The aircrack-ng suite can create an "Evil Twin" access point wherein you masquerade as an existing access point. You then broadcast a dissasociate/deauhtenticate packet to all the existing access point's clients, bumping them off of the access point. Then, if the power of your spoofed access point is greater than the real access point from the perspective of the client those clients would connect to you, because they choose the access point with the most powerful signal. This results in a man-in-the-middle scenario.
A great tool for use with a man-in-the-middle scenario is the Man in the Middle Framework, or MITMf. It has the ability, for instance, to intercept web pages and Javascript over the man-in-the-middle connection (which it achieves by ARP poisoning instead of using an evil twin setup) and inject custom Javascript, such as the Browser Exploitation Framework's (BeEF) hook.
What I want is to be able to create a man-in-the-middle scenario by way of evil twin using aircrack-ng, and then leverage the capabilities of MITMf over that man-in-the-middle connection.
This way, for instance, I could create a successful evil twin scenario using aircrack-ng and then inject the BeEF hook Javascript using MITMf into all clients' relevant data streams connected to my evil twin access point.
In this way the method of man-in-the-middle is not using MITMf's ARP poisoning, but instead the method used is that of an evil twin access point through aircrack-ng.
答案 0 :(得分:0)
If you make an evil twin attack, the clients connect to YOUR access point, this means all network traffic is running through its network interface! No need for spoofing anymore, you already are the man in the middle when they connect to you. You can sniff all traffic in wireshark running on the wifi interface for example.