Fluxion is a new program that combines social engineering and technology to trick users into giving up their log-in and password information. This program is a step above Wifiphisher, which lacks the ability to verify WPA passwords. Fluxion takes all the work out of hacking using a variety of processes that quickly and easily convince users to provide their Wi-Fi password.
Fundamentally, or in terms of many aspects of its basic framework, it is similar to previous developments but uses a twin access point in combination with handshake capture and integrated jamming functions. These can work together so that aspects of hardware and software operations that normally take place in the standard functionality of the user account are overwhelmed.
The extent that Fluxion has developed in combination with its accessibility and ease of use online is the most concerning. A search of Google or other major internet search engines will reveal numerous instructional pages that can be downloaded. These instructions provide anyone with a little Internet skill to begin a new career as a cyber thief. These sites provide public access to a range of resources that make it possible for anyone to violate user privacy and accounts and steal login information.
The program initiated as an improvement over a successful attack and was rewritten, so both the structure and coding have been strategically optimized in addition to its user-friendliness and availability.
Fluxion uses what is known as a WPA handshake to affect the functionality of a login page as it attempts to gain receipt of user information. It can affect how the user’s entire script is controlled as the original network is jammed, and a clone is created with the same name, attempting to persuade the user into making an unsafe connection under the guise of a familiar one. It often requests that the user allow time for their router or firmware to reload or be updated. This is just a ploy; the real objective is to steal sensitive information.
Fluxion is an EvilAP attack tool, written with a combination of Bash and Python, that is used for MiTM attacks on WPA Wireless networks. Online sources report on Fluxion as a potentially beneficial tool while touting its features similar to how potential improvements in business functions could be experienced through software installation. Hack Insight claims that the use of Fluxion allows network scanning, handshake capture, web interface use, imitating original access points, the de-authentication of all users on a network, capturing and redirecting of all DNS requests, captive portal launching, password verification processes, and automatic program termination following the recording of a viable password. Technology and strategies applied include the launching of FakeAP instances for access point emulation, fake DNS server launching, and MDK3 process spawning.
Research and development (R&D) regarding Fluxion and related computer software security processes have involved multiple studies and patents in the past year. At the 12th International Conference on Recent Innovations in Science, Engineering, and Management, researchers reported having developed a highly successful cracking system by using Fluxion as their foundation. They explained that the damage that can be done with new hacking software using Fluxion demands better software processes in addition to network strategies in currently maintained and improving systems, particularly those that handle network connections and passwords.
At the 2017 IEEE International Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI), researchers reported that a number of new security patents have been involved in safeguarding against new hacking techniques that are relevant to the processes used by Fluxion. Fluxion was projected to remain a target of ethical hackers in ongoing research and development, and a foundation of the more damaging tools developed and made accessible online.