Introduction
In this lab, you will learn the process of initiating a deauthentication attack using Fluxion. A deauthentication attack is a type of denial-of-service attack that targets the communication between a user and a Wi-Fi access point, forcing the user's device to disconnect.
Fluxion is a powerful security auditing and social engineering tool that can automate this process. We will walk through the steps within a simulated Fluxion environment to understand how to select the appropriate attack options to disconnect all clients from a target network. This is a foundational technique used in more complex Wi-Fi penetration tests, such as setting up a Captive Portal.
Disclaimer: This lab is for educational purposes only. Performing deauthentication attacks on networks you do not own or have explicit permission to test is illegal.
Proceed with the Captive Portal Attack
In this step, you will start the simulated Fluxion script and make your first selection. After a target network is chosen (which is simulated for you), Fluxion presents several attack vectors. We will choose the 'Captive Portal' attack, which is a common method that involves deauthenticating clients.
First, navigate into the fluxion directory and execute the script.
cd ~/project/fluxion
sudo ./fluxion.sh
The script will start and prompt you to select an attack vector. Type 2 and press Enter to choose the 'Captive Portal' option.
==================================================
Fluxion Simulation for LabEx v1.0
==================================================
This script will guide you through a simulated attack.
Please follow the lab instructions to make selections.
Scanning for target networks... (simulation)
Target 'MyHomeWiFi' (CH 6) selected.
Please select an attack vector:
[1] FakeAP - Hostile portal
[2] Captive Portal
fluxion > 2
Select the 'aireplay-ng' Deauthentication Method
In this step, after selecting the attack type, the script will ask you to choose a tool for the deauthentication phase. aireplay-ng is a part of the famous Aircrack-ng suite and is a reliable choice for sending deauthentication frames.
At the prompt, type 1 and press Enter to select aireplay-ng.
[+] Captive Portal attack selected.
Please select a deauthentication attack method:
[1] aireplay-ng (recommended)
[2] mdk4
fluxion > 1
This tells Fluxion to use aireplay-ng to perform the disconnection of clients from the legitimate Access Point.
Choose the 'Deauth all' Option to Disconnect All Clients
In this step, you will specify the scope of the deauthentication attack. You can either target a specific client or all clients on the network. For this lab, we want to maximize the impact by disconnecting everyone.
At the prompt, type 1 and press Enter to choose the 'Deauth all' option.
[+] aireplay-ng selected as deauthenticator.
Please select the deauthentication scope:
[1] Deauth all (broadcast)
[2] Deauth a specific client
fluxion > 1
This configures aireplay-ng to send deauthentication packets to the broadcast address of the AP, which will disconnect all currently connected clients.
Monitor the Fluxion Window for Deauthentication Packet Sending
In this step, after making your final selection, the script will simulate the launch of the attack. In a real Fluxion session, a new terminal window would open showing the aireplay-ng output. Our simulation will display this output directly in the current terminal.
You should see messages confirming that deauthentication packets are being sent.
[+] 'Deauth all' selected.
==================================================
ATTACK PHASE
==================================================
Starting deauthentication attack...
[+] Sending DeAuth to broadcast on channel 6...
[+] Sending DeAuth to broadcast on channel 6...
[+] Sending DeAuth to broadcast on channel 6...
Attack is now running. In a real scenario, clients would be disconnected.
Fluxion simulation finished. You can now proceed with the lab.
Observing this output confirms that the deauthentication attack has been successfully initiated.
Observe Clients Disconnecting from the Legit AP
In this final step, we consider the impact of our attack. With the deauthentication packets being broadcast, any real client devices (laptops, phones, etc.) connected to the target network would now be forcibly disconnected.
Their Wi-Fi connection would drop, and their device would immediately start scanning for available networks. The goal of the larger Captive Portal attack is that they will see the fake "Evil Twin" access point created by Fluxion and connect to it, believing it's their original network.
Since this is a simulated environment, we cannot observe real clients disconnecting. However, it is crucial to understand that this disconnection is the intended and direct effect of the attack you just launched. This completes the deauthentication phase of the attack.
Summary
In this lab, you successfully walked through the process of initiating a Wi-Fi deauthentication attack using a simulated Fluxion environment. You learned how to navigate the tool's menus to launch a specific phase of a larger penetration testing scenario.
You accomplished the following key steps:
- Selected the 'Captive Portal' attack vector.
- Chose
aireplay-ngas the deauthentication tool. - Configured the attack to 'Deauth all' clients via a broadcast.
- Monitored the simulated output to confirm the attack was running.
Understanding how to perform a deauthentication attack is a fundamental skill in Wi-Fi security assessment. It is the primary method used to enable more advanced attacks like Evil Twin and Captive Portal engagements.