Suppose I have a Wi-Fi with WPA and strong password. Some articles say, that if an attacker will create a Wi-Fi with my SSID and it's signal is stronger than my, then my computer will connect to his Wi-Fi. Do I understand it right, that after it my computer will send Wi-Fi password to attacker, and he also will be able to do MiTM attack?
Is it really that easy?
Why there isn't something like certificate check in WPA protocol?
How can I protect from it?
No, it is not that easy. But it depends on the network.
First, most Wi-Fi devices will remember all Wi-Fi networks they connect to, and also whether that network is encrypted or not and using which method. When your device comes near a network it "knows" (by its name, i.e. its SSID), it will try to reconnect, if that network's security method matches the saved one. What happens next will depend on the kind of Wi-Fi network.
When a Wi-Fi network is unencrypted (like most "Free Wi-Fi" networks in cafés, bars or hotels) and you have already been connected to that network once before, your device will automatically reconnect to a network with the same name. Anyone can spoof a well-known "Some Coffeemaker Free WiFi" and your device will happily connect to it when encountered. The rogue access point (AP) will then see all traffic your device sends or receives over this network (but cannot look into HTTPS or VPN encrypted traffic, of course).
When using WPA2 authentication with pre-shared keys (PSK), both the station and the AP have to prove that they know the PSK in the four-way handshake. Thus, a rogue WPA2-AP cannot give access to a client by just having the right SSID and accepting any password from the client. Your device will not associate with that AP unless it uses the same PSK.
AFAIR, this is also valid for authentication with WPA version 1 and even WEP, but those protocols have other weaknesses which make them non-recommendable or even useless.
On the other hand, everyone who knows the PSK could fake a WPA2-AP. A weak PSK could also be guessed in a brute-force attack, e.g. by repeated authentication attempts. Hence, a long, not-guessable PSK is necessary.
(There is also an attack called Hole 196 that can be used by already authenticated attackers to break the session key of other authenticated hosts with the AP, but this is not relevant here.)
WPA2 Enterprise works similar to WPA2-PSK, but uses a dedicated authentication server. In addition to passphrases, it can use certificates on client and AP. Client certificates are like long, authority-signed passphrases which are different for every client device. This way, when a host is compromised (e.g. stolen), that particular client certificate can be blocked on the authentication server, instead of changing the PSK on all devices.
For your device it makes no difference if WPA2-PSK or WPA2 Enterprise is used, in both cases it will not connect to an AP that cannot prove to have the necessary secret.
That is not entirely correct, And attacker can spoof the ssid of your wifi network (ex: my wifi) but not the essid that is a hex number like a mac address, so your pc will Se two access points with the same ssid but with different essid and connect to the know essid.
Differently will be if someone is doing a deauth attack and you manually connect to the evil access point
For what I know you cannot get the password someone uses to connect to a protected Hotspot but you can create an open AP (access point) and prompt the user for a password when they access the Internet.
No, it's not not the way it works.
The point is that your computer will try to connect to the strongest AP for the SSID it sees. If an attacker forces you to disconnect from the current AP and have a stronger signal, your computer will connect to the attacker.
The second part is were you got wrong: the attacker will not get your WPA2 password. Attacker's AP will simply accept any key (not password) your computer sends and connect your computer.
Now the hack begins: the attacker is in position to perform any man in the middle attack against any site you access, capture any packet, modify anything. It will have some trouble against protocols employing encryption (such as TLS, VPN or SSH), but HTTP will be easily and transparently modified.
To get your password, the attacker usually capture any request, and redirect to a page saying something like "AP in recovery mode, enter password to start". You (or any client of your network) fall for the attack, he got your password.
