<![CDATA[In this era, free access points are found available in various places. But this freedom comes with a price, and only a few users really understand the risk. In a recent survey, 70% of tablet owners and 53% of smartphone owners stated that they use public wifi hotspots. The biggest threat to public wifi security is how a hacker positions himself as a liaison between victims and Authorized Access Points. To do this the hacker creates an Unauthorized Access Point (Fake Access Point). We took a pentester/attacker POV in this artikel for educational purposes, so that users may know the stages of Fake Access Point attack based on Kali Linux, Fluxion. For the digital evidence analysis stage, we used the customized OSCAR (Obtain information, Strategies, Collect Evidence, Analyze and Report) methods, where attacking is the stage for preparation, determining which wifi Access Points is going to be the target of the attack, and carrying out attacks. While, analysis is the stage of analyzing the steps of attack and how to distinguish between AAP and UAP. The results of our research are that after determining the target, the pen tester/attacker will use aircrack-ng on Fluxion to get a handshake, create a fake web interface, then launch a deauth all attack, also known as DoS, to AAP so that the victim / client cannot connect with the AAP and switch to Fake Access Point. The fake web interface will then ask the victim to enter the password, where after the password is found, the pen tester/attacker can see it through Fluxion. As a precautionary measure, the difference between a Fake Access Point and an Authorized Access Point is found in the presence or absence of the padlock symbol (Android) or an exclamation point (Windows 10).Pada zaman ini, free access point telah tersedia di berbagai tempat. Namun, nyatanya kebebasan ini memiliki harga, dan hanya sedikit pengguna yang memahami benar risikonya. Ancaman terbesar terhadap kemanan wifi publik adalah bagaimana seorang hacker memposisikan dirinya sebagai penghubung antar korban dan Authorized Access Point. Untuk melakukan hal tersebut, hacker membuat Unauthorized Access Point (Fake Access Point). Dalam artikel ini pen tester/attacker diambil sudut pandang sebagai dengan tujuan edukasi, agar pengguna mengetahui tahapan serangan Fake Access Point dengan tool Fluxion berbasis OS Kali Linux. Tahapan analisis bukti digital menggunakan metode OSCAR (Obtain Information, Strategies, Collect Evidence, Analyze and Report) yang telah di kostumisasi, di mana attacking adalah tahapan untuk persiapan menentukan target wifi Access Point yang akan diserang serta menjalankan serangan. Analysis adalah tahapan menganalisa langkah penyerangan serta bagaimana cara membedakan Authorized Access Point dengan Unauthorized Access Point. Hasil penelitian yang dilakukan setelah menentukan target, pentester/attacker akan menggunakan Aircrack-ng pada Fluxion untuk mendapatkan handshake, membuat web interface palsu, kemudian melancarkan serangan Deauth all, dikenal DoS ke AAP, sehingga korban/client tidak dapat terkoneksi dan masuk ke Fake Access Point. Web interface palsu kemudian akan meminta korban untuk memasukkan password. Setelah password ditemukan, maka pen tester/attacker dapat melihatnya melalui Fluxion. Sebagai langkah pencegahan, perbedaan antara Fake Access Point dan yang Authorized Access Point ditemukan pada ada tidaknya simbol gembok (Android) atau tanda seru (Windows 10).]]>
