Created for pen-testing, the tool can be used by attackers

Jan 6, 2015 00:08 GMT  ·  By
Wifiphisher resorts to social engineering to obtain the WiFi password
4 photos
   Wifiphisher resorts to social engineering to obtain the WiFi password

A security engineer released a tool that makes stealing the password for a WiFi network easier, by serving the victim a phishing page for typing in the secret key.

Called Wifiphisher, the utility has been created by George Chatzisofroniou and it is intended for penetration testing purposes, but it can also be used by an attacker.

Victims are forced to connect to a rogue router

The attack has three stages and begins by scanning the area for the targeted network and impersonating it; then it knocks the victim off the connection by throwing deauth packets to both the access point and the client.

Once this is done, Wifiphisher provides the victim access to the rogue access point that mimics the real one.

For this, the attacker needs to know the type of device the client connects to; this is not difficult to find out and it can be done based on the signature emitted by the device. Several free tools, including for mobile devices, are available, providing this type of information without the need to connect to the router.

According to the security engineer, the tool “also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed [man-in-the-middle attack].”

No brute-forcing is required

The third phase of the attack consists in serving the victim the phishing page to enter the password for the legitimate WiFi connection, which actually lands in the hands of the attacker.

Wifiphisher includes a basic web server that is able to respond to both HTTP and HTTPS requests, thus allowing the delivery of the rogue web page when the client tries to access the web.

To eliminate suspicions, Chatzisofroniou said in the description of the tool that the page could pretend to be the result of a router firmware update alert that requires the password to the WiFi connection.

The tool has been designed to work on Kali Linux, an operating system based on Debian that is mostly used by penetration testers and in digital forensics activities.

The OS can also be used to run Metasploit, a framework for developing exploit modules, as well as executing them to assess the vulnerability level of a machine or network.

By relying on social engineering tactics, Wifiphisher basically eliminates the need to resort to brute-forcing in order to get the password.

Photo Gallery (4 Images)

Wifiphisher resorts to social engineering to obtain the WiFi password
Wifiphisher scans for the targeted access pointA fake router administration page is served, asking for the WiFi password
+1more