-
Notifications
You must be signed in to change notification settings - Fork 1.4k
FAQ
Shut the $!@# up and update your software. There is already a version > 4.0
This is a unpaid spare time project, and we can't afford to support every legacy version. If it's a major security concern, feel free to let us know. If something is just broken or inconvenient in an old version, we don't care.
This is a social engineering attack and it's pointless to drag clients in automatically. The script relies on the fact that users are present in order to connect to the fake accesspoint and enter the wireless credentials.
There shouldn't be one. All of the traffic is being sinkholed to the built in captive portal via a fake DNS responder in order to capture the credentials.
This can be caused by several things for example:
- The DNS rerouting script doesn't work properly
- if this is the case, the yellow window handling DNS requests will not show any rerouting entries
- The clients are not connected to the FAKE AP
- The clients recognized that the fake ap has no internet connection and use their cellular data instead.
If you want to help fix this issue, send us the output of the diagnostics script and iptables -L -n -v while fluxion is running the captive portal attack.
The temporary files are placed in /tmp/fluxspace/. This directory only exists WHILE fluxion is actually running an attack. It will be cleaned up during the exit routine of fluxion.
Check the output of iw list it should contain something like this:
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* mesh point
* P2P-client
* P2P-GO
The important ones are AP and monitor if one of those is missing your wifi card is most likely incompatible. If you are looking for advice on which card to buy, check wikidevi for information. People tend to generally recommend the TP-LINK TL-WN722N v1 ( v2 WILL NOT WORK) and the Alfa AWUS036NHA.
The most common cause for this is using a driver that does not support virtual interfaces. Fluxion's Captive Portal attack may use a virtual interface to simulate a secondary wireless adapter, one is used for jamming the target access point, while the other is used for generating the "evil twin" access point. The realtek-rtl88xxau-dkms is a relatively popular driver that does not support virtual interfaces.
This is how the script works. The fake captive portal is set up by the script itself to collect the credentials. Don't freak, it's all okay.
The MAC address of the fake access point differs by one octet from the original in order to prevent fluxion de-authenticating clients from itself during the session.
Interfaces with a negation symbol are currently being used by other processes.
To force the usage of busy interfaces start fluxion with the FLUXIONWIKillProcesses flag:
export FLUXIONWIKillProcesses=1; ./fluxion.sh
Separate the flags with command delimiters (semicolons ';'):
export FLUXIONWIKillProcesses=1; export FLUXIONWIReloadDriver=1; ./fluxion.sh
You can find that folder in:
Fluxion 3
/tmp/fluxspace
Fluxion 2 and older
/tmp/FluxTemp
Note:
The folder gets erased after exit. If the debug mode is on the folder will not be erased.
You can find every saved handshake in:
fluxion/attacks/Handshake Snooper/handshakes
It's required you use network adapters supporting master (access point) mode. If you don't currently own an adapter, we suggest you make an educated purchase by looking into devices and their chipsets here.
FLUXION WIKI