So I have been reading about different social engineering based attacks and came across wifiphisher(if you don't know, it is an automated evil twin+captive portal tool to phish for wpa(or wep i guess) passwords by making up a story about a firmware update.) I dont understand how this is possible. As i understand the evil twin, it requires the evil ap to have all of the same info as the real one to convince the client to connect to it after the deauth right? Therefore it cannot be performed on an encrypted network as you could not forge the handshake right? Surely devices aren't dumb enough to connect to an open ap that it remembers as secured? So how does this tool work?