Fluxion is the future of MITM WPA attacks
Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality. It’s compatible with the latest release of Kali (rolling). Latest builds (stable) and (beta) can be found here here. If you’re new, or just don’t understand much about the project, have a look at the wiki. The attack is mostly manual, but experimental versions will automatically handle most functionality from the stable releases.
This is a social engineering attack and it’s pointless to drag clients in automatically. The script relies on the fact that a user should be present in order to enter the wireless credentials.
There shouldn’t be one. All of the traffic is being sinkholed to the built in captive portal via a fake DNS responder in order to capture the credentials.
There might be a problem with lighttpd. The experimental version is tested on lighttpd 1.439-1, anything neweer may break functionality. If you have problems, please use the stable version. For more information check this fix out.
Fluxion is intended to be used for legal security purposes only, and you should only use it to protect networks/hosts you own or have permission to test. Any other use is not the responsibility of the developer(s). Be sure that you understand and are complying with the Fluxion licenses and laws in your area. In other words, don’t be stupid, don’t be an asshole, and use this tool responsibly and legally.