An evil twin attack is a type of Wi-Fi attack where a rogue Wi-Fi access point (AP) is used to mimic a legitimate access point provided by a business, such as a coffee shop that offers free Wi-Fi access to its customers.
By imitating a legitimate access point, we can trick users into connecting to it, so we can steal credentials, redirect victims to malware sites, perform LLMNR, NBT-NS poisoning attacks, and so on.
We will start by installing a DHCP server todynamically configure the victim's IP setting:
apt install isc-dhcp-server -y
Next, configure the DHCP server by editing the configuration file at /etc/dhcp/dhcpd.conf
:
authoritative; default-lease-time 600; max-lease-time 7200; subnet 10.0.0.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 10.0.0.255; option routers 10.0.0.1; option domain-name-servers 8.8.8.8; range 10.0.0.100 10.0.0.254; }