Never Ending Security

It starts all here

Tag Archives: WifiPhisher

Hack WiFi Account From Phishing Attack With WifiPhisher Tool

Leave a comment Posted by on 10 May 2015

Hack WiFi Account From Phishing Attack With WifiPhisher Tool ..

Wifiphisher is a security tool that mounts fast automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.

From the victim’s perspective, the attack makes use in three phases:

1. Victim is being deauthenticated from her access point. 
Wifiphisher continuously jams all of the target access point’s wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.

2. Victim joins a rogue access point. 
Wifiphisher sniffs the area and copies the target access point’s settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.

3. Victim is being served a realistic router config-looking page. 
Wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for credentials, for example one that asks WPA password confirmation due to a router firmware upgrade.

Requirements
1. Kali Linux.
2. Two wireless network interfaces, one capable of injection.

For Usage

Short form Long form Explanation
-m maximum Choose the maximum number of clients to deauth. List of clients
will be emptied and repopulated after hitting the limit. Example: -m 5
-n noupdate Do not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n
-t timeinterval Choose the time interval between packets being sent. Default is as fast as possible. If you see scapy errors like ‘no buffer space’
try: -t .00001
-p packets Choose the number of packets to send in each deauth burst. Default value is 1; 1 packet to the client and 1 packet to the AP. Send 2 deauth packets to the client and 2 deauth packets to the AP: -p 2
-d directedonly Skip the deauthentication packets to the broadcast address of the access points and only send them to client/AP pairs
-a accesspoint Enter the MAC address of a specific access point to target
-jI jamminginterface Choose the interface for jamming. By default script will find the
most powerful interface and starts monitor mode on it.
-aI apinterface Choose the interface for the fake AP. By default script will find
the second most powerful interface and starts monitor mode on it.

Wifiphisher works on Kali Linux and is licensed under the MIT license

More information can be found at: https://github.com/sophron/wifiphisher

Guides and Tutorials, Offensive, Wireless

wifiphisher – Fast automated WPA phishing attacks

Leave a comment Posted by on 13 April 2015

wifiphisher – Fast automated WPA phishing attacks

Wifiphisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining WPA credentials.

wifiphisher

Wifiphisher works on Kali Linux and is licensed under the MIT license.

From the victim’s perspective, the attack makes use in three phases:

  1. Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point’s wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.
  2. Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point’s settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.
  3. Victim is being served a realistic router config-looking page. wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for WPA password confirmation due to a router firmware upgrade.

wifiphisher usage

Usage

Short form  - Long form  - Explanation

-m --maximum 
Choose the maximum number of clients to deauth. List of clients will be emptied and repopulated after hitting the limit. Example: -m 5

-n --noupdate 
Do not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n

-t --timeinterval 
Choose the time interval between packets being sent. Default is as fast as possible. If you see scapy errors like 'no buffer space' try: -t .00001

-p --packets 
Choose the number of packets to send in each deauth burst. Default value is 1; 1 packet to the client and 1 packet to the AP. Send 2 deauth packets to the client and 2 deauth packets to the AP: -p 2

-d --directedonly 
Skip the deauthentication packets to the broadcast address of the access points and only send them to client/AP pairs

-a --accesspoint 
Enter the MAC address of a specific access point to target

Requirements

  • Kali Linux.
  • Two network interfaces, one wireless.
  • A wireless card capable of injection.

More information can be found at: https://github.com/sophron/wifiphisher

Guides and Tutorials, Penetration Testing, Wireless