WiFi-Phisher tool uses “Evil Twin” attack scenario. Same as Evil Twin, the tool first creates a phony wireless Access Point (AP) masquerade itself as the legitimate WiFi AP. It then directs a denial of service (DOS) attack against the legitimate WiFi access point, or creates RF interference around it that disconnects wireless users of the connection and prompts users to inspect available networks. Once disconnected from the legitimate WiFi access point, the tool then force offline computers and devices to automatically reconnects to the evil twin, allowing the hacker to intercept all the traffic to that device. The technique is also known as AP Phishing, WiFi Phishing, Hots potter, or Honeypot AP. These kind of attacks make use of phony access points with faked login pages to capture user’s WiFi credentials, credit card numbers, launch man-in-the-middle attacks, or infect wireless hosts. As soon as the victim requests any web page from the internet, WiFi-Phisher tool will serve the victim a realistic fake router configuration looking page that will ask for WPA password confirmation due to a router firmware upgrade. The tool, thus, could be used by hackers and cyber criminals to generate further phishing and man-in-the-middle attacks against connected users.
Requirements :
- Kali Linux.
- Two wireless network interfaces, one capable of injection
Usage
| Short form | Long form | Explanation |
|---|---|---|
| -m | maximum | Choose the maximum number of clients to deauth. List of clients will be emptied and repopulated after hitting the limit. Example: -m 5 |
| -n | no update | Do not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n |
| -t | timeinterval | Choose the time interval between packets being sent. Default is as fast as possible. If you see scapy errors like ‘no buffer space’ try: -t .00001 |
| -p | packets | Choose the number of packets to send in each deauth burst. Default value is 1; 1 packet to the client and 1 packet to the AP. Send 2 deauth packets to the client and 2 deauth packets to the AP: -p 2 |
| -d | directedonly | Skip the De-authentication packets to the broadcast address of the access points and only send them to client/AP pairs |
| -a | accesspoint | Enter the MAC address of a specific access point to target |
| -jI | jamming interface | Choose the interface for jamming. By default script will find the most powerful interface and starts monitor mode on it. |
| -aI | apinterface | Choose the interface for the fake AP. By default script will find the second most powerful interface and starts monitor mode on it. |
