Professional Documents
Culture Documents
wifiphisher
wifiphisher
SYNOPSIS
wifiphisher [Options]
OPTIONS
This options summary is printed when Wifiphisher is run with no arguments.
Advanced users may edit wifiphisher/constants.py for deeper configuration.
DESCRIPTION
Wifiphisher is a security tool that mounts automated phishing attacks against
Wi-Fi networks in order to obtain credentials or infect the victims with malwares.
It is a social engineering attack that can be used to obtain WPA/WPA2 secret
passphrases and unlike other methods it does not include any brute forcing. It is
an easy way for obtaining credentials from social networks or other third party
login pages.
2. Victim joins a rogue Access Point. Wifiphisher sniffs the area and copies
the target Access Point's settings. It then creates a rogue wireless Access Point
that is modeled by the target. It also sets up a NAT/DHCP server and forwards the
right ports. Consequently, because of the jamming, clients will start connecting to
the rogue access point. After this phase, the victim is MiTMed.
PHISHING SCENARIOS
Wifiphisher supports community-built templates for different phishing
scenarios, such as:
ii) context: This section is optional and holds user-defined variables that may
be later injected to the template.
Example
-------
Placeholders
------------
The HTML files may also contain some special syntax (think placeholders)
describing how dynamic content will be inserted. The dynamic contect may originate
from two sources:
i) Beacon frames. Beacon frames contain all the information about the target
network and can be used for information gathering. The main process gathers all the
interesting information and passes them to the chosen template on the runtime.
At the time of writing, the main process passes the following data:
Note that the above values may be 'None' accordingly. For example, all the
target_* values will be None if there user did not target an Access Point (by using
--essid option). The 'target_ap_logo_path' will be None if the logo of the specific
vendor does not exist in the repository.
ii) The config.ini file (described above). All the variables defined in the
"Context" section may be used from within the template files.
In case of naming conflicts, the variables from the configuration file will
override those coming from the beacon frames.
Logging credentials
-------------------
In order for wifiphisher to know which credentials to log, the values of the
'name' HTML attributes need to be prefixed with the 'wfphshr' string. During POST
requests, wifiphisher will log all variables that are prefixed with this string.
Example
-------
> <p> Dear {{ victim_name }}, This is a message from {{ ISP }}.
> A problem was detected regarding your {{ target_ap_vendor }} router. </p>
> <p> Please write your credentials to re-connect over PPPOE/PPPOA.</p>
> <input type="text" name="wphshr-username"></input>
> <input type="text" name="wphshr-password"></input>
In this example, 'victim_name' and 'ISP' variables come from config.ini, while
'target_ap_vendor' variable is from the beacon frames. Both "wphshr-username" and
"wphshr-password" will be logged.