Hello
friends! Today we are going demonstrate WIFI- Phishing attack by using very
great tool “WIFIphisher”, please read its description for more details.
Wifiphisher is a security tool that mounts automated
victim-customized phishing attacks against WiFi clients in order to obtain
credentials or infect the victims with malwares. It is primarily a social
engineering attack that unlike other methods it does not include any brute
forcing. It is an easy way for obtaining credentials from captive portals and
third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.
Requirement
·
Kali Linux.
·
Two wifi adapter; one that supports AP mode and
another that supports monitor mode.
Wifiphisher Working
After achieving a
man-in-the-middle position using the Evil Twin or KARMA attack, Wifiphisher
redirects all HTTP requests to an attacker-controlled phishing page.
From
the victim's perspective, the attack makes use in three phases:
1.
Victim
is being deauthenticated from her access point. Wifiphisher continuously
jams all of the target access point's wifi devices within range by forging
“Deauthenticate” or “Disassociate” packets to disrupt existing associations.
2.
Victim
joins a rogue access point.
Wifiphisher sniffs the area and copies the target access point's settings. It
then creates a rogue wireless access point that is modeled by the target. It
also sets up a NAT/DHCP server and forwards the right ports. Consequently,
because of the jamming, clients will eventually start connecting to the rogue
access point. After this phase, the victim is MiTMed. Furthermore, Wifiphisher
listens to probe request frames and spoofs "known" open networks to
cause automatic association.
3.
Victim
is being served a realistic specially-customized phishing page. Wifiphisher employs a
minimal web server that responds to HTTP & HTTPS requests. As soon as the
victim requests a page from the Internet, wifiphisher will respond with a
realistic fake page that asks for credentials or serves malwares. This page
will be specifically crafted for the victim. For example, a router
config-looking page will contain logos of the victim's vendor. The tool
supports community-built templates for different phishing scenarios.
Let’s start!!!
Open the terminal in your Kali Linux and type following
command for downloading wifiphisher from git hub.
git clone
https://github.com/wifiphisher/wifiphisher.git
Once it get downloaded run python file to install its setup and
dependency as shown below:
cd wifiphisher/
python setup.py
install
Now run the script by typing wifiphisher on terminal to launch wifi-phishing attack which as
similar as social engineering.
Here it will fetch all interfaces
as shown in given image and let attacker to choose any one ESSID/BSSID of the
target network and try to trap victim by performing phishing. It will also perform
both Evil Twin and KARMA attacks.
From list of interface, I
had targeted “iball-baton” to trap the victim connect from it.
After than you will get 4 phishing scenarios to trap your
target as given below:
1.
Firmware Upgrade page
2.
Network Manager connect
3.
Browser plugin update
4.
Oauth login Page
Now let’s go through each phishing scenario one by one starting
from 1st option.
Firmware Upgrade
page: A router configuration page without logos or brands asking for
WPA/WPA2 password due to a Firmware Upgrade page.
The victim may consider it as an official
notification and go for upgrading by submitting his WIFI password. As the
victim enter the password for WPA/WPA2 and click on start upgrade, he will get
trap into fake upgrade process.
Great!!
You can confirm the WPA/WPA2 password as shown in given below image, it is
showing WPA –password: ram123456ram
Once again repeat the same step to select ESSID.
Now let us go through another phishing scenario from 2nd option.
Network Manager
Connect: Imitates the behavior of the network manager. This templates
show’s chrome “connection Failed” page and displays a network manager window
through the page asking for pre=shared key. Currently, the network managers of
windows and Mac Os are supported.
Now when the victim will open browser he will get a fake page for
“connection failed” and more over a fake window for network manager.
Here
target will click on “connect” to reconnect with interface.
It asks to enter the password for connection with selected
interface while at background the attacker will captured the WPA/WPA2
password.
Great!! Again you can confirm the WPA/WPA2 password
as shown in given below image, it has captured WPA –password: ram123456ram
Repeat same step to choose ESSID for attack.
Browser plugin
update: A generic browser plugin update page that can be used to serve
payloads to the victims.
It will create an exe payload and run multi handler in
background for reverse connection of victim system.
Now when
again victim will open browser he will get another fake page for Update plugins
as shown in given image where it recommended to update the flash player which
is outdated.
Now when the victim will click on Update Now, it will start downloading an update.exe file into
victim’s system which is nothing but an exe backdoor file for making
unauthorized access in his system.
Awesome!!
Attacker will get reverse connection of target’s system, from given below image
you can see it has open meterpreter session 1.
Repeat same step to choose ESSID for attack.
Now move forward with its last option i.e. 4th
option.
OAuth Login Page:
A free WI-FI service asking for facebook credential to authenticate using
OAuth.
At this time when victim will open browser he may get trap
into phishing page set as “Get Connect to the Internet For free” as shown in
given image.
So when victim will enter his facebook credential for
accessing free internet he will get trap in that phishing attack.
Here you can see as victim enters username with password and
click on login for facebook connection he got an error message mean while
attacker has capture victim’s facebook credential.
0 comments:
Post a Comment