The tool, dubbed WiFiPhisher, has been released on the software evolution website GitHub on Lord's Day in addition to is freely available for users.
"It's a social technology scientific discipline assail that does non purpose beast forcing inwards contrast to other methods. It's an tardily agency to become WPA passwords," said George Chatzisofroniou.
However, at that spot are several hacking tools available on the Internet that tin hack a secure Wi-Fi network, but this tool automates multiple Wi-Fi hacking techniques which become inwards slightly dissimilar from others.
WiFiPhisher tool uses "Evil Twin" attack scenario. Same equally Evil Twin, the tool outset creates a phony wireless Access Point (AP) masquerade itself equally the legitimate Wi-Fi AP. It so directs a denial of service (DoS) assail against the legitimate Wi-Fi access point, or creates RF interference some it that disconnects wireless users of the connector in addition to and prompts users to inspect available networks.
Once disconnected from the legitimate Wi-Fi access point, the tool so strength offline computers in addition to devices to automatically re-connects to the evil twin, allowing the hacker to intercept all the traffic to that device.
The technique is also known equally AP Phishing, Wi-Fi Phishing, Hotspotter, or Honeypot AP. These form of attacks brand purpose of phony access points alongside faked login pages to capture users’ Wi-Fi credentials, credit carte du jour numbers, launch man-in-the-middle attacks, or infect wireless hosts.
"WiFiPhisher is a safety tool that mounts fast automated phishing attacks against WPA networks inwards guild to obtain the hush-hush passphrase [and] does non include whatever beast forcing," Chatzisofroniou said. "WifiPhisher sniffs the expanse in addition to copies the target access point's settings [and] creates a rogue wireless access bespeak that is modeled on the target."
As presently equally the victim requests whatever spider web page from the internet, WifiPhisher tool volition serve the victim a realistic simulated router configuration-looking page that volition inquire for WPA password confirmation due to a router firmware upgrade.
The tool, thus, could move used past times hackers in addition to cybercriminals to generate farther phishing in addition to man-in-the-middle attacks against connected users.
There is also criticism of the tool on several online give-and-take forums, because it would non move possible to laid a simulated access bespeak without a password.
"The tool is genuinely creating a second, unencrypted network. On Windows it volition give you lot a alert that the configuration of the network has changed. On Android you'd convey to manually reconnect to the unencrypted network. So their method doesn't automatically perform a man-in-the-middle attack," said 1 of the critics on Reddit.
Wifiphisher industrial plant on Kali Linux in addition to is licensed nether the MIT license. Users tin download in addition to install the tool on their Kali Linux distribution for free.
