Wifiphisher
Automated phishing attacks against Wi-Fi networks to obtain secret passphrases or other credentials without brute forcing. It uses social engineering to trick users into entering WPA/WPA2 passphrases via fake captive portals or firmware upgrade pages.
Description
Wifiphisher is a security tool that mounts automated phishing attacks against Wi-Fi networks. It creates rogue access points and presents fake webpages, such as firmware upgrades or captive portals, to capture credentials from connected clients. Unlike brute force methods, it relies on social engineering to obtain WPA/WPA2 secret passphrases or third-party login credentials.
Use cases include testing Wi-Fi network security by simulating real-world phishing scenarios. It deploys a fake access point mimicking legitimate networks, luring clients to connect and disclose sensitive information through phishing templates.
The tool supports monitor and AP modes on wireless interfaces, DHCP leasing, and HTTP request logging for captured data. It is particularly effective against users connecting to 'Free Wi-Fi' style hotspots expecting seamless access.
How It Works
Wifiphisher selects a wireless interface supporting AP and monitor modes to create a rogue access point with a specified ESSID. It starts DHCP services, configures iptables, and optionally avoids jamming (-nJ). Phishing scenarios like firmware-upgrade (-T) serve webpages prompting for network PSK. Client connections trigger HTTP requests and POST submissions of credentials, logged alongside DHCP leases and deauth activities.
Installation
sudo apt install wifiphisherFlags
Examples
wifiphisher -nJ -e "Free Wi-Fi" -T firmware-upgradewifiphisher -hwifiphisher -i wlan1wifiphisher -i wlan0wifiphisher --interface INTERFACEwifiphisher -eI EXTENSIONSINTERFACE