Skip to main content

WiFiPhisher — Automated Phishing Attacks Against Wi-Fi Networks


A Greek security researcher, named George Chatzisofroniou, has developed a WiFi social engineering tool that is designed to steal credentials from users of secure Wi-Fi networks.

The tool, dubbed WiFiPhisher, has been released on the software development website GitHub on Sunday and is freely available for users.

    "It's a social engineering attack that does not use brute forcing in contrast to other methods. It's an easy way to get WPA passwords," said George Chatzisofroniou.

However, there are several hacking tools available on the Internet that can hack a secure Wi-Fi network, but this tool automates multiple Wi-Fi hacking techniques which make it slightly different from others.

WiFiPhisher tool uses "Evil Twin" attack scenario. Same as Evil Twin, the tool first creates a phony wireless Access Point (AP) masquerade itself as the legitimate Wi-Fi AP. It then directs a denial of service (DoS) attack against the legitimate Wi-Fi access point, or creates RF interference around it that disconnects wireless users of the connection and and prompts users to inspect available networks
Once disconnected from the legitimate Wi-Fi access point, the tool then force offline computers and devices to automatically re-connects to the evil twin, allowing the hacker to intercept all the traffic to that device.

The technique is also known as AP Phishing, Wi-Fi Phishing, Hotspotter, or Honeypot AP. These kind of attacks make use of phony access points with faked login pages to capture users’ Wi-Fi credentials, credit card numbers, launch man-in-the-middle attacks, or infect wireless hosts.

    "WiFiPhisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase [and] does not include any brute forcing," Chatzisofroniou said. "WifiPhisher sniffs the area and copies the target access point's settings [and] creates a rogue wireless access point that is modeled on the target."

As soon as the victim requests any web page from the internet, WifiPhisher tool will serve the victim a realistic fake router configuration-looking page that will ask for WPA password confirmation due to a router firmware upgrade
The tool, thus, could be used by hackers and cybercriminals to generate further phishing and man-in-the-middle attacks against connected users.

There is also criticism of the tool on several online discussion forums, because it would not be possible to set up a fake access point without a password.

    "The tool is actually creating a second, unencrypted network. On Windows it will give you a warning that the configuration of the network has changed. On Android you'd have to manually reconnect to the unencrypted network. So their method doesn't automatically perform a man-in-the-middle attack," said one of the critics on Reddit.

Wifiphisher works on Kali Linux and is licensed under the MIT license. Users can download and install the tool on their Kali Linux distribution for free.
Labels:

Comments

Post a Comment

Popular posts from this blog

JNTU-K B.Tech R10 All Results | Manabadi | Schools9 | jntuk.edu.in

Hi Friends...! It is some what difficult to search the all regular and supply results in google from manabadi, schools9 or from jntuk.edu.in for JNTU-Kakinada B.Tech students of R10 Regulation. So, that for this purpose Results Release team collected all the results and providing you to check the results of jntuk r10 regulation.  JNTU-K R10 B.Tech All Results [2010-14] JNTU-K R10 B.Tech All Results [2011-15] JNTU-K R10 B.Tech All Results [2012-16]
1 comment
continue ----------->

Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll )

(Size: 530 MB) Adobe® Acrobat® XI Pro is more than just the leading PDF converter. It's packed with smart tools that give you even more power to communicate. Easily, seamlessly, brilliantly. NEW Edit text in a PDF - Fix a typo, change a font, or add a paragraph to your PDF as easily as you do in other applications using a new point-and-click interface. NEW Convert PDF files to PowerPoint - Get a head start on new projects by saving a PDF file as a fully editable PowerPoint presentation. NEW Create new PDF and web forms - Customize professional templates or design from scratch with the Adobe FormsCentral desktop app included in Acrobat XI Pro. IMPROVED Standardize routine PDF tasks - Make it easy to create PDFs consistently. Guide people through the correct series of steps with Actions. NEW Edit images in a PDF - Resize, replace, and adjust images in your PDF with no need to track down the original file or graphic.
1 comment
continue ----------->

The anatomy of anxiety

Post a Comment
continue ----------->

Mac OS X 10.8 Mountain Lion ISO Untouched OS download

Description I noticed that there are no complete and untouched Mountain Lion ISO images uploaded on any torrent sites. The only one available had its boot sector stripped so it could fit onto a 4.7 gb dvd. Therefore it is not bootable or very hard to boot! So here is a untouched copy of Mountain Lion in the ISO format. It will require a dual layer dvd to burn!  This iso was made by opening the golden master "InstallESD.dmg" in disk utility and converting it to a cd/dvd master. Macs use the extension ".cdr" for raw image files so I then changed it to ".iso". Now it is completely compatible to be burned with any iso image burner available! To burn on a mac in disk utility simply change the extension back to ".cdr". 
1 comment
continue ----------->