Dear readers of Tecnogalaxy, today we will talk about the Wifiphisher tool to discover the password of a wireless network WPA-WPAS2 without needing any dictionary.

This technique is really fast, everything is based on phishing. It’s a classic attack based on social engineering, unlike other attacks, it doesn’t use brute force.

As Wifiphisher works, it creates a twin AP (said in evil AP technical jargon), forcing the disconnection of all clients connected to the original AP.

When clients reconnect to the fake AP, they will be redirected to a web page that will ask for the password to update the firmware, once inserted the Wifiphisher password will show it in clear.

Let’s not waste time and go straight to our test, as always we will use our dear friend Kali Linux!

Discovering the password of a wireless network

Let’s open a shell and write:

apt-get install python

Let’s place ourselves on the desktop to clone the tool, in my case, is:

cd Desktop
git clone https://github.com/sophron/wifiphisher.git
cd wifiphisher

Write ls -l to see the content.

Run the tool:

python wifiphisher.py
How to find the password of a wireless network

Confirm with “y” and restart the tool:

python wifiphisher.py

Wifiphisher will show us all the wireless networks, to test a network we stop scanning by pressing the ctrl + c keys and enter the corresponding network number that we want to test and press send.

Now social engineering comes into play, (unlike other tests seen in previous articles, we don’t have to do anything), Wifiphisher will manage this part.

If the test has been successful, as soon as the user enters the password, Wifiphisher will show it to us in clear and the user will be routed on the internet as if nothing had happened.

How can we defend ourselves against this attack?

As always pay close attention to the messages that are displayed on our device, whether we are browsing or watching a video in our home and our device has strange behaviour (for example a sudden disconnection) followed by a message like the one seen in our test, the thing to do immediately verifies the origin of the URL to see if it is real.

If we connect to our router the IP that we have to enter in the browser will be 192.168.1.1, if we analyze instead the URL of the received message, we will see that the IP will be different.

Have fun, let’s see in the next article.

N.B.: I do not assume any responsibility for the use you make of the guide, as it is written for didactic and formative use.

Read also:

Join @tecnogalaxyorg on Telegram

Was this article helpful to you? Help this site to keep the various expenses with a donation to your liking by clicking on this link. Thank you!

Follow us also on Telegram by clicking on this link to stay updated on the latest articles and news about the site.

If you want to ask questions or talk about technology you can join our Telegram group by clicking on this link.

© Tecnogalaxy.org - It is forbidden to reproduce the content of this article.