Sophron - Wifiphisher GitHub

Download as pdf or txt
Download as pdf or txt
You are on page 1of 4

4/11/2015

sophron/wifiphisher GitHub

Thisrepository

Explore

Search

Features

sophron / wifiphisher

Enterprise

Blog

Watch

Signup

240

Star

3,274

Signin

Fork

493

FastautomatedphishingattacksagainstWiFinetworks
Code
90commits

2branches

0releases

9contributors
Issues

branch:master

wifiphisher/

Redirectwhenreceiveemptypassword.

26

Pullrequests

Wiki
latestcommit864dab8986

sophronauthored9daysago

accesspointpages

IntroducedPOST_VALUE_PREFIX.

cert

Firstsampleoffiles.

7monthsago

.gitignore

Updated.gitignoretoallowlibdir.

7monthsago

LICENSE

Initialcommit

7monthsago

README.md

Addedcurrentversionnumber.

wifiphisher.py

Redirectwhenreceiveemptypassword.

9daysago

25daysago
9daysago

README.md

Pulse
Graphs

HTTPScloneURL

https://github.com/so
phron/wifiphi

YoucanclonewithHTTPSor
Subversion.

DownloadZIP

About
WifiphisherisasecuritytoolthatmountsfastautomatedphishingattacksagainstWiFinetworksin
ordertoobtainsecretpassphrasesandothercredentials.Itisasocialengineeringattackthatunlike
othermethodsitdoesnotincludeanybruteforcing.Itisaneasywayforobtainingcredentialsfrom
captiveportalsandthirdpartyloginpagesorWPA/WPA2secretpassphrases.
WifiphisherworksonKaliLinuxandislicensedundertheMITlicense.
Fromthevictim'sperspective,theattackmakesuseinthreephases:
1. Victimisbeingdeauthenticatedfromheraccesspoint.Wifiphishercontinuouslyjamsallofthe
targetaccesspoint'swifideviceswithinrangebysendingdeauthpacketstotheclientfromthe
accesspoint,totheaccesspointfromtheclient,andtothebroadcastaddressaswell.
2. Victimjoinsarogueaccesspoint.Wifiphishersniffstheareaandcopiesthetargetaccess
point'ssettings.Itthencreatesaroguewirelessaccesspointthatismodeledonthetarget.Italso
setsupaNAT/DHCPserverandforwardstherightports.Consequently,becauseofthejamming,
https://github.com/sophron/wifiphisher

1/4

4/11/2015

sophron/wifiphisher GitHub

clientswillstartconnectingtotherogueaccesspoint.Afterthisphase,thevictimisMiTMed.
3. Victimisbeingservedarealisticrouterconfiglookingpage.wifiphisheremploysaminimal
webserverthatrespondstoHTTP&HTTPSrequests.Assoonasthevictimrequestsapage
fromtheInternet,wifiphisherwillrespondwitharealisticfakepagethatasksforcredentials,for
exampleonethatasksWPApasswordconfirmationduetoarouterfirmwareupgrade.

PerformingMiTMattack

Usage
Short
form

Longform

maximum

noupdate

Explanation
Choosethemaximumnumberofclientstodeauth.Listofclientswill
beemptiedandrepopulatedafterhittingthelimit.Example:m5
Donotclearthedeauthlistwhenthemaximum(m)numberof
client/APcombosisreached.Mustbeusedinconjunctionwithm.
Example:m10n
Choosethetimeintervalbetweenpacketsbeingsent.Defaultisas

timeinterval

fastaspossible.Ifyouseescapyerrorslike'nobufferspace'try:t
.00001
Choosethenumberofpacketstosendineachdeauthburst.

https://github.com/sophron/wifiphisher

2/4

4/11/2015

sophron/wifiphisher GitHub

Defaultvalueis11packettotheclientand1packettotheAP.

packets

Send2deauthpacketstotheclientand2deauthpacketstothe
AP:p2

directedonly

accesspoint

jI

jamminginterface

aI

apinterface

Skipthedeauthenticationpacketstothebroadcastaddressofthe
accesspointsandonlysendthemtoclient/APpairs
EntertheMACaddressofaspecificaccesspointtotarget
Choosetheinterfaceforjamming.Bydefaultscriptwillfindthemost
powerfulinterfaceandstartsmonitormodeonit.
ChoosetheinterfaceforthefakeAP.Bydefaultscriptwillfindthe
secondmostpowerfulinterfaceandstartsmonitormodeonit.

Screenshots

Targetinganaccesspoint

Asuccessfulattack

https://github.com/sophron/wifiphisher

3/4

4/11/2015

sophron/wifiphisher GitHub

Fakerouterconfigurationpage

Requirements
KaliLinux.
Twowirelessnetworkadaptersonecapableofinjection.

Helpneeded
IfyouareaPythondeveloperorawebdesigneryoucanhelpusimprovewifiphisher.Feelfreetotake
alookatthebugtrackerforsometaskstodo.

Credits
ThescriptisbasedonanideafromDanMcInerney.ThepartsforthejammingandselectinganAP
havealsobeentakenfromhisscriptswifijammerandfakeAP.

License
WifiphisherislicensedundertheMITlicense.SeeLICENSEformoreinformation.

Version
Currentversionis1.1.

2015GitHub,Inc. Terms Privacy Security Contact

https://github.com/sophron/wifiphisher

Status API Training Shop Blog About

4/4

You might also like