What's new
  • Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as: All that and more! Registration is quick, simple and absolutely free. Join our community today!

Tutorial häçk WPA/WPA2 protected wifi security using Fluxion on android/pc (Kali Linux)


Eternal Poster
Feb 13, 2017
NOTE: Use at your own risk

Yes tama ang nababasa mo! häçking WPA/WPA2 protected wifi. Diretso na häçking po ito ng wifi using social engineering (phishing)

So paano nga ba gumagana si Fluxion?
  • First nag is scan ng target wireless network.
  • Then i lalaunch nya si handshake snooper to capture handshake.
  • Launch captive portal attack then mag ke create ng fake rouge access point.
  • Spawns jammer para i de-authenticate lahat ng connected user sa original accesspoint and i lure sa fake access point.
  • Once na nag log na si target sa captive portal and na i type ang correct password, auto terminate na yung attack.
  • Tada! Key will be logged after, instant password tayo less than 5 mins.

1. Pc or android device na may kali linux. (See installation for android sa previous post ko). Mas okay din kali nethunter.
2. External usb wifi adapter (for packet injection)

NOTE: First thing before start need natin mag monitor mode.

1. run command :
$ ifconfig
2. Then lalabas dyan yung external wireless usb nyo dyan (example name: wlan1)
3. run command :
$ ifconfig wlan1 down
$ iwconfig wlan1 mode monitor
4. Done. Ready na for installation ng fluxion. Wag po gayahin yung "$" na sign, yung word lang po.

1. Run nyo lang kali-linux/kali nethunter nyo, wala ng intro intro.
2. Install na agad si Fluxion by running command :
$ git clone You do not have permission to view the full content of this post. Log in or register now. (click link para ma copy nyo full link, di gagana pag dito sa post ko ang kinopy)
3. run command again :
$ cd fluxion
$ ./fluxion.sh
4. After running that command. Mag o auto install na mga missing dependencies/package dyan. If not, manual installation nalang.
5. After installation, proceed tayo sa pag run ng fluxion using command :
$ ./fluxion.sh
6. Mag run na si fluxion dyan, if not, may missing pa na package or dependencies for sure.
7. Pag nag run na, proceed tayo sa configuration like language, etc. Then select nyo kung anong usb external wifi gamit nyo. (Type the number)
8. Next is select a channel na tayo. Prefer ko dito is select "All channel" if di kayo sure kung ano yung target channel nyo.
9. Then may mag aappear na new window dyan, airodump-ng for scanning wireless network. Ctrl + c to exit the window.
10. Then ilalabas na ni fluxion yung mga available targets natin. Then choose number na nag cocorespond sa target
11. May lalabas dyan na atttack option. Choose natin sa selected option si "FakeAP Hostapd".
12. Then mag aask si fluxion dyan regarding sa handshake file. Skip lang natin tong process na to. Just hit "enter"
13. Then lalabas yung handshake check na option. Choose natin sa selected option si "pyrit"
14. Then lalabas yung capture handshake na option. Choose natin sa selected option si "Deauth all" (dito na madidisconnect si user sa wifi nya hohoho)
15. May lalabas ulit na new window, wag nyo lang pakelaman sa capture handshake yan, makikita nyo yung deauth attack.
16. Pag na capture na yung handshake, (usually nakalagay is WPA HANDSHAKE xx:yy: so on and so forth) i run on background lang natin yang window. Then balik tayo sa fluxion window.
17. Pag balik sa fluxion window, may lalabas na status handshake na option. Choose natin sa selected option si "check handshake"
18. Pag valid na yung handshake, proceed na tayo sa next process which is create "SSL certificate for fake login". Choose natin sa selected option si "Create a SSL certificate"
19. Then choose natin sa selected option si ""web interface"
20. Then pipili tayo ngayon ng login template. Syempre choose natin sa selected option si "English".
21. And hola! Done na si steup natin. So si fluxion mag ke create na yan ng fake access point which has the same wifi information ng target. Asahan nating mas madaming xterm windows ang mag pa pop up.
22. So sa POV ng target natin. Ma didisconnect sya sa wifi nya then magkakaron ng same wifi network sa kung saan sya connected. (Example kung ang name ng wifi is connect here, magkakaron ng other wifi network also named as connecthere pero open lang sya. Meaning no password needed. Dont worry, di makaka connect si target sa original wifi network because of deauth. So no choice sya kundi mag connect sa fake accesspoint natin.
23. Once nag nag connect na si target sa fake AP natin, ma riridirect sya sa fake login page for wifi. (Dito sa page na to hihingin yung password ng wifi)
24. Once na nasubmit na ni target yung password, i veverify na ni fluxion yung password then if tama, i teterminate na ni fluxion lahat ng attack and diretso display ng wifi password.
25. On the target side, may mag popop up na notice. Something like "your connection will be restored in a few moments"
26. Congrats! Magsaya kana kasi nakuha mo na ang password.

PS: Mastadong mahaba step, complicated kasi yung process. Pero worth it naman. Usually, ang attack is tumatagal ng 5-7 mins. Depende kung gaano kabilis kumonnect at mag log in si target sa fake AP.

NOTE: If may question drop lang kayo try ko sagutin. And also try at your own risk!


Popular This Month

Online statistics

Members online
Guests online
Total visitors

Forum statistics