Wifiphisher is a program for gaining unauthorized access to WiFi. It does not use dictionary-based password matching, but instead uses social engineering to deceive the "victim". The source code is available at github. Wifiphisher for Windows also exists as a compiled command line utility, but only works with certain wireless adapters.
The application puts the wireless adapter into hotspot mode, duplicating the data (SSID) of the access point under attack. After that it sends a signal with a predetermined frequency to deauthenticate other clients connected to the router, which is planned to be hacked. They can not reconnect because Wifiphisfer "clogs" the channel with noise.
After that the "victim" trying to solve the problem with WiFi access finds a fake access point (its SSID will be the same). When trying to connect to it, the user is prompted to re-enter the password. If the user does that, this data is immediately sent to the Wifiphisher, the dummy hotspot is disabled, sending the signal for deauthorization is also disabled.
- receives service information about all wireless networks in the visible area;
- determines the encryption type of the WiFi network under attack;
- implements custom phishing scripts (to emulate the access point password interface).
The utility is not bundled by default with Kali Linux
. It can also be installed on Android via the terminal emulator (on Android 5 and above). The application includes instructions for all available commands (including in Russian).
What it's good for
The program can be used to obtain the password from the WiFi network. Travelers can get unlimited Internet access when traveling abroad. It can also be used to gain access to confidential information of a "victim", because instead of a window with the requirement to enter a password the hotspot can emulate the Windows login window.
Download Wifiphisher current version is free on our website.