EvilAp Defender Tool For Detecting Evil Access Points

evil access points

A latest open source tool may help in scanning an area periodically for rogue Wi-Fi access points and may alert the network administrators in case they are visible. The tool is known as EvilAp_Defender and has been designed particularly for detecting the malicious or evil access points which are configured by the hackers for mimicking the legitimate ones for tricking the users to automatically connect with them.

The access points are evil-twins and they allow the hackers to easily intercept the traffic on the internet from the devices which are in touch with them. It may also be using for stealing the credentials, spoof the websites, etc.

For Data Analysis with Open Source Tools 

Most of the users configure their devices as well as computers to connect to a wireless network automatically like those at their workplace or in their house. However, once faced by the 2 wireless networks which have similar name, or the SSID and sometimes even same MAC-address or a BSSID, most of the devices would automatically connect with the one which has stronger signal. If you still don’t really know how the Wi-Fi connections work, and how they can be used in the cyber criminal attacks, then you need to improve your knowledge, really. Also, we would recommend you to follow the cyber security tips for your personal safety and the safety of your sensitive data.

This helps in making the evil-twin attacks easier for pulling off as both the SSIDs as well as the BSSIDs may be a spoof.

The evil-twin is not only a plot device for the television criminal shows. However, it is also a threat to the data of your company. It’s quite easy for the criminals to set-up the evil twin rogue wire-less access points which mimics one which your users as well as visitors connect to whether in your premised or in the public place.

EvilAp_Defender

EvilAp Defender has been developed in the python language by the developer, Mohammed Idris. Idris publishes it on the GitHub. It may use the wireless network of a computer for discovering rogue access-points which duplicate the BSSID and SSID of the real access point.

This tool was tested first in the learning mode so that legitimate access point that is AP may be detectable. It may be then switch to the normal mode for starting scanning of the unauthentic access point.

In case an evil AP, this tool would alert the network admin through email, but the tool developers also plan to add the SMS alert feature in the future.

A preventive mode is also there in which this tool may launch a DoS attack against evil AP.

The denial of service is performed only for the evil Aps that have similar SSID but a different MAC address. This helps in avoiding any kind of attack on the legitimate network.

However the users need to remember that risking someone else’s entry points, is illegal in a lot of countries.

Needs of the Tool to Defend Evil Access Points

In order to function, this tool requires the Aircrack-ng wireless suite, Python runtime and wireless card. Which should be compatible with Aircrack-ng and MySQL.

The network administrators may now identify the rogue access point with the help of the EvilAP defender tool.

Rogue access points may wreak havoc on the Wi Fi clients whether it is residential or business. Security researcher Mohamed Idris has created a free of cost toll for the network administrators. The tool will identify and bringing down these kinds of rogue access points.

EvilAP Defender app may come handy in the Evil Twin threats that consist in impersonating the legitimate Wi/Fi tricking the users to connect to the device controlled by the cyber criminals. Idris also states that the tool is specifically handy. Because it has functionality which allows the administrator to easily run denial of service activities against any malicious devices.

Different points of access will be coming out through the identifiers and EvilAP Defender. It depends on such characteristics for determining impersonating devices.

Get Embedded Systems and Robotics with Open Source Tools

The network administrators may configure the web application for considering just the Basic Service Set Identifier (BSSID). They may also include different attributes like cipher, channel, privacy protocol as well as authentication. They may even add OUI (Organisationally Unique Identifier) into mix.

Upgradations

Idris states that, “right now there’s no software based access points which permit changing of the tagged parameters. Thus the 3rd option looks to be the best for ensuring rogue devices don’t duplicate characteristics of the legitimate one.”

You can also configure the tools for performing the DoS on the evil access points.

The application has built in safety measure that does not allow the DoSing of the legitimate networks. Just notice that DoS will just be performing for the evil AP that have similar SSID but a different BSSID.

The DoS attack feature of this tool has safety measures. It will be using on the AP with similar SSID and different BSSID. The network admin may hit their own devices too.

Another feature in this tool is possibility of alerting the administrator through mails. Whenever any malicious device maybe detected tool will give mail notifications. Irdis is also planning to add the SMS support in future.

Learn Learning Linux Binary Analysis

So, this was everything about evil access points and tools to prevent them. Stay informed with the latest internet security tips!