Welcome back to the last Wireless tutorial we talked a little about hacking WPA/WPA2 passwords using brute forcing methods in this tutorial Hack Wi-Fi Networks Without Cracking Wifiphisher. We will talk about hacking WPA/WPA2 networks without using brute force methods by creating an Evil Twin access point mimicking a Wireless access point we can easily trick clients into connecting to it and leak their credentials.
What is Wifiphisher
Wifiphisher is a wireless security tool that mounts automated victim customized phishing attacks against WiFi clients. This allows the attacker to obtain credentials or infect the target machine with malware. This method uses a social engineering attack method that can quickly trick the target into unknowingly handing over there password. Unlike other methods, it does not include any brute forcing of any kind. It is a quick and easy way to obtaining credentials from captive portals and third-party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.
Wifiphisher works on Kali Linux and is licensed under the GPL license.
Scenario
Let's assume that we are testing the security of our home network. We have turned off WPS and took all the precautions to safeguard our network against attackers. We have also changed the Password of the network AP to a strong password to prevent brute force attacks. Although there are others who use the same network from other devices who could potentially leak the Wireless password through human error this Wireless attack relies on a little deception and trickery.
Let's assume our network has 1 Access Point that is shared amongst 3 users we could use Wifiphisher to trick the clients into openly and unknowingly handing over their password. Using Social Engineering techniques Wifiphisher can easily create an Evil Twin access point we can trick the clients into reconnecting to the Evil Twin access point.
Installing Wifiphisher
To install Wifiphisher clone the script using git.
In a new terminal use these commands to download and install Wifiphisher.
git clone https://github.com/wifiphisher/wifiphisher.git
cd wifiphisher
sudo python setup.py install
After the script has finished unpacking and installing resources we can start Wifiphisher.
python setup.py build && python setup.py install
Requirments
1x Wireless Interface that supports Managed mode.
1x Wireless INterface that supports Monitor mode.
Kali Linux or Linux Operating System
Wifiphisher
First of all, do a scan of nearby access points we will be looking for clients connected to the Network.
Start Wifiphisher using the following command.
wifiphisher
Alternately use python bin/wifiphisher from Wifiphishers script location.
python bin/wifiphisher
Specify Wireless Interfaces (Sometimes when starting Wifiphisher it will automatically select what network interfaces to use using the commands below we can specify what interfaces we want to use.)
Let's start first and up a new terminal and go to Wifiphishers download location using the cd for example.
cd wifiphisher
Now start wifiphisher replace wlan1, wlan2 with the name of your Wireless interfaces.
python bin/wifiphisher -aI wlan1 -jI wlan2
(-aI = ap interface -jI = Jamming interface)
Wifiphisher will now start scanning for Wireless Networks. From the Network, list choose the target wireless network using up and down keys when you have found the target network press Enter.
A list of phishing scenarios will appear I will use 10 “Firmware Uprade Page” this page will display a router configuration page without any logos or branding asking for WPA/WPA2 network password due to a firmware update.”)
(When you first load Wifiphisher you will only have a few phishing Scenarios to choose from. I have added a lot to my list over time don’t worry if your list does not look like the one in the screenshot. I will show you how to add extra phishing scenarios later on in the tutorial.)
After selecting what phishing scenario we want to use Wifiphisher will start an Evil Twin access point and spawn a lister. Any clients connected to the Wireless network will be de-authenticated by Wifiphisher and forced to connect to the Evil Twin access point.
The screenshot below shows the target client is authenticated to the Evil Twin hotspot created by Wifiphisher.
After the client authenticates to the network any website that the target tries to browse to in the web browser will be diverted to a fake page prompting for credentials.
The screenshot below shows what clients are being deauthencated by Wifiphisher on the right-hand side we can see the Evil Twin access point created by Wifiphisher and what channel and interface its running on.
If you look at the section HTTP requests this shows what sites connected clients are looking for instead of loading the website the target client is looking for a fake phishing page created by Wifiphisher will appear.
GET = Sites clients are requesting.
POST = Post requests from connected clients. Requests with the tag POST will show POST requests that the target has sent over the network.
The POST request in the screenshot below shows credentials gathered by the web page attribute wfphshr-WPA-password. This POST request tells us that the target has entered the Wireless key “PRESH4REDK3Y”.
We have now successfully phished a Wireless network passphrase using Wifiphisher. When we first installed Wifiphisher it will contain very limited phishing scenarios don’t worry we can add new phishing pages or even create our own Templates.
Installing Extra Phishing Scenario Pages
When you first install wifiphisher you will notice that there are a few phishing scenarios to choose from for whatever reason you may want to add your own pages to wifiphisher.
1. Download Web page
2. Copy webpage to wifiphisher
3. Edit Html web pages to suit Wifiphishers configuration
4. Create a config file (This will allow us to integrate our pages into the wifiphishers menu.)
Downloading Web Pages from Linux Terminal
wget -E -H -k -K -p <insert URL here>
wget --page-requisites --https-only -K --no-clobber https://hackingvision.com
What these wget options do.
-E, --adjust-extension save HTML/CSS documents with proper extensions
-H, --span-hosts go to foreign hosts when recursive
-K, --backup-converted before converting file X, back up as X.orig
-k, --convert-links make links in downloaded HTML or CSS point to
-p, --page-requisites Include page requisites
You could create your own Templates in HTML, PHP, CSS and add attributes your self. This provides a quick way of creating new compatible templates in the older version of Wifiphisher attribute wpshr- must have been added the new version of Wifiphisher allows us to use an attribute.
Open up your scripts download location and navigate to wifiphisher/wifiphisher/data/phishing-pages. Folder names must be lowercase alfa without spaces for example “my-phishing-page”.
Let's take a deeper look inside the configuration files this will give you an idea of how Wifiphisher adds new phishing scenarios to its menu without editing the script directly the screenshot below shows the structure of a phishing template directory.
Each template has its own config.in files these files are used to describe templates and quickly add then to Wifiphishers menu. This is an example of a configuration file simply rename the template and add a description you can remove the context if you wish it will not affect the scripts ability to run you can also edit context to suit the target AP vendor.
[info] Name: Firmware Upgrade Page
Description: A router configuration page without logos or brands asking for WPA/WPA2 password due to a firmware upgrade. Mobile-friendly. [context] firmware_version: 1.0.12
# Comment in the line below to override automatic vendor detection
# target_ap_vendor: AP_VENDOR
As an example, I have added GoPro Camera phishing page prompting for an important update.
The screenshot below shows credentials gathered by the fake GoPro page.
Wifiphisher we can also support Lure10 attacks.
Lure10 attacks make nearby Windows devices believe that is within the area that was previously captured with.--lure-capture
Lure10 fools the Windows Location Service into sending out the Broadcast message that a WLAN that is tagged as WiFi-Sense in that area.
To use Lure10 exploit to use the following command.
python bin/wifiphisher --lure10-exploit area_20170414_123200 --essid "WiFiSense-Tagged-WLAN
If you would like to create a Wireless Access point with a specific name use –essid options.
--essid "WiFiSense-Tagged-WLAN"
Thanks for supporting HackingVision Hack if you enjoyed this article Wi-Fi Networks Without Cracking Wifiphisher consider sharing with friends.
Welcome back to the last Wireless tutorial we talked a little about hacking WPA/WPA2 passwords using brute forcing methods in this tutorial Hack Wi-Fi Networks Without Cracking Wifiphisher. We will talk about hacking WPA/WPA2 networks without using brute force methods by creating an Evil Twin access point mimicking a Wireless access point we can easily trick clients into connecting to it and leak their credentials.
What is Wifiphisher
Wifiphisher is a wireless security tool that mounts automated victim customized phishing attacks against WiFi clients. This allows the attacker to obtain credentials or infect the target machine with malware. This method uses a social engineering attack method that can quickly trick the target into unknowingly handing over there password. Unlike other methods, it does not include any brute forcing of any kind. It is a quick and easy way to obtaining credentials from captive portals and third-party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.
Wifiphisher works on Kali Linux and is licensed under the GPL license.
Scenario
Let's assume that we are testing the security of our home network. We have turned off WPS and took all the precautions to safeguard our network against attackers. We have also changed the Password of the network AP to a strong password to prevent brute force attacks. Although there are others who use the same network from other devices who could potentially leak the Wireless password through human error this Wireless attack relies on a little deception and trickery.
Let's assume our network has 1 Access Point that is shared amongst 3 users we could use Wifiphisher to trick the clients into openly and unknowingly handing over their password. Using Social Engineering techniques Wifiphisher can easily create an Evil Twin access point we can trick the clients into reconnecting to the Evil Twin access point.
Installing Wifiphisher
To install Wifiphisher clone the script using git.
In a new terminal use these commands to download and install Wifiphisher.
git clone https://github.com/wifiphisher/wifiphisher.git
cd wifiphisher
sudo python setup.py install
After the script has finished unpacking and installing resources we can start Wifiphisher.
python setup.py build && python setup.py install
Requirments
1x Wireless Interface that supports Managed mode.
1x Wireless INterface that supports Monitor mode.
Kali Linux or Linux Operating System
Wifiphisher
1x Wireless INterface that supports Monitor mode.
Kali Linux or Linux Operating System
Wifiphisher
First of all, do a scan of nearby access points we will be looking for clients connected to the Network.
Start Wifiphisher using the following command.
wifiphisher
Alternately use python bin/wifiphisher from Wifiphishers script location.
python bin/wifiphisher
Specify Wireless Interfaces (Sometimes when starting Wifiphisher it will automatically select what network interfaces to use using the commands below we can specify what interfaces we want to use.)
Let's start first and up a new terminal and go to Wifiphishers download location using the cd for example.
cd wifiphisher
Now start wifiphisher replace wlan1, wlan2 with the name of your Wireless interfaces.
python bin/wifiphisher -aI wlan1 -jI wlan2
(-aI = ap interface -jI = Jamming interface)
Wifiphisher will now start scanning for Wireless Networks. From the Network, list choose the target wireless network using up and down keys when you have found the target network press Enter.
A list of phishing scenarios will appear I will use 10 “Firmware Uprade Page” this page will display a router configuration page without any logos or branding asking for WPA/WPA2 network password due to a firmware update.”)
(When you first load Wifiphisher you will only have a few phishing Scenarios to choose from. I have added a lot to my list over time don’t worry if your list does not look like the one in the screenshot. I will show you how to add extra phishing scenarios later on in the tutorial.)
After selecting what phishing scenario we want to use Wifiphisher will start an Evil Twin access point and spawn a lister. Any clients connected to the Wireless network will be de-authenticated by Wifiphisher and forced to connect to the Evil Twin access point.
The screenshot below shows the target client is authenticated to the Evil Twin hotspot created by Wifiphisher.
After the client authenticates to the network any website that the target tries to browse to in the web browser will be diverted to a fake page prompting for credentials.
The screenshot below shows what clients are being deauthencated by Wifiphisher on the right-hand side we can see the Evil Twin access point created by Wifiphisher and what channel and interface its running on.
If you look at the section HTTP requests this shows what sites connected clients are looking for instead of loading the website the target client is looking for a fake phishing page created by Wifiphisher will appear.
GET = Sites clients are requesting.
POST = Post requests from connected clients. Requests with the tag POST will show POST requests that the target has sent over the network.
POST = Post requests from connected clients. Requests with the tag POST will show POST requests that the target has sent over the network.
The POST request in the screenshot below shows credentials gathered by the web page attribute wfphshr-WPA-password. This POST request tells us that the target has entered the Wireless key “PRESH4REDK3Y”.
We have now successfully phished a Wireless network passphrase using Wifiphisher. When we first installed Wifiphisher it will contain very limited phishing scenarios don’t worry we can add new phishing pages or even create our own Templates.
Installing Extra Phishing Scenario Pages
When you first install wifiphisher you will notice that there are a few phishing scenarios to choose from for whatever reason you may want to add your own pages to wifiphisher.
1. Download Web page
2. Copy webpage to wifiphisher
3. Edit Html web pages to suit Wifiphishers configuration
4. Create a config file (This will allow us to integrate our pages into the wifiphishers menu.)
2. Copy webpage to wifiphisher
3. Edit Html web pages to suit Wifiphishers configuration
4. Create a config file (This will allow us to integrate our pages into the wifiphishers menu.)
Downloading Web Pages from Linux Terminal
wget -E -H -k -K -p <insert URL here> wget --page-requisites --https-only -K --no-clobber https://hackingvision.com What these wget options do. -E, --adjust-extension save HTML/CSS documents with proper extensions -H, --span-hosts go to foreign hosts when recursive -K, --backup-converted before converting file X, back up as X.orig -k, --convert-links make links in downloaded HTML or CSS point to -p, --page-requisites Include page requisites
You could create your own Templates in HTML, PHP, CSS and add attributes your self. This provides a quick way of creating new compatible templates in the older version of Wifiphisher attribute wpshr- must have been added the new version of Wifiphisher allows us to use an attribute.
Open up your scripts download location and navigate to wifiphisher/wifiphisher/data/phishing-pages. Folder names must be lowercase alfa without spaces for example “my-phishing-page”.
Let's take a deeper look inside the configuration files this will give you an idea of how Wifiphisher adds new phishing scenarios to its menu without editing the script directly the screenshot below shows the structure of a phishing template directory.
Each template has its own config.in files these files are used to describe templates and quickly add then to Wifiphishers menu. This is an example of a configuration file simply rename the template and add a description you can remove the context if you wish it will not affect the scripts ability to run you can also edit context to suit the target AP vendor.
[info] Name: Firmware Upgrade PageDescription: A router configuration page without logos or brands asking for WPA/WPA2 password due to a firmware upgrade. Mobile-friendly. [context] firmware_version: 1.0.12
# Comment in the line below to override automatic vendor detection
# target_ap_vendor: AP_VENDOR
# target_ap_vendor: AP_VENDOR
As an example, I have added GoPro Camera phishing page prompting for an important update.
The screenshot below shows credentials gathered by the fake GoPro page.
Wifiphisher we can also support Lure10 attacks.
Lure10 attacks make nearby Windows devices believe that is within the area that was previously captured with.
--lure-capture
Lure10 fools the Windows Location Service into sending out the Broadcast message that a WLAN that is tagged as WiFi-Sense in that area.
To use Lure10 exploit to use the following command.
python bin/wifiphisher --lure10-exploit area_20170414_123200 --essid "WiFiSense-Tagged-WLAN
If you would like to create a Wireless Access point with a specific name use –essid options.
--essid "WiFiSense-Tagged-WLAN"
Thanks for supporting HackingVision Hack if you enjoyed this article Wi-Fi Networks Without Cracking Wifiphisher consider sharing with friends.
We are group of trained hackers from around the world, skilled in providing you different hacking services like web server security, bitcoin app or wallet security, social media hacking ( Facebook, WhatsApp,Instagram) credit score and so on. Contact us at www.netweakhackers.com for more information WE PROVIDE SERVICES BEFORE PAYMENT
ReplyDeleteI Want to use this medium in appreciating cyber golden hacker , after being ripped off my money,he helped me find my cheating lover he helped me hack her WHATSAPP, GMAIL and kik and i got to know that he was cheating on me, in less than 24 hours he helped me out with everything, cybergoldenhacker is trust worthy and affordable contact him on: cybergoldenhacker at gmail dot com
ReplyDelete
ReplyDeleteThis professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:
-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change
Email: cybergoldenhacker at gmail dot com