In recent years, Wi-Fi networks are usually secured with the Wi-Fi Protected Access II (WPA2), a security protocol which leverages a strong cryptographic hash function (PBKDF2 with the network’s ESSID as salt) to protect the pre-shared key (PSK).
WIFI – PHISHING:
Wi-Fi phishing consists of two steps. The first step involves the process of associating with Wi-Fi clients unknowingly (e.g. KARMA / Evil Twin techniques), while the second step involves presenting to the victim user a familiar authentication interface. Making the authentication interface look legitimate will greatly increase the success rate of the attack.
Wifiphisher is a security tool that mounts automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It is primarily a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.
Wifiphisher works on Kali Linux and is licensed under the GPL license
The idea here is to create an evil twin AP, then de-authenticate the user from their real AccessPoint -AP. When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of the template we have choosed to social engineer .Eg “firmware upgrade.” When they provide their password, you capture it and then allow them to use the evil twin as their AP, s
EVIL TWIN ?? : An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user’s knowledge.
Wifiphisher takes the following steps:
- De-authenticate the user from their real AP.(Access Point)
- Allow the user to authenticate to your evil twin.
- Offer a webpage to the user on a proxy that notifies them Eg:”firmware upgrade” has taken place, and that they need to authenticate again.
- The Wi-Fi password is passed to the hacker and the user continues to the web oblivious to what just happened.
To perform this hack you need
* KALI LINUX
* TWO WIRELESS ADAPTERS “kali linux compatible wireless adapters”
STEP-1 DOWNLOAD WIFI PHISHER :
To begin,boot up Kali and open a terminal.Then clone Wifiphisher from GitHub
Root@kali:~ #cd Desktop
Root@kali:~/Desktop# git clone https://github.com/wifiphisher/wifiphisher.git
STEP-2 INSTALL WIFI – PHISHER DEPENDENCIES
To install dependencies we need to run the setup.py thats the python script file
the command to install the dependencies is
Root@kali:Desktop/wifiphisher/# python setup.py install
STEP – 3 RUNNING WIFI PHISHER
After installing we can run the wifi phisher . to run wifi phisher the command is
STEP -5 SELECTING – SSID
STEP-5 SELECTING TEMPLATE
STEP -6 PROCEEDING TO ATTACK
The target user has been de-authenticated from their AP. When they re-authenticate, they will directed to the the cloned evil twin access point.
⇒⇒⇒THIS IS FOR EDUCATIONAL PURPOSE ONLY ⇐⇐⇐
DISCLAIMER: THE HACKS SHOWN HERE ARE FOR AUDITING / TESTING YOUR OWN NETWORK AND APPLICATIONS ONLY . USE OF THIS HACKS IN MALICIOUS WAY WILL LEAD TO LEGAL PROBLEMS . ADMIN AND AUTHOR IS NOT RESPONSIBLE FOR THOSE ACTS ., THANK YOU