Fluxion : Cracking Wifi Without Bruteforce or Wordlist in Kali Linux 2017.1. [Full Guide]

Hello Friends.
This is another tutorial in Cracking Wifi series.
Today we are using another application named "FLUXION".

NOTE : This video is for EDUCATIONAL PURPOSE only.

The main advantage of fluxion is that it doesn't use any wordlist or perform bruteforce attack to break the key.
Fluxion creates a Open twin Ap of the target network.
When someone tries to connect to that network a fake authentication page pops up asking for key.
When user enters the key, fluxion captures that key and provides us.

Step 1: Download and Install Fluxion into Your System.

Goto : https://github.com/wi-fi-analyzer/fluxion

Step 2: Extract Fluxion.

After Downloading fluxion . Goto Downloads and extract Fluxion.

Step 3: Run Fluxion.

Goto extracted directory where fluxion.sh is located and Run
If all required file are updated and installed then fluxion will run, otherwise a list of unavailable files will show.

Step 4: Install Required Files.

If any of the required file is missing then you have to install them.
For this goto install directory and open terminal there. Now, Run :

It will install all required files.
Now you are ready to run Fluxion.

Step 5: Cracking WiFi.

1- Run : ./fluxion.sh
2- Select Language.

3- Select Channel. I prefer All channels.

It will start scanning your nearby networks on all channels.
Press CTRL + C to stop the search.
4- Enter ID of the channel you want to crack.

5- Select Attack option. I prefer FakeAp - Hostpad.

6- Select Handshake check. I prefer pyrit.

7- Select Capture Handshake option. I prefer Deauth All.

Now wait for the handshake.

After handshake is captured close both windows. And in Status Handshake select Check handshake.
8- Now Select Create a ssl certification.

9- Select Web Interface.

10- Select Login Page.

Now wait for the user to connect to our open twin Ap and enter key for authentication.
After a user is connected he/she has to enter the password.
As soon as he/she enters the password we get it.

Thats All.
For Full video tutorial goto :

Don't forget to like share and subscribe to our You Tube Channel.
TechGeeks : https://www.youtube.com/c/TechGeeks2k17
Thank You.

6 Responses

Is there a link to see the fake log in pages?

You could try connecting to the rogue Access Point that Fluxion has created, it essentially disables the network you've targetted (after you've captured & verified the handshake hash for that particular AP and began a hostapd attack...) it's kind of ironic that the previously WPA/WPA2 network gets disabled and becomes "open" (no password required to connect to it) the password will only be prompted after a connection is established with whatever device you may choose - the only thing that remains the same is the ESSID (the name of the network) but I'm not sure about if you tried to be a black hat and tried to trick other people into connection to supposedly their own network that has become "open", I'm not sure what are the chances of this working because it seems like most people have a 2G & 5G access point, and simply disabling one won't really accomplish much as they will either connect to their 5G AP or their cellular network... o.0

Hello! Can anyone tell me "how I can get client to connect to my fake AP"? When I tested it, I found out that my phone still can use the real AP. Is there a way I can stop my phone from using the real AP and connect to my fake AP... Thank you for any help...

Use aireplay-ng to send deauthentication packets.
This will block any user from successfully connecting to the Real AP

Look it up Here

NOTE : aireplay-ng comes with aircrack-ng

Im getting error while installing required files.

Share Your Thoughts

  • Hot
  • Active