1
00:00:02,710 --> 00:00:07,810
All right, so the good news is we have a valid handshake from the handshake snooper attack.

2
00:00:09,000 --> 00:00:12,720
Now we can set up to perform a captive portal attack.

3
00:00:13,740 --> 00:00:15,680
And that's also the good news.

4
00:00:17,940 --> 00:00:22,140
All right, to go to totally open the terminal screen, change direct reflection.

5
00:00:23,190 --> 00:00:29,880
So let's check if the handshake is saved inflexions database, we know it should be less folders and

6
00:00:29,880 --> 00:00:38,430
files with a command unless change directory to attacks, handshake, snooper, handshakes folder.

7
00:00:39,790 --> 00:00:40,770
List files.

8
00:00:42,140 --> 00:00:44,960
All right, so you're looking at the captured handshake.

9
00:00:46,140 --> 00:00:48,560
So go back to the fluxing folder again.

10
00:00:49,580 --> 00:00:51,230
Run a file with pseudo.

11
00:00:56,840 --> 00:00:59,060
Select captive portal attack.

12
00:01:01,060 --> 00:01:06,670
Now select a channel of the access point that we want to create a fake access point for.

13
00:01:08,420 --> 00:01:14,360
So if your target access point appears on the screen, just close the scanner with control, see, and

14
00:01:14,360 --> 00:01:16,310
are the number of the target access point.

15
00:01:22,330 --> 00:01:24,580
And I will select a wireless interface.

16
00:01:26,120 --> 00:01:32,540
So here I'm revealing all my secrets, I've used this before for this attack, therefore the configuration

17
00:01:32,540 --> 00:01:35,540
has been saved, so I'll just select reset attack.

18
00:01:38,090 --> 00:01:41,720
So we'll select the same interface for the fake access point.

19
00:01:42,830 --> 00:01:47,560
And this time, I would like to try the MDK for method for the authentic Haitian.

20
00:01:49,230 --> 00:01:53,290
So now we need to select an access point service for the rogue access point.

21
00:01:53,910 --> 00:01:57,090
OK, so I'll continue with a recommended option.

22
00:01:57,930 --> 00:02:01,170
So I'll select Count Patty for password verification.

23
00:02:02,450 --> 00:02:08,000
In a step, Flexion has detected the hash file previously captured by the Handshake Snooper Attack.

24
00:02:09,040 --> 00:02:11,200
So just select use a hash found.

25
00:02:13,330 --> 00:02:15,970
So, again, I'll select Count Patti for harsh verification.

26
00:02:17,490 --> 00:02:20,430
All right, Ash, verification is successful.

27
00:02:23,100 --> 00:02:30,630
Now, you must be aware that, as I say, LTL s is a method of encryption used to establish a secure

28
00:02:30,630 --> 00:02:32,340
connection between two points.

29
00:02:32,460 --> 00:02:37,800
In this case, the two points are the captive portals web server and the target client.

30
00:02:39,250 --> 00:02:44,740
Now, if you don't have a personal certificate, you may select who automatically generate one.

31
00:02:46,490 --> 00:02:48,890
So just select create an SSL certificate.

32
00:02:52,270 --> 00:02:58,930
Now you can select whether the captive portal web server should attempt emulating an Internet connection.

33
00:03:00,520 --> 00:03:05,830
This could be useful for people that don't want to make the captive portal obvious.

34
00:03:07,090 --> 00:03:14,020
The clients will connect, but will be fooled into believing that Internet access is available and it

35
00:03:14,020 --> 00:03:21,430
will cause all IOPS clients and some Android clients to not show the captive portal immediately upon

36
00:03:21,430 --> 00:03:22,990
connecting to the rogue network.

37
00:03:23,140 --> 00:03:30,310
However, the captive portal will still show up once the clients try to access any website that makes

38
00:03:30,310 --> 00:03:30,460
it.

39
00:03:31,360 --> 00:03:33,760
So that means our selected disconnected option.

40
00:03:34,930 --> 00:03:38,690
Now, in this step, will select a captive portal interface for the rogue network.

41
00:03:38,710 --> 00:03:41,770
I'll continue with the English generic portal.

42
00:03:46,070 --> 00:03:47,630
OK, so the attack begins.

43
00:03:49,450 --> 00:03:52,110
And this time there are six terminals on the screen.

44
00:03:53,400 --> 00:04:01,380
So the terminals above from last fluxing DHP service to give an IP address to the connected client.

45
00:04:02,860 --> 00:04:08,110
Flexion host APD, so it's a service to create a rogue access point.

46
00:04:10,820 --> 00:04:16,370
And Flexion Access Point authenticator that displays the authenticated clients to the access point.

47
00:04:17,340 --> 00:04:23,970
And the terminal is below, from the left are Flexion DNS service, and that provides access to the

48
00:04:23,970 --> 00:04:26,400
Internet by forwarding clients DNS queries.

49
00:04:28,060 --> 00:04:35,290
Election Web service, and that will listen to the Web traffic of the connected client and fluxing Jammer's

50
00:04:35,290 --> 00:04:38,800
service for day authentication atax.

51
00:04:49,750 --> 00:04:52,840
OK, so my phone authenticated to the access point now.

52
00:04:54,080 --> 00:04:56,930
And DHP service offered an IP address.

53
00:05:01,320 --> 00:05:03,870
It's disconnected and reconnected again.

54
00:05:12,070 --> 00:05:12,560
Cool.

55
00:05:12,580 --> 00:05:15,910
So finally, Web traffic appears on the Web service.

56
00:05:19,020 --> 00:05:25,680
So I'm listening to the traffic and the man in the middle attack is completed successfully.

57
00:05:26,650 --> 00:05:27,370
Good job.