Evil Twin is a phishing technique categorized under network attacks, it involves the creation of a rogue wireless access point (AP) that masquerades as a legitimate network, such as a public Wi-Fi hotspot or a familiar network with a captive portal, to deceive users into connecting and unknowingly divulging their sensitive login credentials and other personal information transmitted over the compromised connection.
Tip
Cappy, a framework that automates the attack, must be used only in clear, educational purposes.
Any action outside of that context is highly unrecommended, and may result in legal consequences
Python tool, that automates the process of setting up captive portal on Linux machines, with some tweaks.
Note
This software was tested on: Kali Linux, KaliPi, ParrotOS
In case of any trouble, create an issue and describe the error
Cappy operation scheme:
Check Dependencies ---> Choose network interface
| ^ |
| missing? | └ Change mac address Run captive portal <--- Select Template
| | | | |
Install Dependencies - | └ Menu Screen └ Capture credentials |
|_ _| | start? |
└ Prepare adapter ---> Configure IP Adresses ---> Restart services
└ Write configs
1-A. Installing Cappy with pip
In most cases, Cappy can handle the setup by itself, so give it a try
This will make 'Cappy' available from any path in the terminal
$ git clone https://github.com/FLOCK4H/Cappy
$ cd Cappy
$ sudo pip install .
1-B. Running Cappy with Python
We will need to install dependencies manually
$ sudo apt-get update
$ sudo apt-get install lighttpd hostapd dnsmasq
$ cd Cappy
$ sudo python Cappy
$ sudo Cappy
Templates are being saved to the /usr/local/share/Cappy/templates folder.
Creating a new template will result in making new directory in that path with a name of the template.
By default, there are 2 endpoints and 5 fields, that we can use in index.html of the template:
- /action.html -> username, password, credit, expire, cvv
- /data -> any
Example:
<form method='POST' action="http://10.0.0.15:80/action.html">
<input type='text' name='credit' placeholder="CARD NUMBER"/>
<input type='password' name='expire' placeholder="EXPIRY DATE"/>
<input type='password' name='cvv' placeholder="CVV"/>
<input value='Submit' type='submit'/>
</form>
Device wanting to join the network will be redirected to the index.html of the template, where after entering credentials and submitting, will be redirected to the action.html, that harvests those credentials and logs to the console.
There are 4 default templates:
googlemrhackerValentinesmcd
Help make this number bigger, and message me with your template:
flock4h@gmail.com \ Topic: Cappy Templates [NEW_TEMPLATE_NAME]
There are numerous reasons for why the Cappy may not work, as it all depends on the network adapter, operating system, and machine capabilities itself. Carefully read the console when launching the framework, the errors can provide more information on what's going on.
Here are the general steps on how to debug your issue:
- Ensure dependencies are installed manually
$ sudo apt-get install hostapd dnsmasq lighttpd
- Check paths for conflicts:
$ ls /etc/hostapd
$ find /etc/dnsmasq.conf
$ find /usr/local/share/Cappy
- Check logs of the services:
$ sudo systemctl status hostapd
$ sudo systemctl status dnsmasq
# If dnsmasq status replied with - 10.0.0.1-150 range is busy, you need to change all 10.0.0.15 and 10.0.0.20-150 entries in the code to other IP and range.
Tip
In case when troubleshooting steps did not work; please create an issue
- Add run arguments
- Stable release
- PyPi release