- Fix interface deallocation leaks in Handshake Snooper jammer,
Captive Portal jammer/AP, and tracker unset functions that caused
auto mode to exhaust all USB adapters on retry
- Fix auto mode selecting Captive Portal instead of Handshake Snooper
(alphabetical ordering issue)
- Add --band flag (bg/a/abg) for explicit band selection in auto and
scan-only modes, passed directly to airodump-ng
- Fix scan-only client count double-output (grep -c exit code + fallback)
- Fix scan-only readarray missing -t flag (trailing newlines)
- Remove --5ghz flag and deauth-ng.py — mdk4 handles all deauth needs
- Add fluxion_status() for machine-readable progress (LLM/CI consumption)
- Rewrite scripts/diagnostics.sh with comprehensive system, dependency,
wireless interface, AppArmor, iptables, and lighttpd checks
- Bump revision to 6.27
Truncate the log file before opening the tail -f viewer window. Previously
the viewer opened first on a file still containing the previous run's output,
then the arbiter truncated it, causing tail to print "file truncated" and
display stale entries at the top of every subsequent run.
- Replace more with direct redirection in load_attack (Handshake Snooper
and Captive Portal): more adds 3 header lines when stdout is a pipe,
shifting all config array indices by +3 and corrupting the deauth method,
jammer interface, and verifier settings on second and subsequent runs
- Apply the same fix to fluxion_handle_target_change, which read
target_info.txt through more causing MAC/SSID/channel corruption on
tracker-triggered restarts
- Allow --list-interfaces to run without root: all operations are read-only
sysfs/lsusb/lspci/iw queries that need no elevated privileges
- Skip preferences file load/create when not root to avoid permission errors
on the root-owned preferences.conf
- Add --reg-domain <CC> CLI option to override the wireless regulatory
domain used when starting the rogue AP on 5GHz channels; defaults to US
- Fix hostapd and airbase-ng using country BO (which blocks UNII-1/ch36-48);
both AP services now use US by default via ${FLUXIONRegDomain:-US}
- Fix tmux foreground windows: use trap EXIT to write the done file so
Ctrl+C on a scanner window no longer leaves the main window stuck
- Fix tmux scanner window not refocusing the main pane after closing,
requiring the user to press a key to see the target list
- Fix chrome/printf ordering bug that left cmdScript non-executable
- Handshake Snooper: write handshake_success.flag on arbiter completion
so the main window polling loop can show an inline success notice
- Captive Portal: stop all attack services immediately on credential
capture and display credentials inline in the main window
- Bump revision to 6.22
- Interface dialogs and --list-interfaces now show band (2.4GHz/5GHz)
and bus type (usb/pci) columns; band options in scanner filtered to
what the selected interface actually supports
- DFS channels (52-64, 100-144) marked with ! in target list
- Add --ap-service flag to override AP service selection
- Add --timeout flag for auto mode (minutes; default infinite)
- Fix exit hang: replace blocking service --status-all with
background timeout systemctl try-restart systemd-resolved
- Allow --help and --version without root
- Captive Portal: auto-select airbase-ng on DFS channels; fix
deauth-ng.py absolute path; suppress harmless route addr error;
abort if ap_service_start fails; pause/resume support
- airbase-ng: two-phase wait for at0 existence then UP state;
set permissive regulatory domain for 5GHz channels
- hostapd: set regulatory domain for 5GHz; generate unique config
filename per MAC to avoid stale config collisions
- Handshake Snooper: fix jammer interface name from scan list
- InstallerUtils: suppress touch permission error without root
- scripts/cleanup.sh: restore interface name after MAC spoof on cleanup
- Bump revision to 6.21
After the scanner renames wlx* → fluxwl*, the interface picker shows the
fluxwl* name. When selected, FluxionInterfaces[fluxwl*] returns the original
hw name (reverse mapping), which no longer exists — causing airodump-ng to
exit immediately with no capture window.
Fix: detect when the selected interface is already a fluxwl* name and use it
directly, skipping fluxion_allocate_interface. Update the Original var to the
hw name so attack.conf saves correctly.
Bump revision to 6.19.
- Captive Portal: pause fake AP (hostapd + jammer) when target AP goes
off-air; resume when it reappears. DHCP, DNS, and lighttpd remain up
throughout. Activated by --tracker-interface. Closes#612.
- Fix FluxionTargetRogueMAC not computed when fluxion_target_set returns
early (confirmed target from saved config), causing hostapd to start
with a config named -hostapd.conf and immediately fail.
- cleanup.sh: restore ip_forward from saved workspace value before
wiping /tmp/fluxspace/; fix iptables backup path to FLUXIONPath/iptables-rules.
- Bump revision to 6.18.
- Use renamed monitor interface (fluxwl0) in HS jammer, not original name
- Fix auto-mode infinite loop: snapshot arbiter PID before polling loop
since SIGABRT trap clears HandshakeSnooperArbiterPID via stop_attack
- Default auto-mode deauth method to mdk4 instead of aireplay-ng
- Avoid tmux session name collision on re-launch (FLUXION_$$ fallback)
- Add hostapd startup timeout and dead-window detection in ap_service_start
Allow explicit per-role interface selection for Captive Portal attacks.
Previously only --interface existed, which only controlled the first
allocation (scanner/jammer). Now each role can be pinned independently:
--jammer-interface deauth jammer adapter
--ap-interface rogue AP adapter
--tracker-interface channel-tracker adapter (also enables tracker in auto mode)
- Add WindowUtils.sh: xterm/tmux abstraction (fluxion_window_open/close/cleanup/init)
- Convert all xterm calls to fluxion_window_open across fluxion.sh, both attacks, both AP libs
- Add --auto mode: non-interactive, auto-selects language/interface/channel/target/attack
- Add --scan-time CLI arg for auto mode scanner duration
- Add -m flag for headless tmux mode (pre-parsed before X11 checks)
- Disable lighttpd system service on startup to free port 80
- Add iptables/iptables-save/iptables-restore to required dependencies
- Auto-configure AppArmor local override so dhcpd can read /tmp/fluxspace/
- Fix lighttpd PID capture by using -D (foreground) flag with shell backgrounding
- Add pkill fallback in stop_attack for lighttpd cleanup edge cases
- Show success banner with captured password before shutdown on captive portal success
- Add background watcher to detect attack success and unblock io_query_choice
- Fix terminal color bleed: append CClr after choice text in io_query_choice format string
- Fix attack-in-progress menu: reset color after each choice, show input prompt
- Add WindowUtils unit tests (tests/test_window_utils.sh)
- Update HelpUtils with new flags documentation
This commit resolves issue #1226 by fixing the tracker daemon to properly
handle channel hopping across multiple interfaces and cleaning up debug logging.
Key fixes:
- Prevent interface disruption during tracker restarts by checking monitor mode
before setting it (only set if not already in monitor mode)
- Fix mdk4/aireplay-ng ARPHRD_IEEE80211 errors by verifying jammer interface
monitor mode before starting attack services
- Fix airodump-ng "interface down" errors in captor by checking mode first
- Add validation for empty network lists after filtering (handshake detection)
- Improve channel/band parameter handling in airodump-ng scanner
- Make all tracker debug logging conditional on debug mode (no more hardcoded
/tmp/fluxion_tracker.log file)
- Add proper error handling for timeout exit codes (124, 143)
- Redirect tracker stdin from /dev/null to prevent SIGTTIN in background
Affected files:
- fluxion.sh: Tracker daemon improvements, interface allocation cleanup
- attacks/Handshake Snooper/attack.sh: Monitor mode checks for captor/jammer
- attacks/Captive Portal/attack.sh: Monitor mode checks for jammer
Fixes#1226
- Replace deprecated iwconfig/wireless-tools with modern iw command
- Add dhcp-server package alternative for Fedora DHCP installation
- Reorder 7zip packages: 7zip-reduced first (Fedora 43 provides 7zr)
- Rename yum.sh to dnf.sh with dnf/yum auto-detection
- Remove mdk3 deauthentication method (EOL) from all languages
- Keep mdk4 as alternative to aireplay-ng for handshake snooping
- Fix mdk4 interface resolution to use physical interface name
- Bump version to 6.14
The 'dev argument required' errors were caused by empty variables in
hostapd.sh, not by the captive portal route commands. Remove the error
suppression added as a workaround since the root cause has been fixed.
- Added mdk3 as a third aggressive deauthentication option alongside aireplay-ng and mdk4
- Implemented mdk3 blacklist preparation and execution logic in attack.sh
- Updated all 19 language files with HandshakeSnooperMdk3MethodOption
- mdk3 already included in installer dependencies
- Users can now choose between passive monitoring, aireplay-ng, mdk3, or mdk4 for handshake capture
- Check actual ip_hits file instead of nonexistent ip_hits.txt
- Resolve client IP/MAC/vendor at authenticator runtime instead of generation time
- Netlog now shows actual client details when available
Vulnerability:
Jquery below 3.5.0 allows to pass HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.
Fix:
Bump jquery to 3.5.0.
Fixed a bug caused by the addition of more password verifiers where the back option would fail.
Removed extranous code that was accidentally left behind while testing.
Fixed a bug with shifting arguments when no shift was needed (no paremeter argument).
Added a command line interface to the Captive Portal attack to prevent stopping the network manager.
Added code to auto-detect and utilize pyrit if available in the system, using alternatives otherwise.
Fixed a bug with some debug text that was outputting to std::out.
