• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • March
  • 8
  • The Rogue Toolkit – Targeted Evil Twin Wireless Access Point Attack

The Rogue Toolkit – Targeted Evil Twin Wireless Access Point Attack

March 8, 2018March 4, 2018 Comments Off on The Rogue Toolkit – Targeted Evil Twin Wireless Access Point Attack
create evil twin attack how to use the rogue toolkit rogue toolkit The Rogue Toolkit - Targeted Evil Twin Wireless Access Point Attack

The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points (AP) for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil twin attacks against a variety of wireless network types.

Rogue was originally forked from s0lst1c3’s eaphammer project. The fundamental idea of the Rogue toolkit was to leverage the core concept of the eaphammer project in an alternative manner to allow for flexibility, integration and adaption to future changes to the 802.11 standards and supporting tools. Rogue is suited for the the following cases:

  • Compromising corporate accounts to be later used in impersonation attacks to gain access to corporate wireless networks.
  • To subvert network protections, such as captive portals or client to client isolation, to be able to target and compromise connected wireless devices and using compromised devices and credentials to pivot deeper into internal networks.

 

Supported Features

  • Automatic Channel Selection – The Rogue toolkit allows testers to leverage hostapd-wpe’s in-built Automatic Channel Selection (ACS) functionality to perform a scan of the surrounding frequencies to detect a clear channel for hostapd-wpe to utilise. ACS can be invoked by providing a value of 0 as the channel.
  • packet capturing – The Rogue toolkit leverages tcpdump to allow penetration testers to record the network traffic of their evil twin networks for record keeping purposes.
  • karma – The Rogue toolkit can invoke hostapd-wpe with in-built karma support enabled. When karma is enabled, the hostapd-wpe access point will respond to all 802.11 probe requests, not just for itself but for any requested ESSID. This feature allows the toolkit to draw in surrounding client devices that are probing for known networks and to begin to attack these devices.
  • ESSID Masking – The Rogue toolkit also supports ESSID cloaking, allowing testers to set the value of the SSID field in 802.11 frames to 0. This allows for stealthier attacks, especially when performing karma-based attacks.
  • network bridging – When the Rogue toolkit is launched, it will also launch an instance of isc-dhcp-server which provides the hostapd-wpe wireless network with DHCP. However, by default this network is isolated from the internet or any other network the attack platform is also connected too. By using the --internet argument, a tester can bridge the rogue network with another network. This allows Rogue to provide seamless access to resources expected by the connected victims and enable follow up network attacks to compromise connected victim credentials.
  • Rogue currently supports the following IEEE 802.11 protocols:
    • 802.11b
    • 802.11g
    • 802.11n (2.4GHz/5GHz)
    • 802.11a
  • Rogue currently supports the following wireless authentication types:
    • open
    • wep
    • wpa-psk(1/2)
    • wpa2-enterprise
  • x.509 Certificate Generation – Certificates are required by the Rogue toolkit to use many of the supported EAP-types when deploying WPA2-Enterprise based wireless networks.
  • The toolkit has been extended to support for sslsplit. This allows testers to automated perform SSL termination to be able intercept credentials exchanged over an encrypted channel.
  • The Rogue toolkit uses freeradius-wpe as an external Radius server when deploying wpa2-enterprise-based networks. An external Radius server is used instead of the integrated Radius server within hostapd-wpe. This allows for wider ranges of scenarios to be supported and support more EAP-types:
    • ttls
    • tls
    • peap
    • md5
    • pwd
    • gtc
    • leap
  • The Rogue toolkit include a website cloning capabilities, using httrack, allowing testers to clone a website to be used in later attacks. The idea behind this capability is to allow the tester to clone captive portals or other sites of interest. Once cloned, the site can be served to connected victims through external DNS spoofing with seeded web hooks for the several hostile portal attacks.
  • The toolkit has been extended to support hostile portal attacks. After cloning a website, the Rogue toolkit can insert a browser hook into a cloned page to be served to the victim. When the modified page is next view, the victim’s browser will be hooked by the supported framework. The Rogue toolkit currently supports the following hostile portal modes:
    • BeEF Framework
    • responder

 

Install

This toolkit has been designed and tested on Kali Linux.

git clone https://github.com/InfamousSYN/rogue.git
cd ./rogue
python install.py

 

Dependencies


Software

  • hostapd-wpe
  • freeradius-wpe
  • isc-dhcp-server
  • httrack
  • sslsplit
  • responder
  • be3f framework
  • apache2/httpd
  • openssl
  • tcpdump

 

Python libraries

  • tqdm
  • netifaces

 

Targeted Evil Twin Wireless Access Point Attack Toolkit: The Rogue Toolkit Download

Post navigation

How to Do ARP Spoofing/Poisoning
CrawlBox – Easy Way to Brute-force Web Directory

Related Articles

HashCatch – Capture Handshakes of nearby WiFi networks automatically

- Wifi Hacking
September 24, 2019

Ehtools – Framework Of Serious Wi-Fi Penetration Tools

- Wifi Hacking
September 5, 2019

WifiBroot – Wifi Cracking Tool for WPA/WPA2

- Wifi Hacking
August 5, 2019August 5, 2019
hacker gadgets
hacker phone covers

Recent Posts

Seekr: multi-purpose toolkit for gathering and managing OSINT Data

Seekr: multi-purpose toolkit for gathering and managing OSINT Data

February 7, 2023
reportly: AzureAD user activity report tool

reportly: AzureAD user activity report tool

February 7, 2023
PoC Exploit For GoAnywhere MFT 0-Day Flaw (CVE-2023-0669) Published Online

PoC Exploit For GoAnywhere MFT 0-Day Flaw (CVE-2023-0669) Published Online

February 7, 2023
FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

February 6, 2023
Heap_Detective - The Simple Way To Detect Heap Memory Pitfalls In C++ And C

Heap_Detective – The Simple Way To Detect Heap Memory Pitfalls In C++ And C

February 6, 2023
OneNoteAnalyzer: analyzing malicious OneNote documents

OneNoteAnalyzer: analyzing malicious OneNote documents

February 6, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW