WiFi Phisher: A social engineering tool that allows you to hack the password of a Wi-Fi


After iDict, which allows a brute force attack on an iCloud account, here's a new tool named WiFiPhisher and which is now attacking the Wi-Fi! Certainly, developers are in shape for the new year!

A researcher Greek security Chatzisofroniou named George, has developed a social engineering tool that aims to steal the security key to a secure Wi-Fi network and capture traffic. The fact that it is a social engineering tool that one should expect the cooperation of the target user to reach our end. The goal is not to use force with brute force attack, but rather by forcing the user to cooperate handing him a trap.

WiFiPhisher relies on different techniques of hacking related to Wi-Fi to operate, including the attack scenario "Evil Twin".



How does it work?

The tool first creates a fake access point (AP) Wireless Internet in order to impersonate the legitimate access point. Then he began a denial of service on the legitimate access point, or it causes interference to disconnect customers from the access point. Once disconnected clients, they will return (usually ...) see Wi-Fi networks ...

They will then be automatically reconnected to the Wi-Fi network but via the access point of the pirate, allowing it to intercept all traffic!

Aside from the traffic capture, we can automatically redirect users to a phishing page, which states that after updating the firmware, the router had to restart and it is necessary to grasp the key again security. If the user enters the security key then the hacker will get it!


You'll understand this attack promotes phishing attacks and man-in-the-middle. Beware when a page "magically Appear" and ask you to indicate the confidential information ...

Kali WiFiPhisher available on Linux!

Free on Kali Linux, WiFiPhisher nonetheless received some criticism on forums ... Indeed, it is not possible to directly create a Wi-Fi network without a password, to entice users to connect.

A review on Reddit specifies that the tool creates a second network unencrypted. On Windows, this will give a warning that the network configuration has changed, whereas on Android it will perform manual reconnection. Therefore, the method for making a man-in-the-middle attack is not automatically true.
Previous
Next Post »