Get Anyone's Wi-Fi Password Using Wifiphisher

[full_width]

The idea here is to create an evil twin AP , then de-authenticate or DoS the user from their real AP. When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of a "firmware upgrade." When they provide their password, you capture it and then allow them to use the evil twin as their AP, so they don't suspect a thing. Brilliant!

To sum up, Wifiphisher takes the following steps:

1. De-authenticate the user from their legitimate AP.
2. Allow the user to authenticate to your evil twin.
3. Offer a webpage to the user on a proxy that notifies them that a "firmware upgrade" has taken place, and that they need to authenticate again.
4. The Wi-Fi password is passed to the hacker and the user continues to the web oblivious to what just happened.

Similar scripts have been around for awhile, such as Airsnarf, but this new Wifiphisher script is more sophisticated. In addition, you could always do this all manually, but now we have a script that automates the entire process.

To do this hack, you will need Kali Linux and two wireless adapters, one of which must be capable of packet injection. Here, we used Alfa AWUS036H. You may use others, but before you do, make certain that it is compatible with Aircrack-ng (packet injection capable). Please do NOT post questions on why it doesn't work until you check if your wireless adapter can do packet injection. Most cannot.

Now let's take a look at Wifiphisher.

When the victim request a web page the tool will serve the victim a fake router configuration page, similar the original one, that will demand for WPA password confirmation due to a router firmware upgrade.

When the user enters their password, it will be passed to you through the Wifiphisher open terminal, as seen below. The user will be passed through to the web through your system and out to the Internet, never suspecting anything awry has happened.