Wifi hacking ~ Fluxion tool

Fluxion :

Fluxion, A Tool to hack or test WPA/WPA2 Security Without Brute Force

Fluxion is the future—a blend of technical and social engineering automation that trick a user into handing over the Wi-Fi password in a matter of keystrokes. Specifically, it’s a social engineering framework using an evil twin access point (AP), integrated jamming, and handshake capture functions to ignore hardware and focus on the “wetware.” Tools such as Wifiphisher execute similar attacks, but lack the ability to verify the WPA passwords supplied.


How Fluxion works ? 

  • Scan the networks.
  •  Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
  • Use WEB Interface
  • Launch a FakeAP instance to imitate the original access point
  • Spawns a MDK3 process, which deauthenticates all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.
  • A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
  • A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
  • Each submitted password is verified by the handshake captured earlier
  • The attack will automatically terminate, as soon as a correct password is submitted


  • A linux operating system.

(recommend Kali Linux 2 or + versions which support the latest aircrack-ng versions.)

  • A external wifi card is recommended. (if u use kali as Virtual os  external wifi card in needed)

 click for kali linux compatible wireless cards


STEP-1  :  Cloning into Fluxion 

To get Fluxion running on our Kali Linux system, open terminal and change the directory to desktop and clone the git repository with:

cd Desktop

git clone https://github.com/sam0hack/fluxion-1.git

STEP-2  :  Moving into the downloaded folder

lets move into the downloaded folder by :

cd Desktop

cd fluxion

STEP-3  :  Installation of dependencies

Install the dependencies  for fluxion  before that change the permission of the file by

chmod +x installer.sh

sudo ./installer.sh

A window will open to handle installing the missing packages. Be patient and let it finish installing dependencies.

STEP-4  :   Running the tool Fluxion

After all the dependencies are met, our board is green and we can proceed to the attack interface. Run the Fluxion command again with

sudo ./fluxion

STEP-5  :  Scan Wifi networks

The first option is to select the language. Select your language by typing the number next to it and press enter to proceed to the target identification stage. Then, if the channel of the network you wish to attack is known, you may enter 2 (specific channels) to narrow the scan to the desired channel. Otherwise, select 1 (all channels) to scan all channels and allow the scan to collect wireless data

A window will open while this occurs. Press CTRL+C to stop the capture process whenever you spot the wireless network that you want. mandatory to run the scan for atleast 30 sec so that it can reasonably verify the connected clients to the network

STEP-6  :  selectyour target wifi AP (Access Point)

Select a target with active clients for the attack to run on by entering the number next to it. Unless you intend to wait for a client to connect this attack will not work on a network without any clients. with no one connected to network there is no use of attacking that network and we will not be able to get the key of that wireless network

STEP-7  :  Select your attack

Once you’ve typed the number of the targeted network, press enter to load the network profile into the attack selector.  This will create a fake hotspot using the captured information to clone the target access point. select the type of attack .”fake ap – hostapd” is the recomended one hence  type 1 and press enter.

STEP-8  :  Get a Handshake

In order to verify that the password we receive is working, we will check it against a captured handshake. If we have a handshake, we can enter it at the next screen. If not, we can press enter to force the network to provide a handshake in the next step.

Using the Aircrack-ng method by selecting option 1 (“aircrack-ng”), Fluxion will send deauthentication packets (jamms the network) to the target AP as the client and listen in on the resulting WPA handshake. When you see the handshake appear, as it does in the top right of the screenshot below, you have captured the handshake. Type 1 to check the handshake and hit enter

STEP-9  :  Create the phishing login Page (fake login page)

Select option 1  “Web Interface,” to use the social engineering

screen will be loaded with a list  of different fake login pages (phishing pages) you can send to the client user. These can be  customized with some edit works, but then it should match the device and language. The defaults should be tested before use

This is the final step to launch the attack  At this point, you are ready to shoot, so press enter to fire the attack. The attack spawns multiple windows to create a cloned version of their wireless network while simultaneously jamming the normal AP, enticing the user to join the identically named AP , but an  unencrypted, network.

STEP-10  :  Capturing the passwords …

The user is directed to a fake login page, which is either convincing or not, depending on which you chose.

Entering the wrong password will not match the handshake verification, and the client will be prompted to type the password again correctly . Upon entering the correct password, Aircrack-ng verifies and saves the password to a text file while displaying it on the screen. The user is directed to a “thank you” screen as the jamming ceases and the fake access point shuts down.


Fluxion is intended to be used for legal security purposes only, and you should only use it to protect/ audit/ test networks/hosts you own or have permission to test. Any other use is not the responsibility of the developer(s). Be sure that you understand and are complying with the Fluxion licenses and laws in your area. In other words, don’t be stupid, and use this tool responsibly and legally. author and admin is legally not responsible for your acts


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s