Every one started using Wi-Fi connection to access the Internet using Laptops, Mobile Phones, Tablets and even Desktop PCs. It is the responsibility of the owner of the Wi-Fi to protect it with atmost security. Recently a tool has been developed that can hack any secure Wi-Fi network using Phishing technique.
A Greek Researcher developed this tool and it uses both Phishing and Social Engineering to carry out the attack. The success rate depends on how fool the user is. The tool uses some technique as same as Fern, The Cracker available in Kali Linux Distribution. He has released the code for the tool online for public usage.
Lets have a look at the working of this tool. The tool will create a fake Access Point first. The fake access point is alike a normal access point but created only for exploitation purpose. Then secondly the Fake Access point will try DoS ( Denial of Service ) attack over the legitimate access point and causes the user to disconnect from the Access Point. Then the Fake AP will force the system to connect to that access point which is a fake one.
If the user gets connected and the user give request to open up any webpage in the Internet through the Fake AP. The users will be displayed with a page in which they are asked to enter their WAP Password since the router firmware has been updated. If the user enters the password then it will be sent to the attacker and he / she can connect to the router whenever needed.
For simple understanding consider you are connected to your home AP ( Access Point ) named sample. The attacker will create a Fake AP named sample and it will force you to disconnect from sample through DoS attack. Then your system will get connected to sample ( Fake ) and if you enter an URL. You will be shown a page like this
If you enter the password you sample AP password will be sent to the attacker. The tool is named as #WiFiPhisher and there are some criticism that fake AP cannot be created with the password. But it works on Kali Linux Distributions and the code is available here.
THE TOOL MUST BE USED FOR EDUCATIONAL PURPOSE ONLY. I AM NOT RESPONSIBLE FOR ANY DAMAGE DUE TO THE TOOL.
P.S : The post is to create awareness and strictly not to be misused.
No comments:
Post a Comment