How to Perform an Evil Twin Attack & Steal Wi-Fi Passwords

In this guide, I will show you how to launch a captive portal evil twin attack using airgeddon tool.

An evil twin is an attack in which a hacker sets up a fake Wi-Fi network that looks like a legitimate access point to steal victims’ sensitive information. The idea is to set up a malicious wireless network with the same SSID name as the original one.

The most common evil twin attack scenario you may come across in the wild is one with Captive Portals.

This attack creates a false access point (captive login portal) and forces the victim/user to enter their wifi password to the fake access point by de-authenticating them from the real access point.

Once the password is entered, the hacker can log into the network, take control of it, monitor unencrypted traffic, and perform other attacks.

There are other types of evil twin attacks that are less obvious, but will still steal your information. However, the captive portal variant is the easiest to perform.

Install Airgeddon

To install airgeddon, download the files from the GitHub repository using the git clone:

git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git

Once the files are downloaded, change the directory to the tool’s folder and start airgeddon with the following commands.

cd airgeddon
sudo ./airgeddon.sh

Now select the wireless interface to use, in my case, it’s wlan0mon.

Evil Twin Attack Option

The next step to launch an attack is to select the evil twin attack option.

Select Evil Twin Attacks Menu by entering the corresponding number 7.