today we are going to show you How to Hack WiFi using wifiphisher – WPA | WPA2.WiFiphisher is fast attack and reveals password within plenty of time, doesn’t matter how much password is long or complex.No need of any dictionaries, no more brute force .wifiphisher technique is really fast, so let’s get started.

What is WiFiphisher?
Wifiphisher is a security tool that mounts automated phishing attacks against WiFi networks in order to obtain secret passphrases or other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.

How does it work?
WiFiphisher creates an evil twin AP, then DoS all user from AP and when users re-authenticate, they redirected to fake AP with the same SSID.After connecting with fake AP, they will see a legitimate looking webpage that requests their password to “Upgrade firmware”.When the user enters password in our wifiphishing page, we capture their password and user allowed further to access the internet from fake evil twin AP, so they can’t feel anything suspicious.

Requirements to Hack WiFi using wifiphisher Hacking tool – WPA | WPA2 :

  • PC running with Kali LINUX(if you don’t have Kali LINUX then download it from here and also read its basics) .You can also consider wifislax.
  • 2 wireless adapters, one of which must be capable of packet injection. I used Alfa AWUS036H for wifiphisher because it is compatible with Aircrack-ng (packet injection capable).

Step 1: apt-get install python
Step 2: git clone https://github/sophron/wifiphisher.git
Step 3: sudo cd wifiphisher/
Step 4: python wifiphisher.py
Step 5: When it has completed, it will list all the Wi-Fi networks it has discovered.Select your target AP, to select target just press ctrl+c(to stop scanning) and type “num” of AP.

Now after entering num, hit enter.You will see APs SSID and mac, it actually indicating that this SSID is going to be cloned.And real AP is being jammed by wifiphisher script.In this process, directed users connect to AP will be de-authenticated and.when they re-authenticate, Th direct to the the cloned evil twin access point.

After connecting to evil twin AP ,wifiphisher serves a legitimate looking proxy 10.0.0.58 webpage and display a message that firmware upgrade has taken place on their router and they must re-authenticate.

When the user enters their password, it will be passed to you through the Wifiphisher open terminal, as seen below and our evil AP will provide further internet access,s o user can’t find anything suspicious.

above command will start the script .Now it will ask for “hostapd”, you need to install hostapd. Proceed it by typing ” y ” means yes.It will install hostapd for you.

Leave a Reply