"Wifiphisher" is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase. It is a social engineering attack that unlike other methods it does not include any bruteforcing. It is an easy way for obtaining WPA credentials.
Scenario
WiFiPhisher tool uses "Evil Twin" attack scenario. Same as Evil Twin, the tool first creates a phony wireless Access Point (AP) masquerade itself as the legitimate WiFi AP. It then directs a denial of service (DoS) attack against the legitimate WiFi access point, or creates RF interference around it that disconnects wireless users of the connection and prompts users to inspect available networks. Once disconnected from the legitimate WiFi access point, the tool then force offline computers and devices to automatically reconnects to the evil twin, allowing the hacker to intercept all the traffic to that device. The technique is also known as AP Phishing, WiFi Phishing, Hotspotter, or Honeypot AP. These kind of attacks make use of phony access points with faked login pages to capture user's WiFi credentials, credit card numbers, launch man-in-the-middle attacks, or infect wireless hosts. As soon as the victim requests any web page from the internet, WifiPhisher tool will serve the victim a realistic fake router configuration looking page that will ask for WPA password confirmation due to a router firmware upgrade. The tool, thus, could be used by hackers and cybercriminals to generate further phishing and man-in-the-middle attacks against connected users.
Wifi Credit Card Video
Requirements
- Kali Linux.
- Two wireless network interfaces, one capable of injection
Phases
Phase 1-Victim is being deauthenticated from her access point
Wifiphisher continuously jams all of the target access point's wifi devices within range by sending 802.11 deauthentication frames to the client from the access point, to the access point from the client, and to the broadcast address as well.
Phase 2-Victim joins a rogue access point
Wifiphisher sniffs the area and copies the target access point's settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.
Phase 3-Victim is being served a realistic router config-looking page
wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for WPA password confirmation due to a router firmware upgrade.
Usage
Are You Looking for Products
Here some products related to "Wifiphisher".
RTL8188EE 802.11b/g/n PCI..
HP RT5390 Half-height Min..
Eye-Fi Share 2 GB Wi-Fi S..
Fujitsu ScanSnap iX500 De..
Get these at Amazon.com* amzn.to is official short URL for Amazon.com, provided by Bitly
Source of the article : here
EmoticonEmoticon