent over that Device like the passwords sent over http and some random IRC Chats.
Think about this senario, If you are in a random place and happened to be connected to an open network, it doesn’t matter what device you are connected with, your data will be visible to the person who is controlling the access point.
Not only that, but the person in control can have a complete control over your device by hooking you with a malicious web page or a backdoor.
A Fake access point or an evil twin attack is a type Wi-Fi attack that works by taking advantage of the fact that most computers and phones will only see the "name" or ESSID of a wireless network. This actually makes it very hard to distinguish between networks with the same name and same kind of encryption. In fact, many networks will have several network-extending access points all using the same name to expand access without confusing users.
If you want to see how this works, you can create a Wi-Fi hotspot on your phone and name it the same as your home network, and you'll notice it's hard to tell the difference between the two networks or your computer may simply see both as the same network. A network sniffing tool like Wigle Wifi on Android or Kismet can clearly see the difference between these networks, but to the average user, these networks will look the same.
This works great for tricking a user into connecting if we have a network with the same name, same password, and same encryption, but what if we don't know the password yet? We won't be able to create a network that will trick the user into connecting automatically, but we can try a social engineering attack to try to force the user to give us the password by kicking them off the real network.