Thursday, August 25, 2016

Hacking WPA/WPA2 without dictionary/bruteforce : Fluxion

Fluxion (linset)

I hadn't ventured into Hackforums since a while, and this time when I went there I saw a thread about a script called Fluxion. It's based on another script called linset (actually it's no much different from linset, think of it as an improvement, with some bug fixes and additional options). I did once think about (and was asked in a comment about) using something like a man in the middle attack/ evil twin attack to get WPA password instead of going the bruteforce/dictionary route, but never looked the idea up on the internet nor spent much time pondering over it. However, once I saw the thread about this cool script, I decided to give it a try. So in this post I'll show you how I used Fluxion, and how you can too.
Disclaimer : Use this tool only on networks you own .Don't do anything illegal.


  • Checking if tool is pre-installed, getting it via github if it isn't.
  • Running the script, installing dependencies if required.
  • Quick overview of how to use Fluxion.
  • Detailed walk-through and demonstration with text explanation and screenshots
  • Video demonstration (not identical to the written demo, but almost the same)
  • Troubleshooting section

Just double checking

The first thing I did was make sure that Kali doesn't already have this tool. Maybe if you are reading this post a long time after it was written, then you might have the tool pre-installed in Kali. In any case, try this out:
I, personally tried to check if linset or fluxion came pre-installed in Kali (though I didn't expect them to be there).

Getting the script

Getting the script is just a matter of cloning the github repository. Just use the git command line tool to do it.
git clone
If you have any problems with this step, then you can just naviagate to the repostitory and manually download the stuff.

Update : There seems to be some legal trouble with Fluxion. The creator of the script has removed the source code of the tool, and uploaded code that is supposed to delete fluxion from your computer. I don't know the specifics of what is going on, but will provide updates ASAP.

Update : Now the repository is gone altogether!
What this means : As of now, this tutorial is useless. If you can find the source code for Fluxion, then you can use it and continue with the tutorial. Otherwise, not much can be done without the tool.

Update Again!
You can try this repo - It's an old version, might or might not work.

git clone

There are 4 dependencies that need to be installed

Running the script

Just navigate to the fluxion directory or the directory containing the scripts in case you downloaded them manually. If you are following the terminal commands I'm using, then it's just a simple change directory command for you:
cd fluxion
Now, run the script.
sudo ./fluxion


If you have any unmet dependencies, then  run the installer script.
sudo ./
I had 4 unmet dependencies, and the installer script run was a buggy experience for me (though it might be becuase I have completely screwed up my system, editing files I wasn't supposed to and now I can't get them back in order) .It got stuck multiple times during the process, and I had to ctrl+c my way out of it many times (though ctrl+c didn't terminate the whole installer, just the little update popup). Also, I ran the installer script twice and that messed up with some of the apt-get settings. I suggest that after installation is complete, you restore your /etc/apt/sources.list to it's original state, and remove the bleeding edge repositories (unless you know what you're doing). To know what your repository should look like, take a look here.

Anyways, one way or the other, your unmet dependencies will be resolved, and then you can use Flexion.
PS: For those trying to use apt-get to install the missing stuff - some of the dependencies aren't available in the default Kali repos, so you'll have to let the script do the installation for you, or manually add the repos to /etc/apt/sources.list (look at the script to find out which repos you need to add)


Once again, type the following:
sudo ./fluxion

This time it should run just fine, and you would be asked a few very simple questions.
  • For the wireless adapter, choose whichever one you want to monitor on. For the channels question, choose all, unless you have a specific channel in mind, which you know has the target AP.
  • Then you will see an airodump-ng window (named Wifi Monitor). Let it run while it looks for APs and clients. Once you think you have what you need, use the close button to stop the monitoring.
  • Fluxion using airodump-ng
  • You'll then be prompted to select target.
  • Then you'll be prompted to select attack.
  • Then you'll be prompted to provide handshake.
  • If you don't have a handshake captured already, the script will help you capture one. It will send deauth packets to achieve that.
  • After that, I quit the procedure (I was using the script in my college hostel and didn't want to cause any troubles to other students).

If you are with me so far, then you can either just close this website, and try to use the tool on your own (it look intuitive enough to me), or you can read through the test run that I'm going to be doing now.

Getting my wireless network's password by fooling my smartphone into connecting to a fake AP

So, in this example run, I will try to find out the password of my wireless network by making my smartphone connect to a fake AP, and then type out the password in the smartphone, and then see if my Fluxion instance on my Kali machine (laptop) gets the password. Also, for the handshake, I will de-authenticate the same smartphone.

PS: You can probably follow this guide without having any clue how WPA works, what handshake is, what is actually going on, etc., but I suggest you do read up about these things. Here are a few links to other tutorials on this website itself that would prove useful (the first two are theoretical, yet nice, the third one is a pretty fun attack, which I suggest you try out, now or later):
  1. Things you should know about Wireless Hacking - Beginner Level Stuff
  2. Things you should know about Wireless Hacking Part II - Intermediate Level Stuff
  3. Evil Twin Attack
This is the theoretical stuff. Experience with tools like aircrack-ng, etc. would also be useful. Take a look at the navigation bar at the top and look at the various tutorials under the "Wireless Hacking" category.

Anyways, with the recommended reading material covered, you can comfortably move on to the actual hacking now:

The real stuff begins!

This section is going to be a set of pictures with captions below them explaining stuff. It should be easy to follow I hope.

Select language
After selecting language, this step shows up.
Note how I am not using any external wireless card, but my laptop's internal card.
However, some internal cards may cause problems, so it's better to use an
external card (and if you are on a virtual machine you will have to use an external card).

The scanning process starts, using airodump-ng.

You get to choose a target. I'm going after network number 21, the one my smartphone
is connected to.

You choose an attack. I am going to choose the Hostapd (first one) attack.

If you had already captured a 4-way handshake, then you can specify the location
to that handshake and the script will use it. Otherwise, it will capture a handshake
in the next step for you. (A tutorial on capturing the handshake separately)
If you didn't capture a handshake beforehand, then you get to choose which
tool to use to do that. I'm go with aircrack-ng.

Once you have a handshake captured (see the WPA Handshake: [MAC Address] on top, if it's
there, then you have the handhake), then type 1 and enter to check the handshake. If everything's fine,
you'll go to the next step.

Use the Web Interface method. I didn't try the bruteforce thing, but I guess it's just
the usual bruteforce attack that most tools use (and thus no use to us, since that's
not what we are using this script for).

This offers a variety of login pages that you can use to get (phish) the
WPA network's password. I went with the first choice.

After making your decision, you'll see multiple windows. DHCP and DNS requests are being handled in
left two windows, while the right two are status reporting window and deauth window (to get users
off the actual AP and lure them to our fake AP)

In my smartphone, I see two network of the same name. Note that while the original network is WPA-2
protected, the fake AP we have created is an open network (which is a huge giveaway stopping most people
from making the mistake of connecting to it). Anyways, I connected to the fake AP, and the DNS and DHCP windows
(left ones), reacted accordingly.
After connecting to the network, I got a notification saying that I need to login to the wireless network.
On clicking that, I found this page. For some people, you'll have to open your browser and try to open a website (say to get this page to show up. After I entered the password, and pressed submit, the script ran the
password against the handshake we had captured earlier to verify if it is indeed correct. Note how the
handshake is a luxury, not a necessity in this method. It just ensures that we can verify if the password
submitted by the fake AP client is correct or not. If we don't have the handshake, then we lose this ability,
but assuming the client will type the correct password, we can still make the attack work.

Aircrack-ng tried the password again the handshake, and as expected, it worked.
We successfully obtained the password to a WPA-2 protected network in a matter of minutes.

Video Demonstration

PS: The creator of the video has forked the Fluxion repository, and in the video he cloned from it instead. You may choose to fork from either of those. The original repository being more updated, and forked one being more stable (but less frequently updated). As of the time of creation of the video, both the repositories were the same, so it doesn't make a different which one you clone, but this may not always be the case. In case of any issues, you can probably try cloning both and see which one works for you.


Since fluxion and Kali both are constantly evolving (you might be using a different rolling release of Kali, as well as a different version of Fluxion. There are times when the tool break, and there's an interval of time for which it stays broken. Look at the issues page, and you will most probably find a fix for your problem. Note that the issue may as well be in closed issues (it would most probably be in closed issue).

For those who are able to follow the guide to the second last step, but don't get any Login page on their device, this issue suggests a solution. [Dated : 17th September 2016, if you're reading this much later then this might not be relevant, and some other issue would be]

Update : There are some important things mentioned in the README.file on the github repository. See if that helps.

As of 1st November, 2016 (again, might not be relevant if you read this much later), the README suggested this for the no fake login page problem (which seems quite common)-

FakeSites don't work
There might be a problem with lighttpd. The experimental version is tested on lighttpd 1.439-1. There are some problems with newer versions of lighttpd. If you problems use the stable version. Check the fix out.
Again, as I said, it all breaks down to one of two things-

  1. You are doing some step wrong (easy to fix, follow the tutorial again).
  2. There is a dependency issue somewhere (some tool has it's wrong version installed). This can be a pain to fix, and there's no guidance I can provide for it really. You'll have to filter through all the issues on the github page of the tool. Hopefully, as the tool grows popular, it'll get more full time developers, and then get integrated in the Kali repository, till then, these problems will continue. 

What now?

I illustrated one possible scenario. This script can work with other devices (laptops for example) too as the fooled clients (not just smartphones). One possible short-coming to this attack is that most smartphones/laptops these days don't automatically connect to open networks (unless they have before), and hence the user has to do it manually. If your fake AP has more signal strength than the real one, then a person who doesn't know about WPA and open networks could very easily end up connecting to your network instead. So, overall this attack has a fair chance of succeeding.

Have any problems/comments/suggestions, leave them in the comments below.


  1. Replies
    1. i cannot install Dhcpd and php-cgi

    2. Read up on what sources.list is, and find out if yours has the required repositories.

      I believe these 3 repos-

      deb kali-rolling main contrib non-free
      deb kali-bleeding-edge main
      deb jessie main contrib

      Should enable you to install the dependencies via apt-get

    3. Yes Ayush are right and tahnx frend for this blog ...& special thanx to fluxion you.

  2. Its an exact copy of linset only difference it's in english and offers many attack languages

    1. I haven't used Linset yet, so I don't really know how similar the two tools are (though I know fluxion is built on top of Linset). Anyways, I'll update the post a bit to reflect your point.

  3. gsettings-desktop-schemas : Breaks: mutter (<3.19.92) but 3.18.2-1 is to be in stalled
    E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by he ld packpages.

  4. Wow, romanian language, I am impressed. Thx for tutorial, I will use for tests :D

  5. No Chance against users with basic technical knowledge, but this spoofing attack maybe much faster then usual wifi cracking methods. It's worth a try

    1. Basic technical knowledge is a relative term, you never know how many people might fall for something as simple as this.
      Nevertheless, you're right in saying that it doesn't take a lot of thinking for the client to figure out that something's fishy.

  6. I used the VM player with a external wireless card.However the program says there is no wireless cards. I have not solved it.

    1. Maybe the external card is connected to the host, not to the virtual machine. I use Kali as my primary OS now so don't exactly remember where the option of switching the wireless card to the guest instead of the host was. Take a look at this pic, it should help.

  7. I used the VM player with a external wireless card.However the program says there is no wireless cards. I have not solved it.

  8. hey it is possible to change these templates into your own idea?

    1. Yes.
      You can navigate to the Sites folder inside Fluxion, and edit any of the templates and change how you want them to look. You can also create new folders there and add them to the script.

  9. i apply all the procedures and every thing goes OK
    until last step
    in my smart phone i connected to the fake AP but didn't ask me to login or to insert the password
    two last pictures didn't appear
    what is the wrong
    i will very thankful for replaying me ^^

    1. Are you sure you connected to the fake AP and not the real one? Also, what OS is your smartphone running (for eg. Android)?

  10. yes I'm sure that i connected to the fake AP and my OS is android 4.3 jelly bean
    i know it's an old version, but is this effect ??

  11. Android 4.3 is fine. I just asked to see if you're using a really uncommon OS or something.

    In my case I got a notification right away, clicking which opened the browser window which I posted in the tutorial. Try choosing a different login page (I chose 1, you may try others, see if they work). Try using another smartphone device and see if it works on it.

  12. I too dont get the prompt asking for the passphrase. I checked using one plus two with android - 6 and macbook pro with yosemite

    1. I get a notification that the wifi connection you are connected to is not connected to internet, do you want to stay connected or not

    2. That can be solved by giving internet access to the fake AP. For that your Kali machine should be connected to the internet. This requires two wireless cards, since the card you are using for creating fake AP can't be used to connect you to the internet simultaneously. If you don't have two cards, try some other way of getting internet access to your Kali machine (eg. USB tethering via smartphone, etc.) and carry out the attack on some other device (not the smartphone used for tethering). See if that works.

  13. I am running Kali on Parallels desktop and it gets internet access from a virtual lan eth0 port which shares internet to which is my macbook connected. can you guide me how to assign this internet to the fake AP?

    1. I think the tool should do that automatically for you. The FakeDNS terminal should do just that. However, you can manually bridge the connections too. Take a look here for something similar. I think that would be helpful.

  14. I had the same problem with him, when I connected to the fake AP, I didn't see any fake login page or any notification

    1. Are you sure you followed all the steps properly? I'm not familiar with the implementation details of the tool, so I can't really help if it's a problem with the script.

      If you can properly describe the problem, it would be useful to open an issue on Fluxion's github. I am not able to re-create the problem myself, and Fluxion seems to work fine for me.

  15. No internet connection issue as encounter by others. Running on Kali linux using VMware. Follow the steps and successfully created fake AP and jammed real AP. When connected to the fake AP, my smartphone (android 6.0.1) notified me there is no internet on the fake AP. I have LAN cable and usb wifi adapter connected. Both can connect to internet but since im using the usb wifi for Fluxion so i connected the system to use LAN cable. I can browser the internet when running Fluxion, so i am not sure what happen in between as well.

    1. No Fake Login Page due to no internet connection.

  16. Hi

    I seem to have a different issue. When I get to the option to select an interface, my wireless card shows as option 1, but when I type 1 and press enter it just freezes and nothing happens.

    I am running Kali Linux on Virtual box and using an external WLAN card. The WLAN card is picked up in Linux and I can use it to search for other network.

    Is this an issue with the script. It seems to freeze Everything on the VM.

    Any help would be appreciated.


    1. See if the problem is with incompatible versions of Kali and Fluxion. Update kali to most recent, and Fluxion to it's latest stable release.

    2. Well I used KAli Linux and Fluxion using Virtualbox and at froze exactly as you said. I reinstalled kali linux some three times in Virtualbox and it froze everytime. Then I shifted to Parallels and it worked fine - fine that it jammed real AP and created a fake one but could not get beyond that. My mobile or laptop when connected to the Fake AP did not ever ask for the password

  17. i coudnt get the 4 ways handshake??? please help??

  18. i could not get the 4 ways handshake ??? please help?

  19. Could've just mentioned this as evil twin in the title and saved people a click.

    1. Sorry that you found the title misleading, but there's only so much I can put in there, and I already have en evil twin tutorial and didn't want to cause confusion (Evil Twin)

  20. Hello, I'm having the issue about NO fake login page, checked issue database and says to use backup version, but I can't find it, can you please explain how to use it?.

  21. wc: /tmp/TMPflux/dump-01.csv: No such file or directory
    ./fluxion: line 1280: [: -le: unary operator expected
    cat: /tmp/TMPflux/dump-01.csv: No such file or directory
    expr: syntax error


    grep: invalid: No such file or directory
    grep: number: No such file or directory
    grep: of: No such file or directory
    grep: lines:: No such file or directory
    grep: ‘/tmp/TMPflux/dump-01.csv’: No such file or directory
    1) head: invalid number of lines: ‘/tmp/TMPflux/dump-01.csv’ 100%

    Problem at the script !

  22. Replies
    1. Happy to be of help, and glad to know it worked without any issues.

  23. help me guys i just finished sudo ./ command and then i was promoted to white application that says updating system ......and then says installing isc-dhcp-server at that moment it promted me to restart system on finishing package or something like that ........after that i felt like VMware was freezing so finally i restarted it is there any command to begin installing through isc-dhcp-server instead of doing all those steps

    1. I don't think restart should be required. If you want to install manually, you can add the required repositories into sources.list, and then use apt-get.

  24. ooh that means by adding those uninstalled list namea in source.list file i must use apt-get command to install those

    1. Take a look here-

      Adding these to your sources.list should be sufficient-
      deb kali-rolling main contrib non-free
      deb kali-bleeding-edge main
      deb jessie main contrib

  25. Hi, I've made a video tutorial on Fluxion, check it out! Hope you find it useful!

  26. Here is just a thought, and I would love to hear back about the validity of my idea.

    Is it possible to overload an AP until it stops broadcasting?

    If so, then my idea is to implement such a step after all clients have been kicked off, and before our fake network is made available. Our network should be a secure connection with a randomly generated password. But as the system hasn't connected to this network before, The user will be prompted to input the password again. As it should look basically identical to the real, the target user shouldn't hesitate to give us the password.

    The second question is that can the password input into the system's network manager and sent over to try to connect with our fake network be logged properly?

    1. 1) I don't know enough about how wireless routers behaves when overloaded, so I can't answer that question (whether or not it will stop broadcasting).

      2) You create a WPA-2 network with a randomly generated password. The only thing that happens in that case is that the client will try to connect to your network and fail, since the passwords don't match. Now one may think that since he typed the correct password while trying to authenticate into the fake network, the password itself would be sent over to you for validation. However, that's not true. No step of the WPA handshake involves sending plaintext key. The data the client will send you will basically be one step of a handshake (remember, you already have captured a 4-way handshake). The client will wait for your response, validate it, and only then it will participate further in the handshake. Note that since you don't know the password, the client won't even complete the handshake.

      Reading what I wrote above, I realize that my explanation is a bit too technical and I should make it easier to understand. So, in basic terms-

      1) Client will never send you or anyone the actual password (not even the Real AP).
      2) In WPA, the AP verifies that the client knows the correct password, and the client verifies that the AP knows the correct password. So, if you don't know the password, you can't make the AP connect to you. (This is why our fake AP is open)

    2. PS: I've used WPA and WPA2 interchangeably, assume I mean WPA2 everywhere.

    3. Yeah I spent some time researching wireless authentication protocols after I posted my original comment, and realised the passphrase is not exchanged in any way. Thanks though

  27. But to kill the real AP would be more access.
    To combine WiFi kill with this method would be good

    1. If we can indeed kill the AP, then yes, it would be helpful since our AP would be the only one remaining, increasing the chances of the client connecting.

  28. Running Android 6.0.1 on my mobile. Everything goes smoothly for the most part, except for two things: First, updated versions of Chrome seem impervious to this since it just serves up a bad DNS page instead of the fake page from fluxion. Using Samsung's built-in internet client seems to work fine, though, but submitting a password does nothing. The fake page just reloads as if nothing was entered, and no password appears to the right of the client's name as shown in the tutorial video.

    1. I'll see if I can recreate these two scenarios, and if I'm able to, I might be able to suggest workarounds.

  29. i,m using kali lite 32 and don,t have the github command is also not recognized.

    1. First go this-
      apt-get install git

      Then go on with the tutorial.

    2. ok.fine until the airodump scanning and a wifi monitor shows the available wifis.but my fluxion does not ask me any further option and the cursor is stable on a blank screen

    3. finally mission accomplished,s like try try again.kudos

    4. Glad to see some comment where a person could get it working even after encountering many difficulties.

  30. Replies
    1. @indra tampo

      search for a new bully on github and run in a new terminal:


      and then you must open the folder "bully" (its in the folder "home")
      and in the folder bully you see a text document with the name README.xx open it and follow the instruchtions for installing bully.

      if you dont can find the README.xx try to run in a new terminal:

      cd bully
      cd src
      sudo make
      sudo make install

      i hope you can install bully with my instructions!

    2. PS:

      There is the link:

      and the full command:

      git clone

  31. gresit daca hack fluxion nu mai merge ruter cum il vede smartfonul daca acesta este oprit de fluxion

  32. Hello
    I used the terminal commands.
    Everything went ok..
    But when i type sudo ./
    The 4 dependencies stay stuck on installing..and never finish installing...then i tried sudo ./fluxion and it says they are not installed

    1. have u updated the repositories...

  33. I cannot see the same SSID at my phone and mac, can you give me a answer? does the mac or phone auto. filter it?

  34. i updated repo many times ...even though it is showing error message as unable to locate package Hostapd...but successfully installed all other packages..pls help me.

    1. Try to manually install hostapd using apt-get.

      Your sources.list file should have the proper repositories. After fixing the repositories you need to perform apt-get update.

      This is the repo which should always be there (for Kali Rolling)
      deb kali-rolling main contrib non-free

      This repo may be required at some times, but should be removed after use-
      deb kali-bleeding-edge main

      Once repos are added, apt-get update done, just run this-

      apt-get --yes install hostapd

  35. cool I like it very much.Can we show mikrotik hotspot login page instead wpa password page to the victim.Here I am giving you an image of mikrotik hotspot login page if u dont know.

    Click here to see image

    Hope u understand my question.

    I want to know can we do it?If yes then plz tell me how?

    Waiting for ur reply.

  36. The installer script won't install all the dependencies, or may not have installed any missing dependencies. Here's what I get -

    Dhcpd...........Not installed (isc-dhcp-server)
    Hostapd.........Not installed
    Lighttpd........Not installed
    php-cgi.........Not installed

    What do I do now? I'm new to all this and Kali Linux, but I've been using Linux Mint and Ubuntu for several years. I don't think I should have typed sudo while already root, so I tried to install without sudo, but it made no difference.

    1. sudo is not needed, I use it because I use kali as a regular user (it's my primary OS), and an extra sudo doesn't change anything for the root users so adding it makes no difference.

      If you're familiar with Linux, then try the following fix-

      1) Find out the repos where these tools are.
      2) Add them to your sources.list
      3) Install the tools manually

      These fluxion source files might help-

      Simple and short python script which adds required repos to your sources.list
      Longer but still simple python script which installs the dependencies (to look for something, do ctrl+f and search for lighttpd and so on, and look at the commands)

  37. when i use airodump-ng, i can see my hidden wifi immediately, but when I use fluxion can't see my hidden wifi, even when I tried to force scan with one channel only.
    What could be my problem is?

  38. if no handshake is being captured, then how to proceed ?? any suggestion

  39. works fine but one problem bro.
    Actually my ssid is combination of words and some emos..
    It created a fake ap with text, replacing emos with combination of words and letters, so no one has connected to that fake one and no out come ;)

  40. Having says Corrupted when running the see handshake part, any help?

    1. I am having the same problem.

  41. Well, i have a WIFI usb card, Airmon shows it, But fluxion wont work with it: Does Anywone know a solution??

  42. Hello, I did Installed and try it on my network but didn't figure it out so far. Everything went well on installation.. how about uninstalling it the right way?

  43. No one is automatically connecting to fake AP like |wifiphisher| they need to manually connect the FAke Ap then only they can view Fake Page on browser no on APP

  44. Hey, i have a sligt problem... "
    [ ]
    [ FLUXION 0.24 < Fluxion Is The Future > ]
    [ ]

    [i] Select your language

    [1] English
    [2] German
    [3] Romanian
    [4] Turkish
    [5] Spanish
    [6] Chinese
    [7] Italian
    [8] Czech
    [9] Greek
    [10] French


    those signs are my arrow keys..
    and thats only after i started Fluxion.
    my arrows work fine on just terminal..


  45. hi guys, please help

    i am finished capturing handshake. but after that, no fake AP has been detected nor created using my internal card.

    using my usb wifi, i cant even establish handshake capturing. Once i selected a network. ALl client in that network disconnect but cannot connected until attack has being cancel. so while attacking, cannot connect to the target network.

    please advise. most of my allowance goes to data subscription. please help

    please help

  46. make sure your card support monitor mode. Im using usb wireless Alfa AWUS036H

  47. i have a problem.after installing fluxion it doesn't ask to choose language or anything .just red color big fluxion logo.latest rev. [137]

  48. Hii what is the username and password when you try to install git clone

    1. It shouldn't be asking for a password. Please upload and link screenshot so I can find out what's causing this.

  49. Hey mate i have a problem here. Im tryin to acquire my networks password by it and i make all the steps but when i get to the final step where it tries to deauth with mkd3 everyone so they connect ot the fakeAP it stucks there and it does nothing. It doesnt even start deauth. What would be the problem?


© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC