LabEx
Log InJoin Free

Import an Existing Handshake File into Fluxion

Beginner
Practice Now

Introduction

Fluxion is a powerful social engineering tool designed to audit the security of wireless networks. One of its primary attack vectors is the Captive Portal attack, which requires a valid WPA/WPA2 handshake from the target network. While Fluxion can capture this handshake itself, you may already have a handshake file (typically a .cap file) captured using other tools like airodump-ng or besside-ng.

In this lab, you will learn the manual process of importing an existing handshake file into Fluxion. This involves placing the .cap file in the correct directory and creating a corresponding database file that Fluxion uses to identify the network's details. By the end of this lab, you will be able to seamlessly integrate captures from other tools into your Fluxion workflow.

Obtain a .cap Handshake File from another Tool

In this step, we will simulate the process of having already captured a handshake file. In a real-world scenario, you might have used a tool like airodump-ng on a different machine to generate this file. For this lab, a sample file has been prepared for you in the ~/project/external_captures directory.

Your first task is to locate this file. Use the ls -l command to list the contents of the directory and identify our sample handshake file.

ls -l ~/project/external_captures

You should see the following output, which confirms the presence of our .cap file. The naming convention ESSID_BSSID.cap is common, but not strictly required.

total 0
-rw-r--r-- 1 labex labex 0 Jan 1 12:00 MyHomeWiFi_00-11-22-33-44-55.cap

Now that we have located our file, we can proceed to place it where Fluxion can find it.

Copy the .cap File into the 'handshakes' Directory

In this step, you will move the handshake file into the specific directory that Fluxion scans for existing captures. Fluxion stores all its attack-related files, including handshakes, within its own directory structure. The correct location for handshake files is ~/project/fluxion/attacks/Handshake/handshakes/.

Use the cp command to copy the .cap file from ~/project/external_captures to the Fluxion handshakes directory.

cp ~/project/external_captures/MyHomeWiFi_00-11-22-33-44-55.cap ~/project/fluxion/attacks/Handshake/handshakes/

After copying the file, it's good practice to verify that the file is now in the correct location. Use the ls -l command again to check the contents of the destination directory.

ls -l ~/project/fluxion/attacks/Handshake/handshakes/

You should see your copied file listed in the output:

total 0
-rw-r--r-- 1 labex labex 0 Jan 1 12:01 MyHomeWiFi_00-11-22-33-44-55.cap

Create a corresponding .db file with network details

In this step, you will create a metadata file that Fluxion requires to understand the details of the captured network. Simply having the .cap file is not enough; Fluxion needs a corresponding .db file with the same name (e.g., MyHomeWiFi_00-11-22-33-44-55.db) in the same directory. This file stores the network's BSSID, ESSID, and channel.

First, create the empty .db file using the touch command.

touch ~/project/fluxion/attacks/Handshake/handshakes/MyHomeWiFi_00-11-22-33-44-55.db

Next, you need to populate this file with the network information in a specific format: BSSID;ESSID;CHANNEL. For our example network "MyHomeWiFi" with BSSID "00:11:22:33:44:55" on channel "6", use the echo command to write this data into the file.

echo "00:11:22:33:44:55;MyHomeWiFi;6" > ~/project/fluxion/attacks/Handshake/handshakes/MyHomeWiFi_00-11-22-33-44-55.db

Finally, verify the contents of the .db file using the cat command to ensure the data was written correctly.

cat ~/project/fluxion/attacks/Handshake/handshakes/MyHomeWiFi_00-11-22-33-44-55.db

The output should exactly match the string you just entered:

00:11:22:33:44:55;MyHomeWiFi;6

Launch Fluxion and Select the Target Network

In this step, you will launch Fluxion to see if it correctly detects our imported handshake. Since Fluxion is an interactive script that requires a wireless adapter, we will simulate the launch process and describe what you would see in a real environment.

First, navigate into the fluxion directory.

cd ~/project/fluxion

Now, execute the main script with sudo privileges.

sudo ./fluxion.sh

Upon launching, Fluxion will present a series of initial prompts:

  1. Language Selection: It will ask you to choose a language. You can press Enter to select the default, English.
  2. Adapter Selection: It will search for wireless adapters. In our simulated lab environment, it will likely find none. This is expected.

After these initial checks, Fluxion will scan the handshakes directory. Because we correctly placed both the .cap and .db files, it will display our target network in its list. The output would look similar to this:

[#]      BSSID              CH  ENCR    POWER   ESSID
[1]      00:11:22:33:44:55  6   WPA2    -       MyHomeWiFi

This confirms that Fluxion has successfully imported the network information. For this lab, you can now exit the script by pressing Ctrl+C.

Verify Fluxion Detects the Handshake as 'Verified'

In this final step, we will explore how Fluxion validates the handshake file. When Fluxion lists the available networks, it also checks if the corresponding .cap file contains a usable WPA/WPA2 handshake. It does this by running the aircrack-ng utility in the background.

To see this process for yourself, you can run the same command that Fluxion uses. Execute aircrack-ng on our imported .cap file.

aircrack-ng ~/project/fluxion/attacks/Handshake/handshakes/MyHomeWiFi_00-11-22-33-44-55.cap

Since the .cap file we created is empty and for demonstration purposes only, aircrack-ng will report that it did not find a valid handshake. The output will look something like this:

Opening /home/labex/project/fluxion/attacks/Handshake/handshakes/MyHomeWiFi_00-11-22-33-44-55.cap
Read 0 packets.

   ##  BSSID              ESSID                     Encryption

   1  00:11:22:33:44:55  MyHomeWiFi                WPA (0 handshake)

Choosing first network as target.
Opening /home/labex/project/fluxion/attacks/Handshake/handshakes/MyHomeWiFi_00-11-22-33-44-55.cap
No valid WPA handshakes found.

In a real-world scenario where your .cap file contained a valid handshake, the output would instead say WPA (1 handshake). When Fluxion sees this, it marks the handshake as "Verified" in its user interface, indicating that it's ready to be used for a Captive Portal attack. This manual check helps you understand the mechanism Fluxion uses for handshake validation.

Summary

In this lab, you have successfully learned how to import an existing handshake file into Fluxion. You practiced the entire workflow, from locating a pre-captured file to preparing it for use in a Fluxion attack.

You have learned to:

  • Locate a pre-existing .cap file.
  • Copy the .cap file to Fluxion's dedicated handshakes directory.
  • Create and populate the necessary .db metadata file with the network's BSSID, ESSID, and channel.
  • Launch Fluxion to confirm that it recognizes the imported network.
  • Manually run aircrack-ng to understand the handshake verification process that Fluxion performs automatically.

This skill makes Fluxion a more flexible tool in your security auditing toolkit, allowing you to leverage handshake captures from any source.