WiFiPhisher v1.2 – Automated victim-customized phishing attacks against Wi-Fi clients

Wifiphisher is a safety instrument that mounts automatic sufferer-custom designed phishing attacks against WiFi clients with the intention to download credentials or infect the sufferers with malwares. It’s essentially a social engineering assault that in contrast to different strategies it does no longer come with any brute forcing. It is a simple approach for acquiring credentials from captive portals and 3rd birthday celebration login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.
Wifiphisher works on Kali Linux and is approved beneath the GPL license.

Releases web page ^(https://github.com/sophron/wifiphisher/releases) .

Utilization
Run the instrument by means of typing wifiphisher or python bin/wifiphisher (from throughout the instrument’s listing).
Via operating the instrument with none choices, it’ll in finding the correct interfaces and interactively ask the consumer to pick out the ESSID of the objective community (out of a listing with all of the ESSIDs within the round house) in addition to a phishing state of affairs to accomplish.


wifiphisher -aI wlan0 -jI wlan4 -p firmware-improve

Use wlan0 for spawning the rogue Get entry to Level and wlan4 for DoS attacks. Make a selection the objective community manually from the record and carry out the “Firmware Improve” state of affairs.
Helpful for manually settling on the wi-fi adapters. The “Firware Improve” ^(https://wifiphisher.org/ps/firmware-upgrade/) state of affairs is a simple approach for acquiring the PSK from a password-safe community.


wifiphisher --essid CONFERENCE_WIFI -p plugin_update -pK s3cr3tp4ssw0rd

Routinely select the correct interfaces. Goal the Wi-Fi with ESSID “CONFERENCE_WIFI” and carry out the “Plugin Replace” state of affairs. The Evil Dual will likely be password-safe with PSK “s3cr3tp4ssw0rd”.
Helpful against networks with disclosed PSKs (e.g. in meetings). The “Plugin Replace” ^(https://wifiphisher.org/ps/plugin_update/) state of affairs supplies a very easy approach for buying the sufferers to obtain malicious executables (e.g. malwares containing a opposite shell payload).


wifiphisher --nojamming --essid "FREE WI-FI" -p oauth-login

Don’t goal any community. Merely spawn an open Wi-Fi community with ESSID “FREE WI-FI” and carry out the “OAuth Login” state of affairs.
Helpful against sufferers in public spaces. The “OAuth Login” ^(https://wifiphisher.org/ps/oauth-login/) state of affairs supplies a easy approach for shooting credentials from social networks, like Fb.
Following are all of the choices together with their descriptions (additionally to be had with wifiphisher -h ):

Quick shapeLengthy shapeClarification
-h–helpdisplay this assist message and go out
-s SKIP–skip SKIPSkip deauthing this MAC deal with. Instance: -s 00:11:BB:33:44:AA
-jI JAMMINGINTERFACE–jamminginterface JAMMINGINTERFACEManually make a choice an interface that helps track mode for deauthenticating the sufferers. Instance: -jI wlan1
-aI APINTERFACE–apinterface APINTERFACEManually make a choice an interface that helps AP mode for spawning an AP. Instance: -aI wlan0
-t TIMEINTERVAL–timeinterval TIMEINTERVALMake a choice the time period between DEAUTH packets being despatched
-dP DEAUTHPACKETS–deauthpackets DEAUTHPACKETSMake a choice the collection of packets to ship in every deauth burst. Default price is 1; 1 packet to the customer and 1 packet to the AP. Ship 2 deauth packets to the customer and 2 deauth packets to the AP: -dP 2
-d–directedonlySkip the deauthentication packets to the printed deal with of the get admission to issues and most effective ship them to consumer/AP pairs
-nJ–nojammingSkip the deauthentication section. When this selection is used, most effective one wi-fi interface is needed
-e ESSID–essid ESSIDInput the ESSID of the rogue Get entry to Level. This feature will skip Get entry to Level variety section. Instance: –essid ‘Unfastened WiFi’
-p PHISHINGSCENARIO–phishingscenario PHISHINGSCENARIOMake a choice the phishing state of affairs to run.This feature will skip the state of affairs variety section. Instance: -p firmware_upgrade
-pK PRESHAREDKEY–presharedkey PRESHAREDKEYUpload WPA/WPA2 coverage at the rogue Get entry to Level. Instance: -pK s3cr3tp4ssw0rd

Screenshots

Concentrated on an get admission to level

A a hit assault

Pretend router configuration web page ^(https://wifiphisher.org/ps/firmware-upgrade/)

Pretend OAuth Login Web page ^(https://wifiphisher.org/ps/oauth-login/)

Pretend internet-primarily based community supervisor ^(https://wifiphisher.org/ps/wifi_connect/)

Disclaimer

  • Authors don’t personal the emblems beneath the wifiphisher/information/ listing. Copyright Disclaimer Underneath Phase 107 of the Copyright Act 1976, allowance is made for “truthful use” for functions comparable to grievance, remark, information reporting, educating, scholarship, and analysis.
  • Utilization of Wifiphisher for attacking infrastructures with out prior mutual consistency can also be regarded as as an criminality. It’s the ultimate consumer’s duty to obey all acceptable native, state and federal rules. Authors suppose no legal responsibility and aren’t answerable for any misuse or harm brought about by means of this program. 
Obtain WiFiPhisher ^(https://github.com/sophron/wifiphisher)

Author: Marshmallow

Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).