Phishing Wifi-Passwords & Facebook Credentials with Wifiphisher

April 14, 2017 | Views: 26352

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Wifiphisher is a tool that I love using on a daily basis.

It’s simple, easy and great for beginners and professionals.

WHAT YOU NEED:

  • Laptop with onboard or additional Wifi-Adapter
  • 2x Wifi-Adapters (recommended)
  • Targets (optional)

 

I had to buy myself an additional Wifi-Adapter to the onboard one I got on my Laptop. Make sure you buy a compatible (supports monitor mode) one because in the picture below the one by “Belkin” is not compatible and therefore useless with Wifiphisher.

67xqflh-imgur-1

INSTALLATION:

First, open your Terminal and type “git clone https://github.com/wifiphisher/wifiphisher”

then go over and open the Wifiphisher directory with “cd wifiphisher

just follow up with the command “sudo python setup.py install”

now you should be able to open Wifiphisher by just typing “wifiphisher” in the Terminal.

 

IN CASE OF ERROR:

For some people, Matplotlib might be missing like you can see in the picture below.

bejj51w-imgur-2to solve the problem just type in Terminal “sudo apt-get install matplotlib”

and you should be ready to go.

 

Using Wifiphisher with deAuth (2x Wifi-Adapters needed)

1. So you open Wifiphisher by typing “wifiphisher” in the Terminal and you will be able to see the following window.

an7hqfv-imgur-3here you can choose which Wifi-Device you want to attack. I guess it is obvious which one we are going to attack in this example.

P.S. Always make sure to attack connections with clients on it otherwise you will wait till the sun goes up again

 

2. Here we have the 4 phishing options that we can use.

y1zgvva-imgur-4Choose depending on what device your target has and what you want to accomplish.

– If you want to Phish the Wifi-Password options 1 & 2 are great especially option 2 supports mobile devices which are great in case your target uses a mobile phone to reconnect to the Internet.

9am3fig-imgur-5– If you want to drop a payload on your targets device make sure to use option 3. This option falsifies a browser update and serves your target with a Payload instead.

– If you want to phish Facebook LogIn information option 4 is the one to go with. It has a great template that looks almost tempting to use.

lnaaug3-imgur-6

3. Now that you chose your option just wait until your target reconnects to the Fake-Wifi-Spot created by you. Since you sent him deAuth-Packages he has to reconnect in order to be able to use the Internet.

6xiofpv-imgur-7The moment your Target connects his information will be displayed to you…

ve9rnb8-imgur-8Once the Target types in his/her Information those will be displayed to you in RED.

 

Using Wifiphisher without deAuth (only Facebook-Phishing)

Since we don´t have 2 Wifi-Adapters we can not send deAuth-Packages in order to FORCE your target off his router.

This is a great tool for public places like a Starbucks or the library. Since people are always looking for “FREE” Internet they also become very vulnerable to Phishing.

1. In this case, you can not start Wifiphisher by just typing in “wifiphisher” like previously.

Type in the command “wifiphisher -nJ -e ANY_NAME-YOU_WANT”  like in the picture below…

9ppld6z-imgur-9The -nJ stands for the NoJamming-Option which starts Wifiphisher without the intention to “Jam” any target at all.

 

2. Now selects Option 4. which is the Facebook-Phishing option and let the good times role.

 

3. The rest will be pretty much just as previously mentioned.

 

wrddf9i-imgur-10

I hope you guys enjoyed it. Follow me on Facebook, Twitter, and my BloG

 

This is for educational purposes only. Following these actions is extreme illegal behavior and will be prosecuted. So ALWAYS use a “LAB” environment or have the legal authority to follow these actions. I am not legally liable for any of your behavior.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. nice tutorial

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel