Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. Using Wifiphisher, penetration testers can easily achieve a man-in-the-middle position against wireless clients by performing targeted Wi-Fi association attacks. Wifiphisher can be further used to mount victim-customized web phishing attacks against the connected clients to capture credentials (e.g. from third-party login pages or WPA/WPA2 Pre-Shared Keys) or infect the victim stations with malware.
How does it work?
WifiPhisher sends the infinite packet to deauthenticate all traffic or the wifi device and in between it creates a fake Dynamic Host Configuration Protocol (DHCP) server and broadcasts the SSID which is similar to the realistic SSID. So when the victim tries to connect to the internet, the wifi phisher served the fake page on the victim’s screen asking for the credentials, and when the victim fills in their credentials on the input form so that ‘he addresses the attacker.
How to download and install the wifiphisher?
First of all, we need to download the wifiphisher tool so type the below command in your terminal
git clone https://github.com/wifiphisher/wifiphisher.git
Now change the directory to wifiphisher so run the below commands
Then install the wifi hacking tool so Execute the below commands on your terminal.
sudo python3 setup.py install
After that run the wifiphisher tool, Once you run this tool will show the surrounding WiFi networks
Now you need to select which WiFi network you want to hack, after choosing the target wifi the terminal will be the below image
Now you choose which option you want to need. but i preferred the fourth option
When you will select the 4th option then the all WiFi clients will be disconnected from their network and when they will try to access again a firmware update page will be open on display which will ask for credentials.
Once your victims enter the WiFi password means that will be shown on your terminal. as shown in the below image