Wifiphisher is a security tool that mounts automatic victim-customized phishing attacks against WiFi victims so as to get credentials or infect the victims with malware.
It’s primarily a social engineering attack that in contrast to alternative strategies it doesn’t embody any brute forcing. It’s a simple method for getting credentials from captive portals and third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.
How the Tool Works
- It endlessly jams all of the target access point’s WLAN devices inside vary by shaping “de-authenticate” or “Disassociate” packets to disrupt existing associations.
- Also, it sniffs the realm and copies the target access point’s settings. It then creates a villain wireless access purpose that’s shapely by the target. It conjointly sets up a NAT/DHCP server and forwards the correct ports.
- Ir employs a stripped-down net server that responds to hypertext transfer protocol & HTTPS requests. As shortly because the victim requests a page from the net, wifiphisher can respond with a sensible pretend page that asks for credentials or serves malware.
Demonstration Wifiphisher – Kali Linux Tutorial
In this Kali Linux Tutorial we are to see how easy we can use Wifiphisher.For Downloading and Installing from GitHub
git clone https://github.com/wifiphisher/wifiphisher.git
sudo python setup.py install
To Launch the WifiPhispher and help
Simply spawn an open Wi-Fi network
And then it will show the available Networks.
We should select an available network from the list and then it will ask for Firmware Upgrade.
After it makes the victim to connect with our Rogue WiFi Network and ask to update Frimware by entering WiFi password.
Once Victim Entered the Wifi Password then we can Capture that.
It will result in automatic association of nearby Windows devices.
Credits : Dan McInerney and Team
Source : GBHackers