WIFI HACKING ~wifiphisher~

In recent years, Wi-Fi networks are usually secured with the Wi-Fi Protected Access II (WPA2), a security protocol which leverages a strong cryptographic hash function (PBKDF2 with the network’s ESSID as salt) to protect the pre-shared key (PSK).

WIFI – PHISHING:  

Wi-Fi phishing consists of two steps. The first step involves the process of associating with Wi-Fi clients unknowingly (e.g. KARMA / Evil Twin techniques), while the second step involves presenting to the victim user a familiar authentication interface. Making the authentication interface look legitimate will greatly increase the success rate of the attack.

WIFI-PHISHER :  

Wifiphisher is a security tool that mounts automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It is primarily a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.

Wifiphisher works on Kali Linux and is licensed under the GPL license

The idea here is to create an evil twin AP, then de-authenticate  the user from their real AccessPoint -AP.  When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of the template we have choosed to social engineer .Eg “firmware upgrade.” When they provide their password, you capture it and then allow them to use the evil twin as their AP, s

EVIL TWIN ?? : An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user’s knowledge.

Wifiphisher takes the following steps:

  1. De-authenticate the user from their real AP.(Access Point)
  2. Allow the user to authenticate to your evil twin.
  3. Offer a webpage to the user on a proxy that notifies them   Eg:”firmware upgrade” has taken place, and that they need to authenticate again.
  4. The Wi-Fi password is passed to the hacker and the user continues to the web oblivious to what just happened.

To perform this hack you need

* KALI LINUX

* TWO WIRELESS ADAPTERS    “kali linux compatible wireless adapters

STEP-1     DOWNLOAD WIFI PHISHER :   

To begin,boot up Kali and open a terminal.Then clone Wifiphisher from GitHub

Root@kali:~ #cd Desktop

  Root@kali:~/Desktop# git clone https://github.com/wifiphisher/wifiphisher.git

Screenshot (49)

STEP-2  INSTALL WIFI – PHISHER DEPENDENCIES

To install dependencies  we need to run the setup.py  thats the python script file

the command to install the dependencies is

Root@kali:Desktop/wifiphisher/# ls

Root@kali:Desktop/wifiphisher/# python setup.py install

Screenshot (51)

STEP – 3 RUNNING WIFI PHISHER

After installing  we can  run the wifi phisher .  to run wifi phisher the command is

Root@kali:# wifiphisher

Screenshot (52)

STEP -5  SELECTING     –    SSID

Screenshot (53)

STEP-5     SELECTING TEMPLATE 

Screenshot (56)

STEP -6   PROCEEDING TO ATTACK 

Screenshot (58)

The target user has been de-authenticated from their AP. When they re-authenticate, they will directed to the the cloned evil twin access point.

Screenshot_2017-03-26-17-20-23
THIS IS THE PHISHING PAGE OF WIFIPHISHER “FIRMWARE UPGRADE”

⇒⇒⇒THIS IS FOR EDUCATIONAL PURPOSE ONLY ⇐⇐⇐

DISCLAIMER:  THE HACKS SHOWN HERE ARE FOR AUDITING / TESTING YOUR OWN NETWORK AND APPLICATIONS ONLY .  USE OF THIS HACKS IN MALICIOUS WAY WILL LEAD TO LEGAL PROBLEMS  .  ADMIN AND AUTHOR IS NOT RESPONSIBLE FOR THOSE ACTS ., THANK YOU

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s