
Do you know that your wireless network is can be intercept your communication and spy your activities. This is called the Evil Twin attack, hacker can create a malicious Wi-Fi that can intercept your activities.
What is an Evil Twin Attack ?
An evil twin attack is a type Wi-Fi attack that works by taking advantage of the fact that most computers and phones will only see the “name” or ESSID of a wireless network. This actually makes it very hard to distinguish between networks with the same name and same kind of encryption. This type of attack may be used to steal the passwords of unsuspecting users, either by monitoring their connections or by phishing, which involves setting up a fraudulent web site and luring people there.

The attacker snoops on Internet traffic using a bogus wireless access point. Unwitting web users may be invited to log into the attacker’s server, prompting them to enter sensitive information such as usernames and passwords.
Eaphammer
EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate just how fast this tool is, our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands.
Disclaimer
EAPHammer (the “Software”) and associated documentation is provided “AS IS”. The Developer makes no other warranties, express or implied, and hereby disclaims all implied warranties, including any warranty of merchantability and warranty of fitness for a particular purpose. Any actions or activities related to the use of the Software are the sole responsibility of the end user. The Developer will not be held responsible in the event that any criminal charges are brought against any individuals using or misusing the Software. It is up to the end user to use the Software in an authorized manner and to ensure that their use complies with all applicable laws and regulations.
Quick Start Guide (Kali)
Begin by cloning the eaphammer repo using the following command:
Next run the kali-setup file as shown below to complete the eaphammer setup process. This will install dependencies and compile the project:
To setup and execute a credential stealing evil twin attack against a WPA/2-EAP network:
# generate certificates ./eaphammer --cert-wizard # launch attack ./eaphammer -i wlan0 --channel 4 --auth wpa-eap --essid CorpWifi --creds
Usage and Setup Instructions
For complete usage and setup instructions, please refer to the project’s wiki page:

Features
- Steal RADIUS credentials from WPA-EAP and WPA2-EAP networks.
- Perform hostile portal attacks to steal AD creds and perform indirect wireless pivots
- Perform captive portal attacks
- Built-in Responder integration
- Support for Open networks and WPA-EAP/WPA2-EAP
- No manual configuration necessary for most attacks.
- No manual configuration necessary for installation and setup process
- Leverages latest version of hostapd (2.8)
- Support for evil twin and karma attacks
- Generate timed Powershell payloads for indirect wireless pivots
- Integrated HTTP server for Hostile Portal attacks
- Support for SSID cloaking
- Fast and automated PMKID attacks against PSK networks using hcxtools
- Password spraying across multiple usernames against a single ESSID
Supported EAP Methods
EAPHammer supports the following EAP methods:
- EAP-PEAP/MSCHAPv2
- EAP-PEAP/GTC
- EAP-PEAP/MD5
- EAP-TTLS/PAP
- EAP-TTLS/MSCHAP
- EAP-TTLS/MSCHAPv2
- EAP-TTLS/MSCHAPv2 (no EAP)
- EAP-TTLS/CHAP
- EAP-TTLS/MD5
- EAP-TTLS/GTC
- EAP-MD5
802.11a and 802.11n Support
EAPHammer now supports attacks against 802.11a and 802.11n networks. This includes the ability to create access points that support the following features:
- Both 2.4 GHz and 5 GHz channel support
- Full MIMO support (multiple input, multiple output)
- Frame aggregation
- Support for 40 MHz channel widths using channel bonding
- High Throughput Mode
- Short Guard Interval (Short GI)
- Modulation & coding scheme (MCS)
- RIFS
- HT power management