What Is WifiPhisher ?

Wifiphisher is an open-source framework that can be used to communicate the red team on wireless networks using Man in the Middle attacks.

The tool is capable of using modern Wi-Fi association methods such as Known Beacons, KARMA, and Evil Twin.

Using the Known Beacons method, Wifiphisher broadcasts ESSIDs that are known to the audience. KARMA is a cloaking technique in which the Wifiphisher acts as a public network.

Evil Twin is the most common method of creating rogue hotspots. In addition, this tool can also be used to launch phishing attacks to steal social media credentials and inject payloads against Wi-Fi clients.

How To Install WifiPhisher ?

Wifiphisher requires a wireless adapter that must support packet injection and monitor mode. Wifiphisher is supported by Linux OS with Kali Linux as the officially supported distribution.

Also Read  zANTI

To Install WifiPhisher Follow The Steps Below.

Step – 01

Installation can be done by cloning the tool from Github.

git clone https://github.com/wifiphisher/wifiphisher.git

Step – 02

After cloning the tool, go to the Wifiphiser directory.

cd wifiphisher

Step – 03

Now to run the setup file.

sudo python setup.py install

How WifiPhisher Works ?

Wifiphisher can be run with or without any parameters or options. To run the tool without setting any parameters, simply type wifiphisher or python bin/wifiphisher in the terminal.

The tool searches for the corresponding Wi-Fi interface and opens in GUI mode.

Once the GUI is open, the tool searches for available Wi-Fi networks (ESSID) in the vicinity. The target ESSID can be selected using the up / down arrow keys.

Also Read  How To Hack Instagram ?

As mentioned earlier, the tool is capable of performing all modern MITM WiFi attacks. KARMA and Evil Twin are Wifiphisher’s default attack modes.

Evil Twin attack can be performed by running the tool with the following command parameters.

wifiphisher -aI wlan0 -jI wlan1 -p firmware-upgrade --handshake-capture handshake.pcap

The above command uses the wlan0 interface as a rogue access point that victims can connect to. Wlan1 with the –jI flag is used to launch a denial of service (DoS) attack. A DoS attack prevents users from connecting to a real access point.

A firmware update option is displayed for users to enter a Wi-Fi key to connect and update (fake) firmware. The handshake argument to the command verifies the authenticity of the user-supplied key.

Also Read  Netcut

Wifiphisher isn’t limited to stealing WiFi credentials. It can be used to inject malicious code/malware into the victim’s machine using a plugin update script.

wifiphisher --essid Office_Wifi -p plugin_update -pK <Pre-shared Key>

The above command sends the plugin update parameter to an ESSID named Office_Wifi. In this scenario, the attacker knows the Wi-Fi key (preshared key).

Victims performing the plugin update task are actually downloading malicious code onto their machines. The code could be malware or a shell that could provide an attacker with remote access.

Likewise, Wifiphisher can also be used to steal the credentials of social media users.

wifiphisher --noextensions --essid "Free wifi" -p oauth-login -kB

The above command asks users to connect to the free Wi-Fi ESSID by entering their social account credentials such as FB.

Hope you learn something from this tutorial.

Here You Will Find All Kind OF Information Related To Cybersecurity, What Is Hacking, All Kind Of Hacking Attacks Informations. So That You Can Avoid Such Problemes. Which Says Precision Is Better Than Cure.

Warning ! ! !
All The Information Provided Here Is For Educational Purposes Only.
You Are Solely Responsible For What You Do With This Information.

Disclaimer ! ! !
We Don't Support Or Promote Any Illegal Activities.
Our Main Goal Is To Spread Awareness On CyberSecurity Among People.
So, That They Can Avoid Such Tragedy

Leave a Comment