Using captive portal attack
Creating a fake access point with an extra captive portal
What can we do using a captive portal?
Basically, do phishing by cloning official login portals and trick or clients to give us credentials or sensitive information.
Configuration
First, we define the SSID (Name of the access point), interface and ignoring pydns_server.
In this case I'll be using a facebook captive portal to trick the users, so to install it just do the following.
Now I'll select the facebook template.
Now we need to choose what proxy we want to use.
In this case we will use the captiveflask proxy.
Just type
set proxy captiveflask
Here in the setting options, I'll type
set captiveflask.force_redirect_to_url https://google.com
This will redirect the user to google.com once he types the requested credentials.
Victims phone
Attackers overview
Commands used
Last updated