While password cracking and WPS setup PIN attacks get a lot of attention, social engineering attacks are by far the fastest way of obtaining a Wi-Fi password. One of the most potent Wi-Fi social engineering attacks is Wifiphisher, a tool that blocks the internet until desperate users enter the Wi-Fi password to enable a fake router firmware update.
Social engineering attacks are powerful because they often completely bypass security. If you can trick an employee into entering a password into a fake login page, it doesn't matter how strong the password is. It's the opposite of cracking attacks, where you're using a computer's processing power to try a giant list of passwords quickly. But you cannot succeed if the password you are attacking is secure and not included in your password list.
Not knowing how strong the password you're attacking is can be frustrating, because investing the time and processing power involved in a dictionary or brute-force attack can make coming up dry feel like a massive waste of resources. Instead, tools like Wifiphisher ask questions about the people behind those networks.
Does the average user know what their Wi-Fi router's login page looks like? Would they notice if it was different? More importantly, would a busy user, cut off from the internet and stressed out but the disruption, still enter their password to enable a fake update even if they noticed the login page looked a little different?
Wifiphisher believes the answer is "yes." The tool can select any nearby Wi-Fi network, de-authenticate all users (jam it), and create a cloned access point that requires no password to join. Any user that connects to the evil twin-like open network is served a convincing-looking phishing page demanding the Wi-Fi password to enable a firmware update, which is explained as the reason the Wi-Fi has stopped working.
That's when they notice a new network, with the same name as the old network, but requiring no password. After a few more attempts to join the protected network, they join the open network out of concern that their router is suddenly broadcasting a network without a password that anyone can join. As soon as they join, an official-looking webpage mentioning their router's manufacturer opens and informs them that the router is undergoing a critical firmware update. Until they enter the password to apply the update, the internet will not work.
After entering the super-secure Wi-Fi password, a loading screen begins to crawl across the screen as the router restarts, and they feel a little proud for taking their router's security seriously by installing this critical update. After a minute of waiting, their devices reconnect to the network, now more secure thanks to the update installed.
To a hacker, obtaining the passwords is as simple as selecting which network you want to target. After designating a target, Wifiphisher immediately jams all devices connected to the network, maximizing the chance that someone connected to the network gets frustrated and applies the fake update. Next, the target's network information is cloned, and the fake Wi-Fi network is broadcast to make the target think their router is operating in some unspecified update mode.
Devices connecting are immediately logged on a list, and the phishing page is tailored to match the manufacturer of the router by reading the first portion of the router's MAC address. After tricking any one of the targets connected to the targeted network into entering the password, Wifiphisher informs the hacker while stalling for time. After sending the captured password, the target is cruelly occupied with both a fake update loading screen and fake reboot timer to buy time for the hacker to test the captured password.
You should be able to run the script at any time by simply typing sudo wifiphisher in a terminal window. While Wifiphisher has no manual page, you can see in its --help page that it has a pretty impressive list of configuration options you can change by adding various flags to the command.
Just like that, you've bypassed any password security and tricked a user into entering the Wi-Fi password into your fake network. Even worse, they're still stuck behind this horrible slow-moving, fake loading screen.
I hope you enjoyed this guide to social engineering attacks using Wifiphisher! If you have any questions about this tutorial capturing Wi-Fi passwords or you have a comment, do so below, and feel free to reach me on Twitter @KodyKinzie.
If they enter the wrong password then it will not work but quite honestly I don't think its worth trying to verify it since everyone on the network will see this webpage and the odd that they all enter the wrong password is slim.
Being online should not be mandatory... after you got the password you can simply stop the fake AP, victim will disconnect and reconnect to real one automatically. Or you could automate it by adding a small script to stop the attack as soon as the victim inputs the password.
Password validation can be added as well, either trying to authenticate with the just gotten password, or using aircrack against a previously captured wpa handshake. Again, this can all be scripted and executed when victim types his password. This way attacker might know in real time if password is correct, and eventually output the result in the phishing page before stopping the attack. So in case a suspecting user types some gibberish in the password field, it won't be greeted with 'YAYYY Password is correct' !!. Personally, I don't always type my passwords when they try to phish me, but when I do, I type some gibberish password that ends with ' OR 1=1
In the firmware upgrade page, is there an option to notify the user in the first attempt that the credentials provided were wrong so that people who hesitate to put usernames and passwords in suspicious looking pages could be tricked. Doing this on the first login attempt could fool the people who might insert wrong credentials intentionally in the first attempt to see how page responds. Others might think that they might have mistyped. Both in most cases should provide the correct credentials on the second attempt.
I have an internet connection in kali linux ( i can normlally go to google or null byte.com ) but when I run setoolkit ( site cloner) or wifiphisher it is saying to me that i need an persistnet internet connection. How can i Fox this? pls help
How long does this process normally take? Because for me it will just only jam and not actually force the user to the proxy webserver. What I believe is happening is users get kicked out of network (deauth is working). But then the fake AP isn't setup properly because it wont connect to the fake AP instead my computer is trying to connect the the real AP but gets instantly kicked out of it and this will just loop (Yes I am using two wifi adapters, AWUS036NHA and the TL-WN722N).
Hey. I read few of ur hacking tips of wifi. But I am more intrested in wifiphiser , I have few douths on it. When we send that authentication to the user , can he suspect and see our mac address. Is it safe to use this method. Does this method work on all type of wifi protected routers. And why do we need 2 adapters . Can we do this method with one adapter. Pls if there is a video for this , then can u send the address. Thanku and waiting for ur reply.
Hey guys. When i install the wifipshisher file i get this error :No wireless interfaces found, bring one up and try againI was told that if i.m using Virtual Box i can.t connect to my wifi driver, so that means i can.t use this method?
How many AP's are shown to the user with the same SSID ? I'm assuming it is two, as there are in effect two separate networks, albeit with the same SSID name, ( the real one and our twin ).Wifiphisher relies on us having the stronger signal and their adapter choosing the strongest one. But isn't there a problem ? Each network shown has the option to connect automatically ( enter the network password once, and the wifi adapter always chooses this network ). So how does our twin AP get selected in this situation ?
i only have one wifi card i dont even know a few simple linux commands how do i clone git source how do i build a linux package whAt is packet injection can i use Windows weres the GUI i cant read i wanna break my neighbors wifi password how
good evening I use wifiphisher recently, I have a problem with the plugin_update, as you can see I modified the config.ini file to indicate where of my payload, but I have this error I do not know what what to do. help me please
Any one help meWhen I'm trying to start wifi phisher ,It showing that "failed to find interface with AP mode "But I have an external wifi adapter which is capable of monitor mode and packet injection and also it supports AP mode
Hackers can hack your router, spy on your Wi-Fi connection and even eavesdrop on your conversations to steal personal information such as credit card details, passwords to your social media accounts, and even compromise your online banking apps.
Last week's feature explaining why passwords are under assault like never before touched a nerve with many Ars readers, and with good reason. After all, passwords are the keys that secure Web-based bank accounts, sensitive e-mail services, and virtually every other facet of our online life. Lose control of the wrong password and it may only be a matter of time until the rest of our digital assets fall, too.
Take, for example, the hundreds of millions of WiFi networks in use all over the world. If they're like the ones within range of my office, most of them are protected by the WiFi Protected Access or WiFi Protected Access 2 security protocols. In theory, these protections prevent hackers and other unauthorized people from accessing wireless networks or even viewing traffic sent over them, but only when end users choose strong passwords. I was curious how easy it would be to crack these passcodes using the advanced hardware menus and techniques that have become readily available over the past five years. What I found wasn't encouraging. 2b1af7f3a8