Script performs the following tasks:
- Scans the air for 42seconds
- If no vulnerable device is found nearby it exits.
- Else, it clones it's AP information
- Start Evil Twin
- Launch DHCP server
- Launch (poisoned) DNS server
- Launches Wi-Fi Deauthentication on legitimate AP.
- As soon as the vulnerable device is connected, it launches the heartbeat attack with the Python Heartbeat Proxy script.
The deauthentication attack, the Evil Twin, the Heartbeat attack, and also both DHCP and DNS servers must be running simulatenously during the whole attack period. This is because the device in a loop disconnects and falls back to association request/response but performs again half the authentication up to EAPoL message 2 of 4 before connecting back to the Evil Twin.
Strong antennas are needed to test this exploit as the Evil Twin needs to take over the real AP.
The exploit was written in a rush, it is more a POC rather than an official exploit.
The script needs serious revision. Most importantly, the identification and the retrieval of information of the vulnerable device and it's AP should be changed. This mechanism should not rely on the raw output of airodump-ng but on a more stable and reliable method.
Also it is to be noted that the cleanup function is not entirely functionnal. At some points when running multiple times the script in a row, the interface might get disabled and a message might appear that basically says that you should not do whatever you did again. In that case, for the moment, just run the ./fix_wifi_dontdoitagain.sh script to make your interface working normally again.
For security precautions the IP address and the PORT that the devices are connected to has been removed.