We need to get the password from Wi-Fi, but there’s no time to hack it?
To help you in these situations, I’ll cover a virtually guaranteed way to get a Wi-Fi password without having to hack into it with Wifiphisher.
Chatex is the best exchanger on the telegram.
Wifiphisher Strategy Stages
The idea is to create a fake access point and then deauthenticate the user from the original access point (a DoS attack would be fine for that). After reconnecting, he will get to your fake access point with the same SSID and will see a seemingly real web page asking for a password due to “firmware update”. Once the password is entered, you will intercept it and allow it to use the evil twin as a real access point so it won’t suspect anything. Perfect plan!
This way, Wifiphisher performs the following actions:
- Eject a user from a real access point.
- Gives him access to your fake AP.
Displays a web page to the user notifying them of a successful “firmware update” and the need to re-enter their credentials.
Transfers the hacker the password from Wi-Fi, while the unsuspecting user continues to surf the Internet peacefully.
Such scripts are not something new to take at least Airsnarf. But Wifiphisher is advantageously different from them by its advancement. This automatic script greatly simplifies your work, but you can always do the above steps manually if you want.
To achieve your goal, you will need Kali Linux and two wireless adapters, one of which can perform packet injection. In this case, I used the Alfa AWUS036H model. You can also choose other adapters, but before you do that, make sure that they are compatible with Aircrack-ng (support packet injection).
Please don’t complain that nothing is working until you check your wireless adapter and make sure it is capable of performing packet injections. Most models do not have this capability.
Now, let’s take a look at Wifiphisher.
Step 1: Download Wifiphisher
First, launch Kali and open the terminal. Then download Wifiphisher and unpack the code.
kali > tar -xvzf /root/wifiphisher-1.1.tar.gz
In addition, you can copy code from GitHub by running the following command:
kali > git clone https://github/sophron/wifiphisher.
Step 2: Open the utility directory
Next, go to the directory that the Wifiphisher application created during the unpacking process. In my case, this is /wifiphisher-1.1.
kali > cd wifiphisher-.1.1
As you look through the contents of this directory, you will see the script wifiphisher.py.
kali > ls -l
Step 3: Run the script.
You can run the Wifiphisher script using this command:
kali > python wifiphisher.py
Note that I put the name of the interpreter before the script name – python.
At the first run, the script will most likely tell you that “hostapd” is not found and offer to install it. To start installing hostapd, type “y” (yes).
Once the installation is complete, run the Wifiphisher script again.
kali > python wifiphisher.py
This time it will run a web server on port 8080 and 443 and then find all available Wi-Fi networks.
You will then see a list of all Wi-Fi networks detected on your screen. In my example, the utility was able to find a network called “wonderhowto”. This will be the target of our attack.
Step 4: Start the attack and you will receive the password.
Press Ctrl + C on your keyboard and the application will ask you for the number of the access point you want to attack. In my case, this is point number 12.
After pressing Enter, Wifiphisher will show you the page that you can see in the screenshot below. This means that the interface is now in use and cloning the SSID and attacking the selected AP.
The user will be disconnected from his access point. During the reconnection it will be directed to our fake AP.
As soon as this happens, the proxy on the web server will intercept the request and slip the user a fake login page informing them about installing a new firmware version of the router and the need for re-authentication.
As you can see, I entered my password (nullbyte) and clicked Submit.
When the user enters his password, it will be transmitted to you via an open Wifiphisher terminal. The utility will then let the user into the Internet through your system so that they do not suspect anything.
Now you can get even the most complex password from Wi-Fi ! Do not forget to sometimes come back to us for interesting new articles on various methods of hacking !