A new Attack for Wi-Fi has been released called Wifiphisher.
This attack is a play on old tricks using a Man-in-the-Middle and phishing attack.
It works by selecting a target router then kicking their connection which forces them to connect to you instead of their router.
When they do they are asked for their Wi-Fi username and password to upgrade the firmware of the router.
After they enter their password it is displayed to your screen. Once you have the password, they are allowed to automatically reconnect to their router and move on.
They have the attack listed as the following steps.
From the victim’s perspective, the attack makes use in three phases:
1…..Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point’s wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.
1…..Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point’s wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.
2…..Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point’s settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.
3…..Victim is being served a realistic router config-looking page. wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for credentials, for example one that asks WPA password confirmation due to a router firmware upgrade.
It runs from Kali Linux and needs two wireless cards one that the victim can connect to and another to kick their connection with the Deauth command which requires a Kali Linux compatible adapter to do. I choose TP_link wireless USB adapter which is available on Flipkart
This is a tool that I am going to play with on my test routers and see how well it works.
To install wifiphisher, open a terminal window and enter the following command.
git clone https://github.com/sophron/wifiphisher.git
git clone https://github.com/sophron/wifiphisher.git
To run it type:
cd wifiphisher
sudo python ./wifiphisher.py
cd wifiphisher
sudo python ./wifiphisher.py
Here is the Github home page for wifiphisher. https://github.com/sophron/wifiphisher
Here is a YouTube video showing it.
Please:Like , Posts Comments to motivates me to post more..
New method of Hack WiFi - WiFi-Phisher
Reviewed by Moonlesknight
on
23:54:00
Rating:
Reviewed by Moonlesknight
on
23:54:00
Rating:
I’m probably not the only who’ll love to keep a tab on my loved ones; knowing what he does on his phone and PC as well as his social media activities. Well I met the only reliable hacker/private investigator ( Hackmarvel4@gmail.com) who handles such jobs with precision. Surprisingly, he offered me a 24-hours total refund if I find his services unsatisfactory but he delivered way more than I expected. I’ll gladly list a couple of services he offers:
ReplyDeleteTracking GPS location – Call Recordings – Call Logs Retrieval – Incoming calls restriction – Remotely accessing SMS –Genuine Software cracking --Game hacking and cracking --Keylogging – Remote device control – Calendar Monitoring – Remote email spying –Internet Usage Monitoring —Message retrievals: whatsapp message retrieval, iTunes message retrieval, Facebook message retrieval, instagram, snapchat message and story retrieval, etc– Intercepting Instant Messages: Whatsapp Spy, Viber Spy, Facebook Spy, Skype Spy, Hangouts Spy — Result/Grades modification; University, high school, professional schools, etc– Phone and PC bugging —Ambient Recording: Live listen and record voice surrounding phones – USSD Control commands .I’m quite sure he’s into many more. You can’t underestimate what he can do for you. You might really wanna consider contacting him today. He’s definitely going to be of great help.
( Hackmarvel4@gmail.com)
I’m probably not the only who’ll love to keep a tab on my loved ones; knowing what he does on his phone and PC as well as his social media activities. Well I met the only reliable hacker/private investigator ( Hackmarvel4@gmail.com) who handles such jobs with precision. Surprisingly, he offered me a 24-hours total refund if I find his services unsatisfactory but he delivered way more than I expected. I’ll gladly list a couple of services he offers:
ReplyDeleteTracking GPS location – Call Recordings – Call Logs Retrieval – Incoming calls restriction – Remotely accessing SMS –Genuine Software cracking --Game hacking and cracking --Keylogging – Remote device control – Calendar Monitoring – Remote email spying –Internet Usage Monitoring —Message retrievals: whatsapp message retrieval, iTunes message retrieval, Facebook message retrieval, instagram, snapchat message and story retrieval, etc– Intercepting Instant Messages: Whatsapp Spy, Viber Spy, Facebook Spy, Skype Spy, Hangouts Spy — Result/Grades modification; University, high school, professional schools, etc– Phone and PC bugging —Ambient Recording: Live listen and record voice surrounding phones – USSD Control commands .I’m quite sure he’s into many more. You can’t underestimate what he can do for you. You might really wanna consider contacting him today. He’s definitely going to be of great help.
( Hackmarvel4@gmail.com)