George Chatzisofroniou has published a new
Method for häçking WPA/WPA2 Security
using a WiFi social engineering tool designed
to s†éál credentials from users of secure
wireless networks.
The administrator at the University of Greece
developed the WiFiPhisher tool which is used
to discover and replicate WPA-protected
networks, sans password.
The tool, can be downloaded from GitHub here
and works by producing a number of
deauthorisation packets at a legitimate access
point jamming it and prompting users to
inspect available networks.
Users will see the malicious network posing as
their trusted access point.
“WiFiPhisher is a security tool that
mounts fast automated phishing
attacks against WPA networks in order
to obtain the secret passphrase [and]
does not include any brute forcing,”
Chatzisofroniou @_sophron said.
“WifiPhisher sniffs the area and copies
the target access point’s settings [and]
creates a rogue wireless access point
that is modeled on the target.”
“As soon as the victim requests a page
from the internet, WifiPhisher will
respond with a realistic fake page that
asks for WPA password confirmation
due to a router firmware upgrade.”
Wifiphisher is a security tool that mounts
fast automated phishing attacks against WPA
networks in order to obtain the secret
passphrase. It is a social engineering attack
that unlike other methods it does not include
any brute forcing. It is an easy way for
obtaining WPA credentials.
From the victim’s perspective, the attack
makes use in three phases:
1.) Victim is being deauthenticated from their
access point. Wifiphisher continuously jams
all of the target access point’s wifi devices
within range by sending deauth packets to the
client from the access point, to the access
point from the client, and to the broadcast
address as well.
2.) Victim joins a rogue access point.
Wifiphisher sniffs the area and copies the
target access point’s settings. It then creates
a rogue wireless access point that is modeled
on the target. It also sets up a NAT/DHCP
server and forwards the right ports.
Consequently, because of the jamming, clients
will start connecting to the rogue access
point. After this phase, the victim is
MiTMed.
3.) Victim is being served a realistic router
config-looking page. wifiphisher employs a
minimal web server that responds to HTTP &
HTTPS requests. As soon as the victim
requests a page from the Internet, wifiphisher
will respond with a realistic fake page that
asks for WPA password confirmation due to a
router firmware upgrade.
Method for häçking WPA/WPA2 Security
using a WiFi social engineering tool designed
to s†éál credentials from users of secure
wireless networks.
The administrator at the University of Greece
developed the WiFiPhisher tool which is used
to discover and replicate WPA-protected
networks, sans password.
The tool, can be downloaded from GitHub here
and works by producing a number of
deauthorisation packets at a legitimate access
point jamming it and prompting users to
inspect available networks.
Users will see the malicious network posing as
their trusted access point.
“WiFiPhisher is a security tool that
mounts fast automated phishing
attacks against WPA networks in order
to obtain the secret passphrase [and]
does not include any brute forcing,”
Chatzisofroniou @_sophron said.
“WifiPhisher sniffs the area and copies
the target access point’s settings [and]
creates a rogue wireless access point
that is modeled on the target.”
“As soon as the victim requests a page
from the internet, WifiPhisher will
respond with a realistic fake page that
asks for WPA password confirmation
due to a router firmware upgrade.”
Wifiphisher is a security tool that mounts
fast automated phishing attacks against WPA
networks in order to obtain the secret
passphrase. It is a social engineering attack
that unlike other methods it does not include
any brute forcing. It is an easy way for
obtaining WPA credentials.
From the victim’s perspective, the attack
makes use in three phases:
1.) Victim is being deauthenticated from their
access point. Wifiphisher continuously jams
all of the target access point’s wifi devices
within range by sending deauth packets to the
client from the access point, to the access
point from the client, and to the broadcast
address as well.
2.) Victim joins a rogue access point.
Wifiphisher sniffs the area and copies the
target access point’s settings. It then creates
a rogue wireless access point that is modeled
on the target. It also sets up a NAT/DHCP
server and forwards the right ports.
Consequently, because of the jamming, clients
will start connecting to the rogue access
point. After this phase, the victim is
MiTMed.
3.) Victim is being served a realistic router
config-looking page. wifiphisher employs a
minimal web server that responds to HTTP &
HTTPS requests. As soon as the victim
requests a page from the Internet, wifiphisher
will respond with a realistic fake page that
asks for WPA password confirmation due to a
router firmware upgrade.
