A new tool for stealing Wi-Fi credentials has hit Github: Wifiphisher mounts automated phishing attacks against WPA networks, based on social engineering. Its author claims that unlike other methods for gaining account access, it does not use any brute-forcing.
Wifiphisher works by first de-authenticating a user from his or her access point, then re-authenticating back to a rogue, malicious AP. From there, the user is subjected to a man-in-the-middle attack to capture credentials.
“Wifiphisher continuously jams all of the target access point's Wi-Fi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well,” explained the developer. “Wifiphisher sniffs the area and copies the target access point's settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point.”
Essentially, the victim only knows that he or she has suffered a dropped connection—a commonplace occurrence in public Wi-Fi that isn’t likely to arouse suspicion. Then, Wifiphisher serves up a realistic connection page purporting to be from a legitimate public AP, which asks for WPA password confirmation due to a router firmware upgrade.
“Wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests,” explained the developer.
The tool works on Kali Linux and is licensed under the MIT license, and its author is positioning it as though it were a legitimate security tool.
“If you are a Python developer or a web designer you can help us improve wifiphisher. Feel free to take a look at the bug tracker for some tasks to do,” he wrote on the Github page. “The script is based on an idea from Dan McInerney. The parts for the jamming and selecting an AP have also been taken from his scripts wifijammer and fakeAP.”