• Fluxion is a wireless network auditing tool that is primarily used for security testing and assessing the vulnerabilities of Wi-Fi networks.
• It is designed to exploit weaknesses in the WPA/WPA2-PSK authentication process, which is commonly used to protect Wi-Fi networks.
• Fluxion takes advantage of a technique called a “man-in-the-middle” attack, where it intercepts communication between devices on a network.
• It creates a fake access point that imitates a legitimate network, tricking devices into connecting to it.
• Once a device connects, Fluxion captures the WPA/WPA2-PSK handshake, which contains the encrypted password used to access the network.

1. Fluxion is the future — a blend of technical and social engineering automation that tricks a user into handing over the Wi-Fi password in a matter of keystrokes. Specifically, it's a social engineering framework using an evil twin access point (AP), integrated jamming, and handshake capture functions to ignore hardware and focus on the "wetware." Tools such as Wifiphisher execute similar attacks but cannot verify the WPA passwords supplied.
2. Fluxion evolved from an advanced social engineering attack named Lindset, where the first tool was written mostly in Spanish and suffered from several bugs. Fluxion is a rewritten attack to trick inexperienced users into divulging the password/passphrase of the network.
3. It is a unique tool in its use of a WPA handshake to not only control the behavior of the login page but the behavior of the entire script. It jams the original network and creates a clone with the same name, enticing the disconnected user to join. It presents a fake login page indicating the router needs to restart or load firmware and requests the network password to proceed. Simple as that.
4. The tool uses a captured handshake to check the password entered and continues to jam the target AP until the correct password is entered. Fluxion uses Aircrack-ng to verify the results live as they are entered, and a successful outcome means the password is ours.

• Wi-Fi Security Auditing : Helps assess vulnerabilities in wireless networks.
• Man-in-the-Middle (MITM) Attacks : Creates a fake access point to intercept user credentials.
• Captive Portal Attack : Redirects users to a fake login page to capture Wi-Fi passwords.
• Deauthentication Attacks : Forces users to disconnect from their legitimate network and connect to the rogue access point.
• Handshaking Capture : Collects authentication handshakes to verify passwords.

1. To use Fluxion, you first need to clone the tool from GitHub and ensure that your Kali Linux distribution is up to date. Once installed, you can run the tool to perform various attacks, including creating rogue access points and capturing WPA/WPA2 encryption hashes through the handshake process.
2. The process typically involves scanning for available Wi-Fi networks, performing a de-authentication attack to disconnect clients from the original access point, and setting up a fake access point with the same SSID as the target network. When users connect to this fake access point, Fluxion captures the entered password, allowing access to the secured network.
3. Fluxion supports dictionary and brute force attacks for cracking captured WPA/WPA2 handshakes, requiring a robust wordlist for this step.
4. It is important to note that Fluxion should only be used for legitimate security testing, ethical hacking, and educational purposes, and must be used responsibly and within legal boundaries.
• Fluxion : A Wi-Fi security analysis tool that can simulate rogue Wi-Fi access points and capture login credentials, showcasing users' susceptibility to social engineering tactics.
• Kali Linux : The operating system on which Fluxion is designed to operate, tailored for cybersecurity professionals and ethical hackers.
• WPA/WPA2 : Wi-Fi security protocols that Fluxion targets for auditing and testing vulnerabilities.
• MITM (Man In The Middle) Attack : A technique used by Fluxion to intercept communication between devices on a network, creating a fake access point that imitates a legitimate network.
• Captive Portal Attack : An attack method where Fluxion sets up a fake access point with the same SSID as the target network, tricking users into connecting to it.
• Handshake Snooper Attack : An attack method used by Fluxion to acquire WPA/WPA2 encryption hashes.
• De-authentication Attack : An attack where Fluxion disconnects clients from the original access point to trick them into reconnecting to the fake access point.
• Wordlist : A list of potential passwords used in dictionary and brute force attacks to crack captured WPA/WPA2 handshakes.

• aircrack-ng
• bc
• dhcpd
• nmap
• openssl
• xterm
• route
• fuser
• lihttpd
• macchanger
• php-cgi

Terminal Installation Commands ...
GUI Installation Steps ...

Linux

1. Open your terminal.
2. Install Git if not already installed : sudo apt install git (for Debian-based systems).
3. Clone the Fluxion repository :

$ git clone https://github.com/FluxionNetwork/fluxion.git

4. Navigate to the Fluxion directory : cd fluxion.
5. Run the tool : ./fluxion.sh. It will automatically install any missing dependencies.

Windows

Fluxion is not natively supported on Windows. However, you can use it through a Linux virtual machine or the Windows Subsystem for Linux (WSL) :

1. Set Up WSL or a Linux Virtual Machine :
• For WSL : Install it via the Microsoft Store and choose a Linux distribution like Ubuntu.
• For a virtual machine : Use software like VirtualBox or VMware to set up a Linux environment.
2. Install Git :
• Open the terminal in your Linux environment and run : sudo apt install git
3. Clone the Fluxion Repository :
• Run the following command :

$ git clone https://github.com/FluxionNetwork/fluxion.git

4. Navigate to the Fluxion Directory :
• Use : cd fluxion
5. Run Fluxion :
• Execute the script : ./fluxion.sh

MacOS

1. Open the terminal.
2. Install Git using Homebrew : brew install git.
3. Clone the Fluxion repository :

$ git clone https://github.com/FluxionNetwork/fluxion.git

4. Navigate to the Fluxion directory : cd fluxion.
5. Run the tool : ./fluxion.sh. It will install any required dependencies.

Terminal Uninstallation Commands ...
GUI Uninstallation Steps ...

Linux

1. Open your terminal.
2. Navigate to the Fluxion Directory :
   • Use the cd command to go to the folder where Fluxion was cloned. For example : cd ~/fluxion
3. Delete the Fluxion Folder :
• Run the following command to remove the Fluxion directory and all its contents : rm -rf fluxion
4. Optional: Remove Dependencies (if installed specifically for Fluxion) :
• If you installed additional tools or dependencies for Fluxion, you can uninstall them using your package manager. For example : sudo apt remove git

Windows (via WSL or Linux VM)

1. Open the Environment :
• For WSL : Launch the WSL terminal.
• For a Linux VM : Open the terminal in your virtual machine.
2. Navigate to the Fluxion Directory :
• Use the cd command to go to the folder where Fluxion was cloned. For example : cd ~/fluxion
3. Delete the Fluxion Files :
• Run the following command to remove the Fluxion folder and all its contents : rm -rf fluxion
4. Optional: Uninstall WSL or the VM (if used only for Fluxion) :
• For WSL :
• Open Control Panel > Programs > Programs and Features.
• Find the Linux distribution you installed (e.g., Ubuntu), right-click on it, and select Uninstall.
• For a VM :
• Open your virtualization software (e.g., VirtualBox, VMware).
• Delete the virtual machine.

MacOS

1. Open the Terminal :
• You can find it in Applications > Utilities > Terminal or use Spotlight Search to open it.
2. Navigate to the Fluxion Directory :
• Use the cd command to go to the folder where Fluxion was cloned. For example : cd ~/fluxion
3. Delete the Fluxion Folder :
• Run the following command to remove the Fluxion directory and its contents : rm -rf fluxion
4. Optional : Remove Dependencies (if installed specifically for Fluxion) :
• If you installed additional tools or dependencies (e.g., Git) for Fluxion, you can uninstall them using Homebrew : brew uninstall git