Level of Education of Students Involved
Both Undergraduate/Graduate
Faculty Sponsor
Nicholas Rosasco
College
College of Arts & Sciences (CAS)
Discipline(s)
Cyber Security, Computer Science
ORCID Identifier(s)
0009-0005-2896-3866
Presentation Type
Poster Presentation
Symposium Date
Spring 4-24-2025
Abstract
This research investigates the technical vulnerabilities that enable successful Evil Twin attacks, focusing on automated bypass techniques for captive portals and the effectiveness of Virtual Private Networks (VPNs) in mitigating such attacks. Understanding these vulnerabilities is crucial for developing robust security measures. Instead of relying on human subjects accessing different wireless networks, a controlled lab environment was established to simulate realistic network connections and to analyze traffic patterns. This approach allowed for precise control and repeatability of experiments. To emulate client device behavior, an automated Python script was developed. This script attempted various methods to bypass captive portal authentication, including common credential submission techniques and exploitation of potential weaknesses in portal implementation. Wireshark was used to analyze the impact of browser security features, such as HTTPS enforcement and certificate validation, on the success of bypass attempts. The results demonstrate the possibility of a full-tunnel VPN being able to bypass the initial credential sniffing attack often associated with Evil Twin setups. However, the captive portal will still appear in all tested Wireless Security protocols, indicating that while VPNs can protect data in transit, they do not inherently prevent exposure to malicious portals. Further research is needed to explore methods for completely circumventing captive portal redirection in Evil Twin scenarios.
Recommended Citation
Gustafson, Harris, "Evil Twin Attack Mitigation With Virtual Private Networks" (2025). Symposium on Undergraduate Research and Creative Expression (SOURCE). 1400.
https://scholar.valpo.edu/cus/1400
Biographical Information about Author(s)
Harris Gustafson, is a senior in Computer Science at Valparaiso University, with goals to obtain a Master's in Cyber Security.