Fix Evil Twin attack: make it actually work, and harden the portal

tests/test_adaptive_deauth_integration.py

@@ -30,7 +30,7 @@ def test_adaptive_deauth_initialized(self, mock_config):
         """Test that adaptive deauth manager is initialized on attack creation."""
         # Set up Configuration mock with all required attributes
         mock_config.interface = 'wlan0'
-        mock_config.evil_twin_deauth_interval = 5.0
+        mock_config.eviltwin_deauth_interval = 5.0
         mock_config.wpa_attack_timeout = 60
 
         from wifite.attack.eviltwin import EvilTwin

tests/test_eviltwin_e2e.py

@@ -28,9 +28,9 @@
 # Set required Configuration attributes before importing other modules
 Configuration.wpa_attack_timeout = 600
 Configuration.interface = 'wlan0'
-Configuration.evil_twin_timeout = 0
-Configuration.evil_twin_portal_template = 'generic'
-Configuration.evil_twin_deauth_interval = 5
+Configuration.eviltwin_timeout = 0
+Configuration.eviltwin_template = 'generic'
+Configuration.eviltwin_deauth_interval = 5
 
 from wifite.attack.eviltwin import EvilTwin, AttackState
 from wifite.model.target import Target
@@ -47,7 +47,7 @@ class TestRealRouterScenarios(unittest.TestCase):
     def setUp(self):
         """Set up test fixtures."""
         Configuration.interface = 'wlan0'
-        Configuration.evil_twin_timeout = 0
+        Configuration.eviltwin_timeout = 0
 
     def test_wpa2_personal_router_scenario(self):
         """Test scenario: WPA2-Personal router with standard settings."""
@@ -593,7 +593,7 @@ def setUp(self):
         self.mock_target.wps = False
 
         Configuration.interface = 'wlan0'
-        Configuration.evil_twin_timeout = 0
+        Configuration.eviltwin_timeout = 0
 
     @patch('wifite.attack.eviltwin.Color')
     @patch('wifite.attack.eviltwin.input')

tests/test_eviltwin_unit.py

@@ -35,11 +35,17 @@ def test_hostapd_initialization(self):
         self.assertEqual(hostapd.password, 'testpassword')
         self.assertFalse(hostapd.running)
 
-    def test_hostapd_default_password(self):
-        """Test hostapd uses default password when none provided."""
+    def test_hostapd_open_network_when_no_password(self):
+        """With no password, the AP must be OPEN (captive portal requirement)."""
         hostapd = Hostapd('wlan0', 'TestNetwork', 6)
-
-        self.assertEqual(hostapd.password, 'temporarypassword123')
+
+        # No passphrase is stored, and the generated config must not enable WPA2
+        # (otherwise clients couldn't associate to reach the portal).
+        self.assertIsNone(hostapd.password)
+        config = hostapd.generate_config()
+        self.assertNotIn('wpa=2', config)
+        self.assertNotIn('wpa_passphrase', config)
+        self.assertIn('auth_algs=1', config)
 
     def test_hostapd_config_generation(self):
         """Test hostapd configuration file generation."""
@@ -66,8 +72,29 @@ def test_hostapd_config_special_characters(self):
         """Test hostapd handles special characters in SSID."""
         hostapd = Hostapd('wlan0', 'Test Network 2.4GHz', 6, 'pass123')
         config = hostapd.generate_config()
-        
+
         self.assertIn('ssid=Test Network 2.4GHz', config)
+
+    def test_hostapd_ssid_newline_injection_neutralized(self):
+        """A newline in the SSID must not inject hostapd directives."""
+        # Malicious SSID attempting to append a directive on a new config line.
+        malicious = 'Evil\nmacaddr_acl=1\nctrl_interface=/tmp/x'
+        hostapd = Hostapd('wlan0', malicious, 6, 'pass123')
+        config = hostapd.generate_config()
+
+        # The injected directives must NOT appear as standalone config lines.
+        lines = config.split('\n')
+        self.assertNotIn('ctrl_interface=/tmp/x', lines)
+        # The SSID line must be hex-encoded (ssid2=) rather than a raw ssid=.
+        self.assertTrue(any(line.startswith('ssid2=') for line in lines))
+        self.assertFalse(any(line.startswith('ssid=Evil') for line in lines))
+
+    def test_hostapd_ssid_non_ascii_hex_encoded(self):
+        """Non-ASCII SSIDs are emitted as ssid2=<hex> (hostapd-safe)."""
+        hostapd = Hostapd('wlan0', 'Café📶', 6, 'pass123')
+        config = hostapd.generate_config()
+        lines = config.split('\n')
+        self.assertTrue(any(line.startswith('ssid2=') for line in lines))
 
     def test_hostapd_config_file_creation(self):
         """Test hostapd creates configuration file."""

wifite/args.py

@@ -531,6 +531,13 @@ def _add_eviltwin_args(self, group):
                           type=int,
                           help=self._verbose('Seconds between deauth bursts (default: {G}5{W})'))
 
+        group.add_argument('--eviltwin-timeout',
+                          action='store',
+                          dest='eviltwin_timeout',
+                          metavar='[seconds]',
+                          type=int,
+                          help=self._verbose('Give up after N seconds (default: {G}0{W} = run until success/interrupt)'))
+
         group.add_argument('--eviltwin-template',
                           action='store',
                           dest='eviltwin_template',