How to Get Wifi Passwords with Wifiphisher

How to Get Wifi Passwords with Wifiphisher

·

4 min read

Educational purposes only

There are many ways to hack Wi-Fi, today we are going to show you how to hack any WiFi password using Wifiphisher. The beauty of Wifiphisher is that it can hack WPA/WPA2 protected Wi-Fi networks without cracking.

Without much ado, here is how you should go about how to hack Wi-Fi password without cracking using Wifiphisher.

What is WiFiphisher?

Wifiphisher is a security tool that mounts automated phishing attacks against WiFi networks in order to obtain secret passphrases that people use to lack their Wi-Fi networks. Basically, it is a social engineering tool unlike other methods which use brute force attacks. Wifiphisher presents a very easy way of obtaining WPA/WPA2 protected secret passwords.

How does it work?

WiFiphisher creates an evil twin AP, then de-authenticate or DoS the user from their real AP. The Wi-Fi user logs in to find the Wi-Fi needs re-authentication and that is where Wifiphisher works great. The Wifiphisher redirects the Wi-Fi user to fake AP with the same SSID.

After connecting with fake AP, the owner of the Wi-Fi network will see a legitimate looking webpage that requests him/her to input password to “Upgrade firmware.” When the user enters the password in the cloned web page, it is reported back to the hacker without the knowledge of the Wi-Fi user. User allowed further to access the internet from fake evil twin AP, so they can’t feel anything suspicious.

The Wi-Fi owner goes about surfing the internet obvious to the fact that you have hacked his/her Wi-Fi password using Wifiphisher.

Requirements to Hack Wi-Fi using Wifiphisher Hacking tool

  • PC/laptop running on Kali LINUX

  • Download Wifiphisher from GitHub.

Step 1: Install or Update Python Screen Shot 2021-09-02 at 1.37.50 PM.png First, you have to install or update “python” in Kali LINUX. Open the terminal and type below command

apt-get install python

Step 2: Unpack Wifiphisher script After installing python, you have to unpack the Wifiphisher.

kali > tar -xvzf /root/wifiphisher-1.1.tar.gz

Alternatively, you can clone the code from GitHub by typing:

kali > git clone github/sophron/wifiphisher.git

Screen Shot 2021-09-02 at 1.38.53 PM.png

Step 3: Navigate to the directory

Navigate to the directory where Wifiphisher has been installed.To navigate type below command in terminal.

sudo cd wifiphisher/

Screen Shot 2021-09-02 at 1.41.12 PM.png Now confirm the name of the script. To confirm the name of script, type

ls -l

Step 4: Run the Script “wifiphisher.py

To run script type below commands in terminal and hit enter.

python wifiphisher.py

Screen Shot 2021-09-02 at 1.42.22 PM.png

Once installed the first time you run the script, it will likely tell you that “hostapd” is not found and will prompt you to install it. Install by typing “y” for yes. It will then proceed to install hostapd.

When it has completed, once again, execute the Wifiphisher script.

kali > python wifiphisher.py

This time, it will start the web server on port 8080 and 443, then go about and discover the available Wi-Fi networks. Wifiphisher will get to work and list all the Wi-Fi networks it has discovered.

Step 5: Select AP and Get the Password

From the listed Wi-Fi networks, select your target AP. To select target just press ctrl+c (to stop scanning) and type “num” of AP. After entering num hit enter. The Wifiphisher will show you the target APs SSID and Mac address. Now let the Wifiphisher do its magic and clone this SSID while jamming the real AP. Once this process is completed, the Wifiphisher will direct the original owner of the Wi-Fi network to the cloned page and ask them to re-authenticate their login credentials.

After connecting to evil twin AP, Wifiphisher serves a legitimate looking proxy 10.0.0.58 web page and display a message to the Wi-Fi owner that his/her firmware is being upgraded and they should enter their username and passphrase.

When the user enters their password, it will be passed to you through the Wifiphisher open terminal. Thus Wifiphisher does its job without cracking or even letting the Wi-Fi user know he/she has been hacked.