One of my favorite mini-projects I completed, was based on an evil twin attack. An evil twin attack is when a threat actor sets up a fake WAP ( not the Cardi B song ) in hopes a victim will connect to it, instead of the legitimate one.
An evil twin attack is a type of man in the middle attack where PII or other sensitive information can be stolen.
For the project, I used Wifi Pumpkin 3 to help create the rogue access point .
Once I cloned it successfully I then began to think of an access point I wanted to mimic . Since it was the season of Halloween and I was listening to Three Six Mafia, I thought it was appropriate to use Starbucks.
As I was finishing setting up wifi pimpkin 3 , a captive portal began to download. A captive portal is what you see when you usually join public wifi ! "Typically, a captive portal presents the user with terms of service, which they must agree to before accessing your business's WiFi hotspot".
once the captive portal was done loading I entered in fake credentials to see what would happen on my shell
here you can see the information that was entered into the captive portal ! I'm able to see passwords and email accounts. Spooky! Imagine if the captive portal was a replica of a social media website ?
It is very important to use a VPN while connecting to public wifi , especially if you are concerned with someone hacking into your phone or laptop.