Set up the connection to the Onion Omega, according to the Get started guide and connect it to your local WiFi. The Omega will need Internet access in order to update its firmware and additional software.

Upgrade the firmware (this will reboot the system and delete all changes made outside of /etc folder): oupgrade -f

Update opkg: opkg update

Install the lighttpd server, php that will allow us to log down the username and the password submitted by the user and nano which will be our text editor: opkg install lighttpd php5 php5-cgi lighttpd-mod-cgi nano

Set up php in lighttpd server. Edit the 30-cgi.conf file: nano /etc/lighttpd/conf.d/30-cgi.conf
In the cgi.assign field, add the following argument: ".php" => "/usr/bin/php-cgi"

Don't forget the comma if necessary. Ctrl + o to save and Ctrl + x to exit.

Create a new root folder for your website, inside /etc/, so it is not deleted every time you update the firmware: mkdir /etc/www

Edit the lighttpd configuration file and add the new server root path, as well as a rule to redirect all 404'd requests to the main page: nano /etc/lighttpd/lighttpd.conf
Change the server.document-root field from /www to /etc/www
Add the following line: server.error-handler-404 = "/index.php" which will allow you to redirect all faulty requests back to index.php (or whatever your index page is called)

Save and exit.

Configure the website root folder in the php.ini file: nano /etc/php.ini
Find the doc_root field and change it to /etc/www. An easy way to do this is by pressing ctrl+w then type doc_root and press enter.

After you are done, save and exit.

Redirect all traffic to your localhost. Note that you will not be able to visit the Omega's web interface any more: nano /etc/dnsmasq.conf
Add the following line in the end, which is Omega's default localhost address. You can specify a different one in /etc/config/network: address=/#/192.168.3.1

Save and exit.

Let's change the hotspot's name. The default one should be something like Omega-XXXX where the X's are usually digits: nano /etc/config/wireless

Change the Omega's SSID to the SSID of the network you want to impersonate.

Now it's time to recreate the website we want to attack. You can use the SingleFile chrome plugin to download everything from a web page. Then find where the submission form for the username and the password by using a simple PHP script you can save the user's credentials in a local file in plain text. I will not publish this script (it's fairly easy anyway), so to not be considered that I am facilitating such attacks. Instead, this article is about raising a cause of concern when it comes to connecting to such networks.