Learn Penetration Testing
上QQ阅读APP看书,第一时间看更新

Wifiphisher

Phishing does not only involve specially crafted emails and attachments. WiFi access points can be used to launch a phishing campaign against targets. There are multitudes of wireless networks available, with many of them being open to provide free access to the internet. Wifiphisher is a tool that allows you to mount automated phishing attacks against wireless networks in order to steal credentials or drop a payload such as malware. Wifiphisher is capable of using modern attack techniques such as KARMA, Known Beacons, and Evil Twin:

  • Known Beacons: This technique allows Wifiphisher to broadcast ESSIDs that are known
  • KARMA: This is a technique where Wifiphisher masquerades as a public network
  • Evil Twin: This technique creates rogue access points

Some of the main features of Wifiphisher are as follows:

  • The ability to run on devices such as a Raspberry Pi.
  • It's extremely flexible in that it supports a multitude of arguments and uses community-driven phishing templates, which can be used for various scenarios.
  • It allows you to write simple or complicated modules that are based on Python. Wifiphisher allows you to write your own custom phishing scenarios that you can leverage in targeted penetration tests.
  • It's simple to use, since it allows you to run the ./bin/wifiphisher command. This will bring up an interactive text interface to help you build an attack.

A list of available phishing scenarios are shown in the following screenshot:

Figure 2: List of available phishing scenarios in Wifiphisher

At the time of writing, Wifiphisher is currently supported on Linux, with Kali Linux as its officially supported distribution. In order to use Wifiphisher, you must have a wireless network card that is capable of packet injection and supports monitoring mode. We will explore this in depth in Chapter 9, Getting Started with Wireless AttacksWifiphisher is not installed by default in Kali Linux 2019.1. 

Wifiphisher can be installed using the following command: 

apt-get install Wifiphisher