蹭网利器-WiFi安全测试工具
本帖最后由 微笑smile 于 2015-1-7 07:02 编辑Requirements
Kali Linux.
Two wireless network interfaces, one capable of injection.
WiFiPhisher原理
1.它会先创建一个伪造的无线访问接入点(AP)并把自己伪装成一个合法的WiFi AP,然后向合法无线访问接入点(AP)发动DoS攻击,或者在其周围创建一个射频干扰。
总而言之,原理是让用户设备断开原有无线连接,这样用户就会查找附近有没有可用的无线网络,从而就有可能连接到假的AP上。
Targeting an access point
A successful attack
2.一旦用户断开了原有合法无线连接之后, 然后用户设备会重新自动连接到WiFiPhisher制造的伪造AP上。在做足了一系列的准备工作之后,攻击者就可劫持目标设备上的网络流量了。
这种技术也被称为AP Phishing,WiFi Phishing,Hotspotter或者 Honeypot AP。这些技术都是利用虚假接入点的虚假登录界面捕获用户的WiFi密码、信用卡号,发动中间人攻击或者入侵无线主机。
3.无论受害者访问什么页面,WiFiPhisher都会向受害者提供一个很逼真的路由器配置更改界面,并称由于路由器固件更新需修改路由器密码……
Fake router configuration page
由于该工具可能会被恶意攻击者非法利用,所以它一直备受争议。目前WiFiPhisher只支持Kali Linux系统
下载地址:
**** Hidden Message *****
下面是英文简介:
==============================================================================================
Wifiphisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining WPA credentials.
Wifiphisher works on Kali Linux and is licensed under the MIT license.
From the victim's perspective, the attack makes use in three phases:
1.Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point's wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.
2.Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point's settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.
3.Victim is being served a realistic router config-looking page. wifiphisher employs a minimal web server that responds to HTTP & http requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for WPA password confirmation due to a router firmware upgrade.
==============================================================================================
:P:lol奸诈 路过~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 支持。谢谢 谢谢分享 会用?我不会用,, 谢谢分享~ 大哥,原理我倒是看懂了,但是怎么样具体使用能不能说一下,最好是弄一个教程,发下小弟邮箱1012427372@qq.com 那么好源呢? 在BF上看了 觉得和钓鱼一样啊