Wi-Fi Hacking using Evil Twin Attacks and Captive Portals! [Part 1]

3 min readJan 29, 2021


I love my Neighbor’s WIFE. Oh sorry.. Typo Its *WIFI..

We are going to bring this as an article series. Here is the first part.

Wi-Fi Hacking? Is it possible? Let’s see then.

So, in the first part, you will learn how to set up a fake access point with Captive portal Web page and captured the log-in information from victims. Then I will show you how to clone the web page from the original access point and steal sensitive information and then I will show you how to combine this Social Engineering Toolkit and the B Framework to perform an evil twin attack was done with that I will move to a different part where I will show you useful Wireshark filters and how to use tools like air get and Vivi pumpkin to automate the process and then you will learn how to create the fake access point which has a malicious captive portal with social media connectivity to steal the login credentials. And lastly, you will learn how to detect evil twin attacks and how to secure your system.

I’m going to teach you the basics of the evil twin attack. So, first off let’s see what is an evil twin?

The evil twin is a fake wireless network that appears as a genuine hotspot.

The idea is to set up a malicious wireless network with the same name as the original one. Basically, you are making a clone of the wireless network which you want to attack. Now the device is connected to a Wi-Fi network has no way to distinguish between two Wi-Fi networks with the same SS I.D. name. This enables hackers to set up a fake wireless network that can capture the traffic and extract personal information from the victims or key.

Now let’s see the anatomy of the evil twin attack.

So, first off, the attacker scans the air for the target access point information like SS I.D. name channel number and MAC address.

He then uses that information to create a malicious wireless network with the same characteristics. Now clients on the legitimate access point are repeatedly disconnected forcing them to connect to the malicious access point. As soon as the client is connected to the fake wireless network, he may start browsing the internet and he will see a Web login page saying Please login to access the Internet. Now if the client enters the password, he will be redirected to a loading page and the password will be stored in the database of the attacker machine. So this is how the evil twin attack works behind the scene.

Okay. Now let’s learn about captive portals which are often used in evil twin attacks.

So, a captive portal is a web page that is displayed to newly connected users over a Wi-Fi network. Captive portals are used by business centers, airports, coffee shops and other places that offer free Wi-Fi for Internet users. Users can freely connect to these networks and they will often be directed to a logging page where a password is required before accessing the Internet.

The danger in using this type of network is that an attacker can create a clone of the wireless network with the same logging page and tricking users to connect to the fake wireless network. So, if this happens then the attacker can capture sensitive information using tools like wire shark

Part 2 will be on hands on tutorial. Fire up your Kali-Linux, Update it and get ready. Things gonna be more hackish next time. :)

Originally published at https://madura-rajapakshe50.medium.com on January 29, 2021.

Written By/ Madura Rajapakshe -Associate Information Security Engineer at CryptoGen -President Cyber Security Community at SLIIT -4th Year 2nd Semester -Cyber Security Student at SLIIT-




First they begin with Us..