This blog is NOT OFFICIAL website of Kali Linux. We just share Tutorials to learn Cybersecurity.

Fluxion -- Crack WiFi Passwords in Minutes

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset tool by vk496 which is not upgraded for last 6 years. Fluxion have much more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It's compatible with our Kali Linux.

fluxion kali linux wifi auditing tool
 Work of Fluxion:
  1. Scan for a target wireless network.
  2. Launch the Handshake Snooper attack.
  3. Capture a handshake (necessary for password verification).
  4. Launch Captive Portal attack.
  5. Spawns a rogue (fake) AP, imitating the original access point.
  6. Spawns a DNS server, redirecting all requests to the attacker’s host running the captive portal.
  7. Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key.
  8. Spawns a jammer, de-authenticating all clients from original AP and luring them to the rogue AP.
  9. All authentication attempts at the captive portal are checked against the handshake file captured earlier.
  10. The attack will automatically terminate once a correct key has been submitted.
  11. The key will be logged and clients will be allowed to reconnect to the target access point.
Installation

Installation process of fluxion in our Kali Linux is quite easy and simple. As the many other tools we also need to clone fluxion from it'd GitHub repository.

To clone it we use following command in our Kali Linux terminal:

git clone https://github.com/FluxionNetwork/fluxion
This command will clone the fluxion in our system.

clonning fluxion from GitHub

Now we navigate to fluxion by using simple cd command:

cd fluxion
Now for the first time we run the bash script called fluxion.sh with -i flag to install the requirements to use fluxion:

sudo ./fluxion.sh -i
From the next time we don't need to use the -i flag, we just run:

sudo ./fluxion.sh
 In the following screenshot we can see that we are installing our missing packages:

fluxion installing requirements

After installing requirements it will start automatically and prompts for choosing language:
choosing language in fluxion

Then we need to select the wireless interface. If our system's wireless interface supports packet injection and monitor mode then we can go with it. But our Laptop's wireless chipset does not support injection and monitor mode so we use a Alfa wireless adapter AWUS036NEH (Available on Amazon, all the external wireless adapter in market does not supports monitor mode & packet injection).

selecting wireless interface

Then we need to search for WiFi networks around us:

fluxion selecting a channel

We can search dual band or any specific channel signals here.
Then it will start searching wireless networks nearby us.

fluxion scanning for nearby wifi

We give it some time to detect all networks then we stop it we press ctrl+x, and it will show us the founded WiFi networks.

available wireless networks

Now we select the wireless interface for tracking (If we are not sure what to do then we can skip this by selecting option 3).

interfaces for target tracking

Then we need to choose handshake retrieval method:

handshake captureing methods

For jamming and monitoring we must need to select interface (in our case we need to select our Alfa card i.e wlan1)

Interfaces for jamming and monitoring

Now fluxion prompts for verification hash process we go with the recommended.

fluxion hash process

Rest all the options are basics and nothing much to tell about it. Fluxion will de-authenticate all the target connected with our targeted wireless network. When the de-authenticated devices try again to connects fluxion will capture the handshake.

We can do this type of things also in aircrack-ng but fluxion is advanced and user-friendly. 

Fluxion is also capable to perform a Evil-Twin attack. In this attack technique we send de-authentication packets continuously to the target that all the client of target device will got disconnect and that time we create another WiFi with the same name and if clients thinks your WiFi as their original they got trapped and we got their credentials. Almost like phishing.

fluction in action
Handshake Capturing in Fluxion
Liked our tutorial then visit us regularly to get news updates and tutorial updates follow us on Twitter and Medium.

Got any trouble ? Please comment below we are always happy to help you.
author-img
Kali Linux

Comments

26 comments
Post a Comment
  • Unknown photo
    UnknownAugust 16, 2020 at 9:26 AM

    i keep getting a message that states " Dependency installation failed"
    "Package dhcp is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source."

    "E: PAckage 'dhcp' has no installation candidate "

    Delete Comment
    • Kali Linux photo
      Kali LinuxAugust 16, 2020 at 7:05 PM

      Try following command
      sudo apt-get install isc-dhcp-server
      Then dhcp will be installed. Now run Fluxion.. Happy hunting.

      Delete Comment
      • Unknown photo
        UnknownJuly 31, 2021 at 8:28 PM

        sir.. i have problem on fill path to handshake .cap..
        dyou have any suggestion?
        bcoz the option will go back to previous menu if i leave it blank ..

        Delete Comment
        • Kali Linux photo
          Kali LinuxAugust 1, 2021 at 12:18 PM

          Hello, you need to fill the full path of the handshake file. You can open the location on file manager then copy the .cap file then paste it on terminal using Ctrl+Shift+V , it's location will be printed on fluxion terminal.

          Delete Comment
        • Unknown photo
          UnknownSeptember 8, 2020 at 2:08 PM

          https://www.facebook.com/sabuj.dey.564

          Delete Comment
          • Unknown photo
            UnknownSeptember 27, 2020 at 10:52 AM

            In evil twin attack when we create fake router there is no option for tenda router what should I do then?

            Delete Comment
            • Kali Linux photo
              Kali LinuxSeptember 27, 2020 at 5:08 PM

              The fake router pages are stored in fluxion/attacks/Captive Portal/sites directory. You can modify one of them and manually create a html page for your tenda router. It will do your job. Thanks.

              Delete Comment
            • AnonymousSeptember 27, 2020 at 10:28 PM

              Can you please tell me how to modify it as I am a beginner.

              Delete Comment
              • Kali Linux photo
                Kali LinuxSeptember 27, 2020 at 10:36 PM

                This requires some knowledge in HTML CSS and js. You need to learn some programming. Otherwise you will become a script-kiddie. Everyone starts from script kiddie but keep learning things. That will really improve you.

                Delete Comment
                • AnonymousSeptember 28, 2020 at 3:40 PM

                  Can you please edit the file and give the link here as it will also help others. I will give you the required information about tenda router if needed. After some time I will learn programming. Please

                  Delete Comment
                  • Kali Linux photo
                    Kali LinuxSeptember 28, 2020 at 5:26 PM

                    Okey we will look on it.

                    Delete Comment
                  • AnonymousSeptember 28, 2020 at 3:45 PM

                    I am using fluxion 6.9 and it stuck at Starting Captive Portal access point service I tried many times what should I do.

                    Delete Comment
                    • Kali Linux photo
                      Kali LinuxSeptember 28, 2020 at 5:26 PM

                      Can you please specify the errors.

                      Delete Comment
                      • AnonymousSeptember 29, 2020 at 10:12 AM

                        There are no errors but it stops at starting captive portal acces point service.

                        Delete Comment
                        • Kali Linux photo
                          Kali LinuxSeptember 29, 2020 at 11:57 AM

                          You should read this, here you will get all the information of captive portal. If the problem still comes then you should open an issue in fluxion github, developers can help you.

                          Delete Comment
                        • Yash Kapure photo
                          Yash KapureOctober 14, 2020 at 1:20 PM

                          can you please suggest low cost wifi addapter below 1000/-
                          so that i can move ahead

                          Delete Comment
                          • Kali Linux photo
                            Kali LinuxOctober 14, 2020 at 4:55 PM

                            Please try to understand low cost wifi adapters doesn't have capability to perform wifi attacks. They cant do monitor mode and packet injections. That's why we need a special kind of Wi-Fi adapters. Some adapters from Alfa will be best for this kind of tasks. Hope you understand this. You can try googling "Best wifi adapter for Kali Linux".

                            Thanks.

                            Delete Comment
                            • Kazim AhmedNovember 23, 2020 at 6:21 AM

                              your option is tp link tl wn722n v1 it is cheapest and supports monitor mode and packets injection

                              Delete Comment
                              • Kali Linux photo
                                Kali LinuxNovember 23, 2020 at 7:55 AM

                                Only the Version 1. Later versions didn't support monitor mode and packet injection. But it's very hard to find one (Version 1) in the market.

                                Delete Comment
                              • NewbieTester photo
                                NewbieTesterOctober 21, 2020 at 9:52 PM

                                Please help me out. When I try to install the missing dependencies, fluxion tells me that they are already installed or the latest versions are already installed, something like that, but when it goes back trying to launch fluxion again, they're still missing.

                                Delete Comment
                                • Kali Linux photo
                                  Kali LinuxOctober 22, 2020 at 8:04 AM

                                  Which kind of Kali Installation you are using and give me some other details. Did you installed the dependencies manually?

                                  Delete Comment
                                • THE WIZARD photo
                                  THE WIZARDMay 17, 2021 at 1:35 PM

                                  The redirected webpage is not working on fluxion

                                  Delete Comment
                                • Technology photo
                                  TechnologyJuly 10, 2021 at 9:45 AM

                                  how many wifi adaptor needed for this attack

                                  Delete Comment
                                  • Kali Linux photo
                                    Kali LinuxJuly 10, 2021 at 7:52 PM

                                    You need a single wifi adapter that supports both monitor mode and packet injection. You can check this list and grab a wifi adapter.

                                    Delete Comment
                                  google-playkhamsatmostaqltradent