Wifiphisher is a security tool that mounts fast
automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does
not include any brute forcing. It is an easy way for obtaining credentials from
captive portals and third party login pages or
WPA/WPA2 secret passphrases.
automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does
not include any brute forcing. It is an easy way for obtaining credentials from
captive portals and third party login pages or
WPA/WPA2 secret passphrases.
Wifiphisher works on Kali Linux and is licensed
under the MIT license.
under the MIT license.
From the victim's perspective, the attack makes
use in three phases:
use in three phases:
Victim is being deauthenticated from her
access point.
Wifiphisher continuously jams all of the target
access point's wifi devices within range by sending deauth packets to the client
from the access point, to the access point from the client, and to the broadcast
address as well.
access point's wifi devices within range by sending deauth packets to the client
from the access point, to the access point from the client, and to the broadcast
address as well.
Victim joins a rogue access point.
Wifiphisher sniffs the area and copies the
target access point's settings. It then creates a rogue wireless access point
that is modeled on the target. It also sets up a NAT/DHCP server and forwards
the right ports. Consequently, because of the jamming, clients will start
connecting to the rogue access point. After this phase, the victim is MiTMed.
target access point's settings. It then creates a rogue wireless access point
that is modeled on the target. It also sets up a NAT/DHCP server and forwards
the right ports. Consequently, because of the jamming, clients will start
connecting to the rogue access point. After this phase, the victim is MiTMed.
Victim is being served a realistic
router config-looking page.
wifiphisher employs a minimal web server
that responds to HTTP & HTTPS requests. As soon as the victim requests a page
from the Internet, wifiphisher will respond with a realistic fake page that asks
for credentials, for example one that asks WPA password confirmation due to a
router firmware upgrade.
that responds to HTTP & HTTPS requests. As soon as the victim requests a page
from the Internet, wifiphisher will respond with a realistic fake page that asks
for credentials, for example one that asks WPA password confirmation due to a
router firmware upgrade.
Requirements
1- Kali Linux.
2- Two wireless network interfaces, one capable
of injection.
Download + Toturial
