1
00:00:00,420 --> 00:00:05,610
Hi and welcome in this video, I'm going to teach you the basics of the evil twin attack.

2
00:00:06,450 --> 00:00:09,000
So first off, let's see what is an evil twin?

3
00:00:09,480 --> 00:00:14,010
An evil twin is a fake wireless network that appears as a genuine hotspot.

4
00:00:14,700 --> 00:00:19,320
The idea is to set up a malicious wireless network with the same name as the original one.

5
00:00:19,980 --> 00:00:24,330
Basically, you are making a clone of the wireless network, which you want to attack.

6
00:00:25,180 --> 00:00:29,850
Now, devices connected to a Wi-Fi network have no way to distinguish between two.

7
00:00:29,850 --> 00:00:32,850
I find networks with the same ID name.

8
00:00:33,630 --> 00:00:40,200
This enables hackers to set up a fake wireless network that can capture the traffic and extract personal

9
00:00:40,200 --> 00:00:42,210
information from the victim's.

10
00:00:43,630 --> 00:00:46,990
OK, now let's see the anatomy of the evil twin attack.

11
00:00:47,920 --> 00:00:54,520
So first off, the attacker scans the air for the target access point information like SS ID name,

12
00:00:54,850 --> 00:00:57,160
channel number and Mac address.

13
00:00:57,730 --> 00:01:03,340
He then uses that information to create the malicious wireless network with the same characteristics.

14
00:01:04,210 --> 00:01:10,510
No claims on the legitimate access point are repeatedly disconnected, forcing them to connect to the

15
00:01:10,510 --> 00:01:12,100
malicious access point.

16
00:01:12,640 --> 00:01:18,490
As soon as the client is connected to the fake wireless network, he may start browsing the internet

17
00:01:18,970 --> 00:01:23,740
and he will see a web login page saying Please login to access the internet.

18
00:01:24,460 --> 00:01:30,850
Now, if the client enters the password, he will be redirected to a login page and the password will

19
00:01:30,850 --> 00:01:33,670
be stored in the database of the attacker machine.

20
00:01:34,420 --> 00:01:38,080
So this is how the evil twin attack works behind the scene.

21
00:01:39,250 --> 00:01:44,830
OK, now let's learn about captive portals, which are often used in evil twin attacks.

22
00:01:45,580 --> 00:01:52,540
So a captive portal is a web page that is displayed to newly connected users over a Wi-Fi network.

23
00:01:53,230 --> 00:02:00,130
Captive portals are used by business centers, airports, coffee shops and other places that offer free

24
00:02:00,130 --> 00:02:02,290
Wi-Fi for internet users.

25
00:02:03,130 --> 00:02:09,070
Users can freely connect to these networks, and they will often be directed to a login page where a

26
00:02:09,070 --> 00:02:12,190
password is required before accessing the internet.

27
00:02:12,700 --> 00:02:18,670
The danger in using these type of networks is that an attacker can create a clone of the wireless network

28
00:02:18,670 --> 00:02:24,010
with the same login page and tricking users to connect to the fake wireless network.

29
00:02:24,670 --> 00:02:31,660
So if this happens, then the attacker can capture sensitive information using tools like Wireshark.

30
00:02:33,050 --> 00:02:34,940
So that's it for now.

31
00:02:34,970 --> 00:02:37,730
Thanks for watching, and I was sure next time.