Hi there
I am sure this sounds like a silly question but
I am wondering why it is not possible to perform an ARP or DNS spoofing attack over the wlan without setting up an evil twin.
If I know the password for the target network I should be able to receive incoming arp and dns requests. If its possible to inject packages on
the wlan, it should be possible to forge arp and dns responses and send it back in the air - or am I missing something?

Best regards

If you know the WiFi password, you could just associate and join the network and carry out any network based attack as you would on a LAN.

Hmm I don't understand. How can I associate with a network while the device is in monitor mode?

My bad - I just realized, that monitor mode is not equal to the promiscuous mode ;-)