How to hack
with
WonderHowTo Null Byte
WonderHowTo Gadget Hacks Next Reality Invisiverse Driverless Null Byte
Forum Metasploit Basics Facebook Hacks Password Cracking Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker
How to Hack Wi-Fi: Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
By occupytheweb
5/26/16 12:15 PM
Wi-Fi Hacking
How to Hack Wi-Fi: Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
Welcome back, my tenderfoot hackers!
Do you need to get a Wi-Fi password but don't have the time to crack it? In previous tutorials, I have shown how to crack WEP, WPA2, and WPS, but some people have complained that cracking WPA2 takes too long and that not all access points have WPS enabled (even though quite a few do). To help out in these situations, I present to you an almost surefire way to get a Wi-Fi password without cracking—Wifiphisher.
Steps in the Wifiphisher Strategy
The idea here is to create an evil twin AP, then de-authenticate or DoS the user from their real AP. When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of a "firmware upgrade." When they provide their password, you capture it and then allow them to use the evil twin as their AP, so they don't suspect a thing. Brilliant!
To sum up, Wifiphisher takes the following steps:
De-authenticate the user from their legitimate AP.
Allow the user to authenticate to your evil twin.
Offer a webpage to the user on a proxy that notifies them that a "firmware upgrade" has taken place, and that they need to authenticate again.
The Wi-Fi password is passed to the hacker and the user continues to the web oblivious to what just happened.
Similar scripts have been around for awhile, such as Airsnarf, but this new Wifiphisher script is more sophisticated. In addition, you could always do this all manually, but now we have a script that automates the entire process.
To do this hack, you will need Kali Linux and two wireless adapters, one of which must be capable of packet injection. Here, I used the tried and true, Alfa AWUS036H. You may use others, but before you do, make certain that it is compatible with Aircrack-ng (packet injection capable). Please do NOT post questions on why it doesn't work until you check if your wireless adapter can do packet injection. Most cannot.
Now let's take a look at Wifiphisher.
Step 1: Download Wifiphisher
To begin, fire up Kali and open a terminal. Then download Wifiphisher from GitHub and unpack the code.
kali > tar -xvzf /root/wifiphisher-1.1.tar.gz
As you can see below, I have unpacked the Wifiphisher source code.
Alternatively, you can clone the code from GitHub by typing:
kali > git clone https://github/sophron/wifiphisher
Step 2: Navigate to the Directory
Next, navigate to the directory that Wifiphisher created when it was unpacked. In my case, it is /wifiphisher-1.1.
kali > cd wifiphisher-.1.1
When listing the contents of that directory, you will see that the wifiphisher.py script is there.
kali > ls -l
Step 3: Run the Script
You can run the Wifiphisher script by typing:
kali > python wifiphisher.py
Note that I preceded the script with the name of the interpreter, python.
The first time you run the script, it will likely tell you that "hostapd" is not found and will prompt you to install it. Install by typing "y" for yes. It will then proceed to install hostapd.
When it has completed, once again, execute the Wifiphisher script.
kali > python wifiphisher.py
This time, it will start the web server on port 8080 and 443, then go about and discover the available Wi-Fi networks.
When it has completed, it will list all the Wi-Fi networks it has discovered. Notice at the bottom of my example that it has discovered the network "wonderhowto." That is the network we will be attacking.
Step 4: Send Your Attack & Get the Password
Go ahead and hit Ctrl + C on your keyboard and you will be prompted for the number of the AP that you would like to attack. In my case, it is 12.
When you hit Enter, Wifiphisher will display a screen like the one below that indicates the interface being used and the SSID of the AP being attacked and cloned.
The target user has been de-authenticated from their AP. When they re-authenticate, they will directed to the the cloned evil twin access point.
When they do, the proxy on the web server will catch their request and serve up an authentic-looking message that a firmware upgrade has taken place on their router and they must re-authenticate.
Notice that I have put in my password, nullbyte, and hit Submit.
When the user enters their password, it will be passed to you through the Wifiphisher open terminal, as seen below. The user will be passed through to the web through your system and out to the Internet, never suspecting anything awry has happened.
Now, my tenderfoot hackers, no Wi-Fi password is safe! Keep coming back as explore more of the world's most valuable skill set—hacking!
Related
How To: iOS 6 Broke Your Wi-Fi? Here's How to Fix Connection Problems on Your iPhone or iPad
How To: This Widget Lets You Open Wi-Fi Settings Faster, Share Passwords & More on Your iPhone
How To: Turn on Google Pixel's Wi-Fi Assistant to Get Secure Access on Open Networks
How To: Easily See Passwords for Wi-Fi Networks You've Connected Your Android Device To
How To: Hack WiFi Passwords for Free Wireless Internet on Your PS3
How To: See Passwords for Wi-Fi Networks You've Connected Your Android Device To
How to Hack Wi-Fi: Selecting a Good Wi-Fi Hacking Strategy
How To: Easily Share Your Complicated Wi-Fi Password Using Your Nexus 5
How To: Recover a Lost WiFi Password from Any Device
Android Basics: How to Connect to a Wi-Fi Network
How To: Find & Share Local Wi-Fi Passwords for Free Internet Everywhere You Go
How to Hack Wi-Fi: Getting Started with the Aircrack-Ng Suite of Wi-Fi Hacking Tools
News: Project Zero Finds iPhone & Android Open to Bugs in Broadcom's Wi-Fi Chips
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords with Cowpatty
How To: See Who's Using Your Wi-Fi & Boot Them Off with Your Android
How To: Find Saved WiFi Passwords in Windows
How To: Save Battery Power by Pairing Wi-Fi Connections with Cell Tower Signals on Your Galaxy Note 3
How To: Get the Strongest Wi-Fi Connection on Your Android Every Time
How To: Fix the Wi-Fi Roaming Bug on Your Samsung Galaxy S3
How To: Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
How To: Fix Wi-Fi Performance Issues in iOS 8 & Yosemite
How to Hack Wi-Fi: Cracking WEP Passwords with Aircrack-Ng
How To: Make Your Android Automatically Switch to the Strongest WiFi Network
How To: This App Saves Battery Life by Toggling Data Off When You're on Wi-Fi
How To: Crack Wi-Fi Passwords—For Beginners!
WiFi Prank: Use the iOS Exploit to Keep iPhone Users Off the Internet
How to Hack Wi-Fi: Choosing a Wireless Adapter for Hacking
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
News: MIT Tech Protects Your WiFi Without Passwords
How to Hack Wi-Fi: Getting Started with Terms & Technologies
How To: Share Your Windows 8 PC's Internet with a Phone or Tablet by Turning It into a Wi-Fi Hotspot
How To: Stop Handing Out Your Wi-Fi Password by Enabling "Guest Mode" on Your Chromecast
How To: The Easiest Way to Share Your Complicated WiFi Password with Friends & Family—No Typing Required
News: PSP2 (Next Generation Portable) or NGP
How To: Watch American Netflix from Other Regions on Your iOS Device
How To: Auto-Toggle Your Android Device's Wi-Fi On and Off When Near or Away from a Hotspot
How To: Get Free Wi-Fi from Hotels & More
134 Comments
1
Jeremiah Payne 1 year ago
Hmmm interesting. I will try this when I get out of class. Maybe even be useful to have supported as an add on in my script I am working on.
Reply
2
Phoenix750 1 year ago
Interesting.
-Phoenix750
Reply
2
Alpha code 1 year ago - edited 1 year ago
great trick
but the problem is that the evil twin doesn't have the same BSSID as the original so you can see two APs with same eSSID and devices won't connect automatically...
so if the script could be edited for that it would be perfect
Reply
4
TripHat 1 year ago
You have to make sure the rogue AP's signal is stronger than the legit one. So you have to be close, or use a powerful antenna. Once you deauth your target pc, it will try to reconnect and will pick the strongest signal (yours).
Reply
3
occupytheweb 1 year ago
Excellent point, TripHat. Check out the tutorials on increasing TX power here on Null Byte. Our trusty Alfa AWUSH can be amped up to 4x the legal limit.
Reply
2
Phoenix750 1 year ago - edited 1 year ago
A side note about the WiFi scrambler I am going to build in my Electricity/Electronics for Hackers series: My scrambler will be able to send out signals that reach 8 Watt, which is roughly 10-30 times higher than the legal limit. I haven't tested my design actually, because I'm afraid of legal consequences.
-Phoenix750
Reply
1
TripHat 1 year ago
Very interesting... if that will fit in my poor hardware knowledge, I'd be glad to test it. Also, to find out your real position, someone would have to triangulate the signal... that is not so easy if you're just running a test.
Reply
8
Phoenix750 1 year ago
With a well placed antenna, this jammer is capable of putting a small town without wifi. With even more power and a higher spot, this jammer may be capable of scrambling any wireless communication in an entire city like Chicago. Yes, an entire city!
The reason I am careful when working with the electromagnetic spectrum is because of something that happened to my dad when he was in his 20's. My dad was and still is, just like me, a passionated hardware hacker. One of the earliest things he did was build a radio transmitter for his town. This transmitter had the power of 100-200 Watt, and was placed on a high hill. My dad was successful in broadcasting his radio programs to our town (he was a hobby DJ back then), but it did have it's consequences. First of all, he never got the permission to broadcast on that wattage and on that frequency (which was 100.2 MHz, in case anyone is wondering), But he also caused disturbances at the airport of Amsterdam with his radio transmitter. Yes, the airport of Amsterdam, and we live near Brussels!
The reason this happened is because some of his radio waves reached Amsterdam, but not at the frequency he broadcasted at. These waves were just simple pulses that occurred every minute or so. But by crazy coincidence, these waves were at the same frequency the Amsterdam airport was using for it's control towers, and thus it caused disturbances in the communications of the pilots and the airport.
I am not only afraid that I will get fined or something, but also that I might cause an accident.
-Phoenix750
Reply
1
TripHat 1 year ago
Wow, nice story ! Yeah, one should pay caution when playing with radio waves, still, it doesn't have to be a huge transmitter. While the potential to knock off an entire city is possible, a personal jamming device with 20-30 meter radius can be a fun toy to play with, with no harm to anyone. If device is portable, chances to getting caught are extremely low. Just don't use in sensitive areas..
Reply
3
Phoenix750 1 year ago
I am already planning on testing it safely. The thing is, whether it's a wifi jammer of 2 or 2000 Watt, the design remains the same. All you need to do to get a higher wattage is increase the voltage.
The current design I have at the moment is a small jammer with a wattage of 8 watt and a 15cm long antenna. This should be enough to reach 50 meters under ideal circumstances. It utilizes a 9V battery as a source.
-Phoenix750
Reply
3
Washu Washu 1 year ago
I can't wait till you release the details, very excited :)
Cheers,
Washu
Reply
1
Fitap 1 year ago
Hi dude, you said what the higher wattage is only when increase the voltage, really?
Interesting.
My best regards.
Reply
1
Phoenix750 1 year ago - edited 1 year ago
Ohm's law tells us that when voltage goes up, so does current.
And wattage = voltage multiplied by current.
To increase the wattage you have 2 options: increase the voltage, or decrease the resistance. Since the resistance is a value that can't be changed easily, unlike voltage, we usually just change the voltage to get more power.
-Phoenix750
Reply
2
Alpha code 1 year ago
in your previous tutorial on evil twin a fake AP wwas created with the same BSSID and ESSID as the ap to be hacked and you could only see one AP because the fake one overwhelms the orginal... but in this tutorial the scritp or tool creates an AP with only the same ESSID as the original hence you see actually two APs one open and secured so it's suspicious and devices won't connect automatically so the user would actually have to choose to connect to the fake one
don't you think it's better to edit the python script to have the fake AP have the same BSSID as the original like in your previous evil twin tutorial ??
Reply
1
occupytheweb 1 year ago
Yes, please feel free to edit the script and publish it here for us.
Reply
1
Alpha code 1 year ago
if someone with python skills would do that and publish it would be great
Reply
2
Washu Washu 1 year ago - edited 1 year ago
It isn't that hard to change small parts of the code, just look throught it until you see the part that you must change.
Hint Look at line ~480
You can also look into the -a switch, I think it should do what you want but don't quote me on that.
Cheers,
Washu
Reply
1
Nick 1 year ago
Did anyone updated the script to copy APs BSSID?
Share please??
Reply
1
Singularity 1 year ago
If anyone needs it, heres a link to my Guide On Upping TX Power on Kali Linux 2.0
Reply
1
Alfredo Miquelino 1 year ago
Is it possible to create an EvilTwin AP with username and password, but when the victim enters the username and password doesnt compares to nothing, just stores the given user and password.
Good post btw
Reply
1
occupytheweb 1 year ago
That's what happens here.
Reply
1
Alfredo Miquelino 1 year ago
Not really, here we are redirecting to a fake web firmware update, which for someone in IT business would not trust very well.
What im talking about is reauth in windows connecting to wifi system
Reply
1
occupytheweb 1 year ago
You could create another proxy authentication page and have them authorize there.
Let's be clear, this will not likely work against someone who is IT security savvy. The other 99.9% of the world, it will work.
Reply
1
Alfredo Miquelino 1 year ago
But when you auth in windows for example, you get the form, usually just password or username and password, those are sent to AP right?
cant we catch that in plain text since is our controlled AP right?
Reply
1
TripHat 1 year ago
Yes, but those are router credentials, not the actual wifi password. They come into use later, but without the wifi password, they are of no use.
And as I already suggested in a similar post, you can build a custom phishing page that looks credible. The first 3 bytes of the MAC will tell the manufacturer, so you can insert its logo and make it more similar to an authentic one.
Reply
1
Alfredo Miquelino 1 year ago
Router credentials are for the router web based configurations, im talking about wifi ofc
Reply
1
occupytheweb 1 year ago - edited 1 year ago
I think there is some confusion here. This hack is for the WPA2-PSK password. No username, just password.
PSK passwords are sent as hashes and not in the clear. We can capture the capture the hash, but it never appears in the clear.
Reply
1
Alfredo Miquelino 1 year ago
Ok ty OTW, can we launch our own fake web form?
and if yes is it easy to change the web file
Reply
1
occupytheweb 1 year ago
Yes and yes.
Reply
1
Alfredo Miquelino 1 year ago
Ok ty, I will look into the code then.
Regards
Reply
1
TripHat 1 year ago
hmmm.. so you want to catch the wifi password that the user types in windows network manager? No that's not possible, at best you can get the WPA handshake, but you'll still have to crack it. Passwords won't be in plain text. The advantage of this over the classic deauth is you can spawn a network that is not active nearby, but the target is probing, it doesn't help in cracking the pass.
Reply
2
CyberHitchHiker 1 year ago
All I wanna know is what's in TheDragonLair ? Treasures? Grimm fates? Quests? ;-P
Reply
1
Sam Scott 1 year ago - edited 1 year ago
What if you have a school chromebook that does not let you get the proper chrome extensions and dev mode is blocked, is it possible to get the source code running at all on a chromebook or should I try another computer?
Thanks
-sam
p.s
I HATE GOOGLE CHROME OS IT IS A CRAPPY LINUX WANNABE!
Reply
1
occupytheweb 1 year ago
Use Kali Linux.
Reply
1
Nesaijn 1 year ago
After that, do I still have to crack the password or do I already have it uncrypted?
Reply
1
occupytheweb 1 year ago
No, it's unencrypted. The user entered their password into OUR website and we captured it.
Reply
1
cr0c0p 1 year ago
What happens if the user introduce whatever password, will this password is kept? and give us a false positive, or there is way to verified a valid password?
Thanks OTW!!
Reply
1
Washu Washu 1 year ago
If they enter the wrong password then it will not work but quite honestly I don't think its worth trying to verify it since everyone on the network will see this webpage and the odd that they all enter the wrong password is slim.
Cheers,
Washu
Reply
1
help finder 1 year ago
do I need to be connected to internet when doing this attack or my Kali can be offline?
Reply
1
Robert Paulson 1 year ago
You can be offline
Reply
1
Washu Washu 1 year ago
You should theoretically be able to use this when offline since the victim never actually connects to the internet.
Cheers,
Washu
Reply
1
occupytheweb 1 year ago
You should be online.
Reply
1
Washu Washu 1 year ago
Well if you not online the target won't get internet but they will still go to the fake upgrade page which will allow you to steal their password.
Cheers,
Washu
Reply
2
TripHat 1 year ago
Being online should not be mandatory... after you got the password you can simply stop the fake AP, victim will disconnect and reconnect to real one automatically. Or you could automate it by adding a small script to stop the attack as soon as the victim inputs the password.
Password validation can be added as well, either trying to authenticate with the just gotten password, or using aircrack against a previously captured wpa handshake. Again, this can all be scripted and executed when victim types his password. This way attacker might know in real time if password is correct, and eventually output the result in the phishing page before stopping the attack. So in case a suspecting user types some gibberish in the password field, it won't be greeted with 'YAYYY Password is correct' !!. Personally, I don't always type my passwords when they try to phish me, but when I do, I type some gibberish password that ends with ' OR 1=1
Reply
1
Mr_Nakup3nda 1 year ago - edited 1 year ago
very nice tool, and when i was troubleshooting i found that by using only one network adaptor you can use this tool to block any wifi from using internet...very interesting..wish y'all can try it..
Mr_Nakup3nda
Reply
2
ogbobby 1 year ago
OTW you have mentioned that their are guide on how to increase the tx power on wireless adapters. But are there any that are updated for Kali 2.0 because the old methods are not working anymore?
Reply
1
Singularity 1 year ago
Did you ever figure out how? Quite lost myself. Been searching for days now.
Reply
1
sandy_candy 1 year ago
In the firmware upgrade page, is there an option to notify the user in the first attempt that the credentials provided were wrong so that people who hesitate to put usernames and passwords in suspicious looking pages could be tricked. Doing this on the first login attempt could fool the people who might insert wrong credentials intentionally in the first attempt to see how page responds. Others might think that they might have mistyped. Both in most cases should provide the correct credentials on the second attempt.
And also can the firmware page be modified? The page template could raise suspicion if the router page they are used to looks completely different.
Both these things can be done with a bit of javascript, html and css. So where does the fake firmware page exist?
Great article as always!
Reply
1
TripHat 1 year ago - edited 1 year ago
This can be added, and actually improved. Read my comment above.
Yes, the firmware pages can be modified, check em.
Reply
1
nee onama 1 year ago
In the firmware upgrade page, is there an option to notify the user in the first attempt that the credentials provided were wrong so that people who hesitate to put usernames and passwords in suspicious looking pages could be tricked. Doing this on the first login attempt could fool the people who might insert wrong credentials intentionally in the first attempt to see how page responds. Others might think that they might have mistyped. Both in most cases should provide the correct credentials on the second attempt.
And also can the firmware page be modified? The page template could raise suspicion if the router page they are used to looks completely different.
Both these things can be done with a bit of javascript, html and css. So where does the fake firmware page exist?
Great article as always!
Reply
1
occupytheweb 1 year ago
No, that option does not exist, but you could definitely add it. This is all just a Python script.
Reply
1
nee onama 1 year ago
Ok thanks. I looked up the project and found the html page in
phishing-scenarios/minimal/ directory.
Reply
1
nee onama 1 year ago
Ok i'll look into it then. Thanks.
Reply
1
BlackCat 1 year ago
once again, i cant install anything
So i tried to - run apt-get update.
And this happened:
-HELP
how can I fix this error?
I would appreciate your help a lot!
Black Cat
Reply
1
Washu Washu 1 year ago
The 2 things I can think of is firstly, make sure that your source.list is properly configured. Secondly make sure that you have a good internet connection. If it takes more than a couple of minutes to install hostapd its probably because of your internet.
If your on a vm you could always revert to an earlier snapshot?
Cheers,
Washu
Reply
1
who am i 1 year ago
Hello can you talk through Facebook
Reply
1
occupytheweb 1 year ago
Why not talk here?
Reply
1
Scott Mckinley 10 months ago
your in root so if nothing has worked try sudo apt-get rather than just apt-get
Reply
-6
Obadiah Robert Robinson 1 year ago
I HATE LINUX!!! Why don't you make something like this for Mac and Windows users?
Reply
1
Jeremiah Payne 1 year ago
It's python, its exactly the same on any OS, also Mac is UNIX based just like Linux
Reply
2
Phoenix750 1 year ago
If you hate Linux, don't even consider becoming a hacker...
-Phoenix750
Reply
1
papanireal 1 year ago
true ^^
Reply
1
jo 1 year ago
Why do you need 2 WIFI Adapters? Can 1 work?
Reply
1
TripHat 1 year ago
You need two because one injects deauth packets to the victim, the other one creates the fake AP.
Injection requires the adapter to be in monitor mode, spawning the AP requires the adapter to be in master mode, and you can't be in both modes simultaneously.
Reply
1
occupytheweb 1 year ago
You need 2. One serves as the AP and the other connects to the Internet.
Reply
1
Louis Shawn 1 year ago
I'm thinking about the security issue. Is it safe to do so?
Reply
1
occupytheweb 1 year ago
Safe to do what?
Reply
-6
Mandy Martin Mulhern 1 year ago
Do people REALLY do this? Why? Isn't it kinda, sorta "illegal", and if not illegal, just plain wrong.
I'm posting it on Facebook so people can watch out for lowlife bottom feeders such as y'all.
Reply
2
Eliek Horton 1 year ago
Yes, people do this, but you're misdirecting your comment. This blog is geared towards white hacks interested in becoming security professionals, so they need to know how these types of things works to spot them in their field.
Reply
1
jo 1 year ago
So with the wireless adapters, will this configuration work: 1 internal Intel Centrino Advanced-N 6235 and 1 Alfa AWUS036NH adapter.
Reply
1
occupytheweb 1 year ago
As long as one can do packet injection, you are good. The Alfa is capable of packet injection.
Reply
1
creed world 1 year ago
phoenix 750 ,could you please make tutorial how to on using wifiphisher in parrot sec please.......
Reply
1
Syed Shahnawaz 1 year ago
unable to access 'https://github/sophron/wifiphisher/ ': Could not resolve host: github
help me guru
Reply
1
Jannissary 1 year ago
This is isn't really ideal right because you can't really choose which device gets attacked....?
Reply
1
occupytheweb 1 year ago
By device, do you mean AP? Yes, of course, you can. We are attacking the AP, not an individual computer. Once we have the password, we can use the AP at will.
Reply
1
Jannissary 1 year ago - edited 1 year ago
I thought only one target user would get disconnected and reconnected... does this mean all (wireless) connected devices on the targets AP will?
Also how long does this process take?
Reply
1
occupytheweb 1 year ago
Yes, everyone would be disconnected, but that really isn't the point. In a WPA2-PSK AP, the PSK stands for Pre-Shared Key. Everyone's password is the same. Get one password and you get everyone's.
Reply
1
Jannissary 1 year ago
Yeah you are absolutely right. I just tried it out on my laptop with a TL-WN722N in combination with my desktop using another dongle. But without success it just keeps jamming and jamming devices...... not sure if that is normal?
Reply
1
jo 1 year ago
Hi. I'm looking for a good solid adapter for kali that can do all the things a expensive one can but for half the price. I know alfa adapters are good but they range from $30 - $40 . I'm looking for something priced about $15 (give or take). Any suggestions?
Reply
1
Jannissary 1 year ago
@JO
I recommend the TL-WN722N it's relatively cheap and has decent results. You can start with that atleast, and later maybe upgrade to one of the alfa's.
Reply
1
bradbravo 1 year ago
Right from the beginning, It says
Canot open: no such file or directory
Error is not recoverable:exiting now
Child returned status 2
Error is not recoverable:exiting now
What seems to be the problem?
Also, after my terminal or screen left idle a while, i'm prompted to log-in, with the user id 'root'. I've dont even set up user id before, cant log-in as dont hv the password, just keep on reboot the system everytime i come to that.
Reply
1
Usr Isro 1 year ago
Help please... I seem to be unable to install hostapd... kali timed out trying to connect to server and/or couldn't find the hostapd on the kali servers
Reply
1
Paul David 1 year ago
In this program it ask for wpa password ,not everyone knows what is a wpa . So is there any possibilities that i can that into wifi password
Reply
1
Šimon Šmoula Pavlík 1 year ago
Is here someone who can help me?
I have an internet connection in kali linux ( i can normlally go to google or null byte.com ) but when I run setoolkit ( site cloner) or wifiphisher it is saying to me that i need an persistnet internet connection. How can i Fox this? pls help
Reply
1
Vito S 1 year ago
this is why you need 2 adapters. 1 for keeping you online, and another one is for creating evil twin AP. Once you set your only adapter to monitor mode - you lose internet connection.
Reply
1
Dog 1 year ago - edited 1 year ago
How long does this process normally take? Because for me it will just only jam and not actually force the user to the proxy webserver. What I believe is happening is users get kicked out of network (deauth is working). But then the fake AP isn't setup properly because it wont connect to the fake AP instead my computer is trying to connect the the real AP but gets instantly kicked out of it and this will just loop (Yes I am using two wifi adapters, AWUS036NHA and the TL-WN722N).
Reply
1
BlackCat 1 year ago
I cant install it, this error shows up: http://scr.hu/8l45/b7f65
Reply
1
papanireal 1 year ago
this is not a error, please enter "y" and go fwd
Reply
2
SneakyEast 1 year ago
I tried this on my own network but the fake page for entering the wpa code doesn't show up.
Does anyone know why this isn't show up?
Reply
1
Brenner Charlston 1 year ago - edited 1 year ago
I'm having a bit of a problem starting the fake AP. Hoping you guys can help!
I'm running the newest (to this date) version of Kali Linux in Virtualbox 5, using an Alfa AWUS036NHA for the deauth and a D-Link DWA-140 as the second wireless adapter.
According to everything that happens on the screen, it should be working just fine. I do get deauth'd on my devices, but the fake AP doesn't show up on the list of available networks (checked on Samsung Galaxy S3 running CyanogenMod 13). I even went as far as to get WiFi Analyzer for my phone, which is an app that searches for nearby WiFi signals. It could not find the fake AP either, which leads me to think the AP was never created in the first place. However, no errors show up on screen in Kali.
I've even tried manually setting the deauth adapter by using the -jI switch; python wifiphisher.py -jI wlan0.
What could be the cause?
It seems network manager was the problem. If anyone else experiences this problem, you might wanna try and kill the service.
You can do so by using the command "service network-manager stop" without the quotes, of course.
Reply
1
papanireal 1 year ago - edited 1 year ago
Hi, guys
i have some questions about wifiphisher and evil twin.
if you have some free time please explain,
i didn't understand when i run wifiphiser it runs and only deauth me from my AP but didn't create another one without passwd.
you said that we will need 2 wireless card but you didn't specify how we use the second one.
So i tried to go fwd on this article https://null-byte.wonderhowto.com/how-to/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data-0147919/
but here airbase-ng create de fake AP without passwd but i can't connect to this AP,
and how to config malicious web page.
mby i need to learn more about proxy ?
and what you mean to config proxy so he will redirect users to web page ?
thanks allot
-papanireal
Reply
1
occupytheweb 1 year ago
Please provide more info and screenshots.
Reply
3
Singularity 1 year ago - edited 1 year ago
Hello! Having the same issues as these guys. I have attempted to best explain my (possibly/hopefully theirs as well) situation.
I am running Kali on a Live USB stick and using the -jI selector to use my Alfa (AWUS036H) on monitor mode and using my built in adapter (PCI Adapter) for Internet access. I then select my network and the script goes into a loop (Im assuming that is causing the issue?) where it continually repeats this screen.
Image via wonderhowto.com
I am presuming this is continually booting off all users (as this is whats happening) thus, disallowing anyone to connect and even reach the fake webpage.
Hopefully I have given you enough to work off of. If not, I will be happy to add more. Thanks.
-Edit- Also, dont know if it matters, but BOTH my adapters are running at txpower: 20. (Due to having several issues with changing TX power) I dont beleive this is an issue as I have selected wlan2 (my Alfa adapter) to be in monitor mode manually using: python wifiphisher.py -jI wlan2
Reply
2
bye byte! 1 year ago
i hope someone coult answer this one, i am facing the same here ??
Reply
1
Singularity 1 year ago
Sorry didnt notice your comment till now. But if your still interested or havnt figured it out, checkout my guide! You can find it by going to my profile.
Reply
1
Sweet Corn 1 year ago
What do you type to download wifiphisher from github? You say you are attacking the winderhowto network #11 on your screen.
When you hit control C you say you enter #12.
Why? Wouldn't it be #11? I'm confused
Lastly thank you for the great article.
Reply
1
occupytheweb 1 year ago
Sweetcorn;
The command to download is right in the article.
git clone https://github/sophron/wifiphisher
You are confusing the channels with the number of the AP. Wonderhowto is on channel 11 but is #12 AP.
OTW
Reply
1
Sweet Corn 1 year ago
I see it now. I was reading off my phone and couldn't see the channels before. Thanks.
Reply
1
Pratik Sam 1 year ago
Can you use two external wifi adapters for this attack?
like two tp-link TL -wn722n?
It's because, my laptop's internal wireless card is a broadcom one, and it doesn't support monitor mode.
Reply
1
occupytheweb 1 year ago
Yes, you can use two external wireless adapters.
Reply
1
who am i 1 year ago
What is the solution
Reply
1
occupytheweb 1 year ago
Where is the wifiphisher file?
Reply
1
who am i 1 year ago
I did not find
Reply
1
occupytheweb 1 year ago
Did you download it? It's not on Kali unless you download it.
Reply
1
who am i 1 year ago
I have a lot of problems in the kali will re-inauguration thank you
Reply
1
August Fackyou 1 year ago
Can you help me please? i get this error whenever i try to run it... + Choose the num of the scenario you wish to use: 1
Selecting Browser Connection Reset template
Starting the fake access point...
Driver initialization failed! (hostapd error)
Try a different wireless interface using -aI option.
! Closing
Reply
1
occupytheweb 1 year ago
Do you have two wireless cards?
Reply
1
August Fackyou 1 year ago
I have an ALFA wireless and the built in one for mac. When I type ifconfig it shows wlan0 and wlan1.
Reply
1
occupytheweb 1 year ago
The error message implies that one of the wireless cards is not compatible. My guess is that it is the one built into the Mac.
Reply
1
August Fackyou 1 year ago
dang... Well I have some money might buy another... Thanks.
Reply
1
jinesh varun 1 year ago
Hey. I read few of ur hacking tips of wifi. But I am more intrested in wifiphiser , I have few douths on it. When we send that authentication to the user , can he suspect and see our mac address. Is it safe to use this method. Does this method work on all type of wifi protected routers. And why do we need 2 adapters . Can we do this method with one adapter. Pls if there is a video for this , then can u send the address. Thanku and waiting for ur reply.
Reply
1
jinesh varun 1 year ago
And ya does it work on Windows 8.1
Reply
1
occupytheweb 1 year ago
Jinesh:
You don't seem to have this article.
First, you need Linux. Second, it will work on any wifi protected router. Third, you have two wireless cards because one is used to deauth the AP and the second creates a fake AP.
Reply
1
jinesh varun 1 year ago
Does any type of less cost adapter work??
Reply
1
occupytheweb 1 year ago
Only those on the aircrack-ng compatibility list.
Reply
1
Tayseer Jaber 1 year ago
Hi
i'm getting this error on the last step !! any help ? please
Choose the num of the AP you wish to copy: 1
Traceback (most recent call last):
File "bin/wifiphisher", line 12, in <module>
run()
File "/root/wifiphisher-master/wifiphisher/pywifiphisher.py", line 1079, in run
template = selecttemplate(args.template)
File "/root/wifiphisher-master/wifiphisher/pywifiphisher.py", line 486, in selecttemplate
templatemanager = phishingpage.TemplateManager()
File "/root/wifiphisher-master/wifiphisher/phishingpage.py", line 132, in _init_
self.templates = {"connectionreset": connection, "office365": office,
NameError: global name 'office' is not defined
Reply
1
occupytheweb 1 year ago
Please give us a screen shot so we can help you.
Reply
1
Tayseer Jaber 1 year ago
i tired to start the virtual
machine now got another problem !
Reply
1
occupytheweb 1 year ago
Is your wireless adapter in monitor mode?
Reply
1
jinesh varun 1 year ago
And can u pls upload the entire video from tip to toe, the requirements, procedure, softwares to be installed before starting , and the end how it happened, it is request from all the beginer hackers, thanku
Reply
1
jinesh varun 1 year ago
I bought 2adapters (TP link tl wn722n )and one more is (wavlink wl wn687ni) will these two work, I have an hp Windows 8.1laptoplaptop .
Reply
1
occupytheweb 1 year ago
Are you running Kali Linux? Did you check for compatibility on the aircrack-ng website?
Reply
1
Mustang 9 1 year ago - edited 1 year ago
I installed and it runs with no Errors with one Alpha AWSU036H connected. It stays blinking and my iPhone doesn't get rerouted to my evil twin. What to do with the second USB Wifi adapter? Just plug in or configure?
Reply
1
Noman Aziz 11 months ago
Hi i followed all of your steps but after jamming devices nothing happens or no device appears
This is fake image but as u can see everything is blank.And im using 2 wlan cards
Reply
1
Michaelj 9 months ago
Hello i ran into this problem whilr trying to unpack, when i got the error thats when i tried yo update and i tried again but im still getting error
Reply
1
NoAh Kun 8 months ago
uhmm can i do this w/out internet in my laptop?
Reply
1
Alvian Putra 8 months ago
can i turn on only the fake ap without the jammer? poor man mode, i only have 1 usb wifi. because my internal card is not detected in kali.
Reply
1
Dimas Saputra 6 months ago
The big problem is HSTS detect on chrome an firefox
Reply
1
William Alderson 5 months ago
is this work for ubuntu?? i have a scapy error when use it
please reply
Reply
1
Rohaan Alam 4 months ago
does we need two wifi adapters for it to make it work If yes then I am sick of googling how to set my new TL-WN727N on linux :/
Reply
2
Pratik Das 3 months ago
You Are A Genius. That's Why I Love Visiting This Site More Often. Keep Up The Good Work.
Reply
1
Alex Haiduc last month
Hey guys. When i install the wifipshisher file i get this error :
No wireless interfaces found, bring one up and try again
I was told that if i.m using Virtual Box i can.t connect to my wifi driver, so that means i can.t use this method?
Reply
1
Darwin Sipe last month
IS it possible to use window operating systems
Reply
1
Allinson Angie 2 days ago
I never knew a post could be of such help to anyone until i saw a post about a professional hacker called JONNYCYBERGHOST, which is why i'm posting this with the hope that i might help someone through this also. Well i contacted him through his email (jonnycyberghost@gmail . com) in good faith that he was going to help me out by hacking into my husband's phone and email and he didn't even disappoint me for a second, rather he provided me with full access to both his email and phone, Facebook, Whatsapp, IG, Viber, text messages and monitor his phone calls allowing me to see everything for myself, how a cheat of an husband the man i loved was. I would forever be indebted to him and i really appreciate him for a job well done. text him (+1) 850 631 5597, I already made him my personal hacker and PI, i advise that you do the same. Tell him Allinson referred you.
Reply
Share Your Thoughts
You Login to Comment
Click to share your thoughts
Hot
Latest
How To: Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
How to Hack Wi-Fi: Capturing WPA Passwords by Targeting Users with a Fluxion Attack
How To: 4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
Mac for Hackers: How to Get Your Mac Ready for Hacking
How To: An Intro to Vim, the Unix Text Editor Every Hacker Should Be Familiar With
How To: Successfully Hack a Website in 2016!
Hack Like a Pro: How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
How To: Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
How To: Install Kali Live on a USB Drive (With Persistence, Optional)
How To: Hack Android Using Kali (Remotely)
How To: Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
Hack Like a Pro: How to Hack Facebook, Part 2 (Facebook Password Extractor)
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
How To: Hack WPA WiFi Passwords by Cracking the WPS PIN
How To: The Essential Skills to Becoming a Master Hacker
Hack Like a Pro: Getting Started with Kali, Your New Hacking System
Hack Like a Pro: How to Crack Passwords, Part 1 (Principles & Technologies)
Hack Like a Pro: How to Remotely Install a Keylogger onto Your Girlfriend's Computer
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords with Cowpatty
All Features
How To: 4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
How To: Successfully Hack a Website in 2016!
Hack Like a Pro: How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
How To: Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
How To: Install Kali Live on a USB Drive (With Persistence, Optional)
How To: Hack Android Using Kali (Remotely)
How to Hack Wi-Fi: Capturing WPA Passwords by Targeting Users with a Fluxion Attack
How To: Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
Hack Like a Pro: How to Hack Facebook, Part 2 (Facebook Password Extractor)
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
How To: Hack WPA WiFi Passwords by Cracking the WPS PIN
How To: The Essential Skills to Becoming a Master Hacker
How To: Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
Hack Like a Pro: Getting Started with Kali, Your New Hacking System
Hack Like a Pro: How to Crack Passwords, Part 1 (Principles & Technologies)
Hack Like a Pro: How to Remotely Install a Keylogger onto Your Girlfriend's Computer
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords with Cowpatty
How to Hack Like a Pro: Getting Started with Metasploit
Hack Like a Pro: How to Spy on Anyone, Part 1 (Hacking Computers)
All Hot Posts
© 2017 WonderHowTo, Inc
Collections
Hack Like a Pro
Mac for Hackers
Sections
Null Byte How-Tos
Raspberry Pi
Wi-Fi Hacking
Python Training
Facebook Hacks
Security-Oriented C
Snort
Forensics
Hack Like a Pro
Metasploit Basics
Recon
Windows 7 Hacking
Dionaea
Electricity Basics
Linux Basics
Hacking Web Apps
Evading AV Software
Networking Basics
Android
Advice from a Hacker
Mr. Robot Hacks
DB Hacking
Bluetooth Hacking
C/C++ for Hackers
Exploit Building
MitM
Password Cracking
Spy Tactics
Attack on Stack
Scripting
Kali Forensics
Shodan
Social Engineering
Listeners
Tor
Everything Else
News
Null Byte News
Anonymity & Darknets
Everything Else
Forum
Null Byte Forum
Featured Sites
WonderHowTo Home
Gadget Hacks
Food Hacks Daily
Next Reality
Invisiverse
Driverless
Null Byte
The Secret Yumiverse
MacGyverisms
Lock Picking
Mad Science
Mind Hacks
Categories
Alcohol
Arts & Crafts
Autos, Motorcycles & Planes
Beauty & Style
Business & Money
Computers & Programming
Dance
Dating & Relationships
Diet & Health
Disaster Preparation
Education
Electronics
Family
Film & Theater
Fine Art
Fitness
Food
Gambling
Games
Hobbies & Toys
Home & Garden
Hosting & Entertaining
Language
Magic & Parlor Tricks
Motivation & Self Help
Music & Instruments
Outdoor Recreation
Pets & Animals
Pranks & Cons
Software
Spirituality
Sports
Travel
Video Games
Weapons
Gadget Hacks Sites
Gadget Hacks Home
Android
Samsung Galaxy S5
HTC One
Nexus
Samsung Galaxy S3
Samsung GS4
Nexus 7
Samsung Galaxy S6
Samsung Galaxy Note 3
Samsung Galaxy Note 2
Amazon Fire
OnePlus
LG G3
Galaxy Note 4
Samsung Galaxy S7
iOS & iPhone
Smartphones
Digiwonk
Hacks, Mods & Circuitry
Internet
Mac Tips
Windows Tips
Cord Cutters
Tablets
Tech Pr0n
Next Reality Sites
Next Reality Home
Augmented Reality News
Mobile AR News
Google Glass
Mixed Reality News
HoloLens
Meta 2
Magic Leap
Virtual Reality News
Mobile VR News
HTC Vive
Oculus Rift
Invisiverse Sites
Invisiverse Home
Driverless Sites
Driverless Home
Login or signup
Settings
Loading..
with
WonderHowTo Null Byte
WonderHowTo Gadget Hacks Next Reality Invisiverse Driverless Null Byte
Forum Metasploit Basics Facebook Hacks Password Cracking Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker
How to Hack Wi-Fi: Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
By occupytheweb
5/26/16 12:15 PM
Wi-Fi Hacking
How to Hack Wi-Fi: Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
Welcome back, my tenderfoot hackers!
Do you need to get a Wi-Fi password but don't have the time to crack it? In previous tutorials, I have shown how to crack WEP, WPA2, and WPS, but some people have complained that cracking WPA2 takes too long and that not all access points have WPS enabled (even though quite a few do). To help out in these situations, I present to you an almost surefire way to get a Wi-Fi password without cracking—Wifiphisher.
Steps in the Wifiphisher Strategy
The idea here is to create an evil twin AP, then de-authenticate or DoS the user from their real AP. When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of a "firmware upgrade." When they provide their password, you capture it and then allow them to use the evil twin as their AP, so they don't suspect a thing. Brilliant!
To sum up, Wifiphisher takes the following steps:
De-authenticate the user from their legitimate AP.
Allow the user to authenticate to your evil twin.
Offer a webpage to the user on a proxy that notifies them that a "firmware upgrade" has taken place, and that they need to authenticate again.
The Wi-Fi password is passed to the hacker and the user continues to the web oblivious to what just happened.
Similar scripts have been around for awhile, such as Airsnarf, but this new Wifiphisher script is more sophisticated. In addition, you could always do this all manually, but now we have a script that automates the entire process.
To do this hack, you will need Kali Linux and two wireless adapters, one of which must be capable of packet injection. Here, I used the tried and true, Alfa AWUS036H. You may use others, but before you do, make certain that it is compatible with Aircrack-ng (packet injection capable). Please do NOT post questions on why it doesn't work until you check if your wireless adapter can do packet injection. Most cannot.
Now let's take a look at Wifiphisher.
Step 1: Download Wifiphisher
To begin, fire up Kali and open a terminal. Then download Wifiphisher from GitHub and unpack the code.
kali > tar -xvzf /root/wifiphisher-1.1.tar.gz
As you can see below, I have unpacked the Wifiphisher source code.
Alternatively, you can clone the code from GitHub by typing:
kali > git clone https://github/sophron/wifiphisher
Step 2: Navigate to the Directory
Next, navigate to the directory that Wifiphisher created when it was unpacked. In my case, it is /wifiphisher-1.1.
kali > cd wifiphisher-.1.1
When listing the contents of that directory, you will see that the wifiphisher.py script is there.
kali > ls -l
Step 3: Run the Script
You can run the Wifiphisher script by typing:
kali > python wifiphisher.py
Note that I preceded the script with the name of the interpreter, python.
The first time you run the script, it will likely tell you that "hostapd" is not found and will prompt you to install it. Install by typing "y" for yes. It will then proceed to install hostapd.
When it has completed, once again, execute the Wifiphisher script.
kali > python wifiphisher.py
This time, it will start the web server on port 8080 and 443, then go about and discover the available Wi-Fi networks.
When it has completed, it will list all the Wi-Fi networks it has discovered. Notice at the bottom of my example that it has discovered the network "wonderhowto." That is the network we will be attacking.
Step 4: Send Your Attack & Get the Password
Go ahead and hit Ctrl + C on your keyboard and you will be prompted for the number of the AP that you would like to attack. In my case, it is 12.
When you hit Enter, Wifiphisher will display a screen like the one below that indicates the interface being used and the SSID of the AP being attacked and cloned.
The target user has been de-authenticated from their AP. When they re-authenticate, they will directed to the the cloned evil twin access point.
When they do, the proxy on the web server will catch their request and serve up an authentic-looking message that a firmware upgrade has taken place on their router and they must re-authenticate.
Notice that I have put in my password, nullbyte, and hit Submit.
When the user enters their password, it will be passed to you through the Wifiphisher open terminal, as seen below. The user will be passed through to the web through your system and out to the Internet, never suspecting anything awry has happened.
Now, my tenderfoot hackers, no Wi-Fi password is safe! Keep coming back as explore more of the world's most valuable skill set—hacking!
Related
How To: iOS 6 Broke Your Wi-Fi? Here's How to Fix Connection Problems on Your iPhone or iPad
How To: This Widget Lets You Open Wi-Fi Settings Faster, Share Passwords & More on Your iPhone
How To: Turn on Google Pixel's Wi-Fi Assistant to Get Secure Access on Open Networks
How To: Easily See Passwords for Wi-Fi Networks You've Connected Your Android Device To
How To: Hack WiFi Passwords for Free Wireless Internet on Your PS3
How To: See Passwords for Wi-Fi Networks You've Connected Your Android Device To
How to Hack Wi-Fi: Selecting a Good Wi-Fi Hacking Strategy
How To: Easily Share Your Complicated Wi-Fi Password Using Your Nexus 5
How To: Recover a Lost WiFi Password from Any Device
Android Basics: How to Connect to a Wi-Fi Network
How To: Find & Share Local Wi-Fi Passwords for Free Internet Everywhere You Go
How to Hack Wi-Fi: Getting Started with the Aircrack-Ng Suite of Wi-Fi Hacking Tools
News: Project Zero Finds iPhone & Android Open to Bugs in Broadcom's Wi-Fi Chips
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords with Cowpatty
How To: See Who's Using Your Wi-Fi & Boot Them Off with Your Android
How To: Find Saved WiFi Passwords in Windows
How To: Save Battery Power by Pairing Wi-Fi Connections with Cell Tower Signals on Your Galaxy Note 3
How To: Get the Strongest Wi-Fi Connection on Your Android Every Time
How To: Fix the Wi-Fi Roaming Bug on Your Samsung Galaxy S3
How To: Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
How To: Fix Wi-Fi Performance Issues in iOS 8 & Yosemite
How to Hack Wi-Fi: Cracking WEP Passwords with Aircrack-Ng
How To: Make Your Android Automatically Switch to the Strongest WiFi Network
How To: This App Saves Battery Life by Toggling Data Off When You're on Wi-Fi
How To: Crack Wi-Fi Passwords—For Beginners!
WiFi Prank: Use the iOS Exploit to Keep iPhone Users Off the Internet
How to Hack Wi-Fi: Choosing a Wireless Adapter for Hacking
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
News: MIT Tech Protects Your WiFi Without Passwords
How to Hack Wi-Fi: Getting Started with Terms & Technologies
How To: Share Your Windows 8 PC's Internet with a Phone or Tablet by Turning It into a Wi-Fi Hotspot
How To: Stop Handing Out Your Wi-Fi Password by Enabling "Guest Mode" on Your Chromecast
How To: The Easiest Way to Share Your Complicated WiFi Password with Friends & Family—No Typing Required
News: PSP2 (Next Generation Portable) or NGP
How To: Watch American Netflix from Other Regions on Your iOS Device
How To: Auto-Toggle Your Android Device's Wi-Fi On and Off When Near or Away from a Hotspot
How To: Get Free Wi-Fi from Hotels & More
134 Comments
1
Jeremiah Payne 1 year ago
Hmmm interesting. I will try this when I get out of class. Maybe even be useful to have supported as an add on in my script I am working on.
Reply
2
Phoenix750 1 year ago
Interesting.
-Phoenix750
Reply
2
Alpha code 1 year ago - edited 1 year ago
great trick
but the problem is that the evil twin doesn't have the same BSSID as the original so you can see two APs with same eSSID and devices won't connect automatically...
so if the script could be edited for that it would be perfect
Reply
4
TripHat 1 year ago
You have to make sure the rogue AP's signal is stronger than the legit one. So you have to be close, or use a powerful antenna. Once you deauth your target pc, it will try to reconnect and will pick the strongest signal (yours).
Reply
3
occupytheweb 1 year ago
Excellent point, TripHat. Check out the tutorials on increasing TX power here on Null Byte. Our trusty Alfa AWUSH can be amped up to 4x the legal limit.
Reply
2
Phoenix750 1 year ago - edited 1 year ago
A side note about the WiFi scrambler I am going to build in my Electricity/Electronics for Hackers series: My scrambler will be able to send out signals that reach 8 Watt, which is roughly 10-30 times higher than the legal limit. I haven't tested my design actually, because I'm afraid of legal consequences.
-Phoenix750
Reply
1
TripHat 1 year ago
Very interesting... if that will fit in my poor hardware knowledge, I'd be glad to test it. Also, to find out your real position, someone would have to triangulate the signal... that is not so easy if you're just running a test.
Reply
8
Phoenix750 1 year ago
With a well placed antenna, this jammer is capable of putting a small town without wifi. With even more power and a higher spot, this jammer may be capable of scrambling any wireless communication in an entire city like Chicago. Yes, an entire city!
The reason I am careful when working with the electromagnetic spectrum is because of something that happened to my dad when he was in his 20's. My dad was and still is, just like me, a passionated hardware hacker. One of the earliest things he did was build a radio transmitter for his town. This transmitter had the power of 100-200 Watt, and was placed on a high hill. My dad was successful in broadcasting his radio programs to our town (he was a hobby DJ back then), but it did have it's consequences. First of all, he never got the permission to broadcast on that wattage and on that frequency (which was 100.2 MHz, in case anyone is wondering), But he also caused disturbances at the airport of Amsterdam with his radio transmitter. Yes, the airport of Amsterdam, and we live near Brussels!
The reason this happened is because some of his radio waves reached Amsterdam, but not at the frequency he broadcasted at. These waves were just simple pulses that occurred every minute or so. But by crazy coincidence, these waves were at the same frequency the Amsterdam airport was using for it's control towers, and thus it caused disturbances in the communications of the pilots and the airport.
I am not only afraid that I will get fined or something, but also that I might cause an accident.
-Phoenix750
Reply
1
TripHat 1 year ago
Wow, nice story ! Yeah, one should pay caution when playing with radio waves, still, it doesn't have to be a huge transmitter. While the potential to knock off an entire city is possible, a personal jamming device with 20-30 meter radius can be a fun toy to play with, with no harm to anyone. If device is portable, chances to getting caught are extremely low. Just don't use in sensitive areas..
Reply
3
Phoenix750 1 year ago
I am already planning on testing it safely. The thing is, whether it's a wifi jammer of 2 or 2000 Watt, the design remains the same. All you need to do to get a higher wattage is increase the voltage.
The current design I have at the moment is a small jammer with a wattage of 8 watt and a 15cm long antenna. This should be enough to reach 50 meters under ideal circumstances. It utilizes a 9V battery as a source.
-Phoenix750
Reply
3
Washu Washu 1 year ago
I can't wait till you release the details, very excited :)
Cheers,
Washu
Reply
1
Fitap 1 year ago
Hi dude, you said what the higher wattage is only when increase the voltage, really?
Interesting.
My best regards.
Reply
1
Phoenix750 1 year ago - edited 1 year ago
Ohm's law tells us that when voltage goes up, so does current.
And wattage = voltage multiplied by current.
To increase the wattage you have 2 options: increase the voltage, or decrease the resistance. Since the resistance is a value that can't be changed easily, unlike voltage, we usually just change the voltage to get more power.
-Phoenix750
Reply
2
Alpha code 1 year ago
in your previous tutorial on evil twin a fake AP wwas created with the same BSSID and ESSID as the ap to be hacked and you could only see one AP because the fake one overwhelms the orginal... but in this tutorial the scritp or tool creates an AP with only the same ESSID as the original hence you see actually two APs one open and secured so it's suspicious and devices won't connect automatically so the user would actually have to choose to connect to the fake one
don't you think it's better to edit the python script to have the fake AP have the same BSSID as the original like in your previous evil twin tutorial ??
Reply
1
occupytheweb 1 year ago
Yes, please feel free to edit the script and publish it here for us.
Reply
1
Alpha code 1 year ago
if someone with python skills would do that and publish it would be great
Reply
2
Washu Washu 1 year ago - edited 1 year ago
It isn't that hard to change small parts of the code, just look throught it until you see the part that you must change.
Hint Look at line ~480
You can also look into the -a switch, I think it should do what you want but don't quote me on that.
Cheers,
Washu
Reply
1
Nick 1 year ago
Did anyone updated the script to copy APs BSSID?
Share please??
Reply
1
Singularity 1 year ago
If anyone needs it, heres a link to my Guide On Upping TX Power on Kali Linux 2.0
Reply
1
Alfredo Miquelino 1 year ago
Is it possible to create an EvilTwin AP with username and password, but when the victim enters the username and password doesnt compares to nothing, just stores the given user and password.
Good post btw
Reply
1
occupytheweb 1 year ago
That's what happens here.
Reply
1
Alfredo Miquelino 1 year ago
Not really, here we are redirecting to a fake web firmware update, which for someone in IT business would not trust very well.
What im talking about is reauth in windows connecting to wifi system
Reply
1
occupytheweb 1 year ago
You could create another proxy authentication page and have them authorize there.
Let's be clear, this will not likely work against someone who is IT security savvy. The other 99.9% of the world, it will work.
Reply
1
Alfredo Miquelino 1 year ago
But when you auth in windows for example, you get the form, usually just password or username and password, those are sent to AP right?
cant we catch that in plain text since is our controlled AP right?
Reply
1
TripHat 1 year ago
Yes, but those are router credentials, not the actual wifi password. They come into use later, but without the wifi password, they are of no use.
And as I already suggested in a similar post, you can build a custom phishing page that looks credible. The first 3 bytes of the MAC will tell the manufacturer, so you can insert its logo and make it more similar to an authentic one.
Reply
1
Alfredo Miquelino 1 year ago
Router credentials are for the router web based configurations, im talking about wifi ofc
Reply
1
occupytheweb 1 year ago - edited 1 year ago
I think there is some confusion here. This hack is for the WPA2-PSK password. No username, just password.
PSK passwords are sent as hashes and not in the clear. We can capture the capture the hash, but it never appears in the clear.
Reply
1
Alfredo Miquelino 1 year ago
Ok ty OTW, can we launch our own fake web form?
and if yes is it easy to change the web file
Reply
1
occupytheweb 1 year ago
Yes and yes.
Reply
1
Alfredo Miquelino 1 year ago
Ok ty, I will look into the code then.
Regards
Reply
1
TripHat 1 year ago
hmmm.. so you want to catch the wifi password that the user types in windows network manager? No that's not possible, at best you can get the WPA handshake, but you'll still have to crack it. Passwords won't be in plain text. The advantage of this over the classic deauth is you can spawn a network that is not active nearby, but the target is probing, it doesn't help in cracking the pass.
Reply
2
CyberHitchHiker 1 year ago
All I wanna know is what's in TheDragonLair ? Treasures? Grimm fates? Quests? ;-P
Reply
1
Sam Scott 1 year ago - edited 1 year ago
What if you have a school chromebook that does not let you get the proper chrome extensions and dev mode is blocked, is it possible to get the source code running at all on a chromebook or should I try another computer?
Thanks
-sam
p.s
I HATE GOOGLE CHROME OS IT IS A CRAPPY LINUX WANNABE!
Reply
1
occupytheweb 1 year ago
Use Kali Linux.
Reply
1
Nesaijn 1 year ago
After that, do I still have to crack the password or do I already have it uncrypted?
Reply
1
occupytheweb 1 year ago
No, it's unencrypted. The user entered their password into OUR website and we captured it.
Reply
1
cr0c0p 1 year ago
What happens if the user introduce whatever password, will this password is kept? and give us a false positive, or there is way to verified a valid password?
Thanks OTW!!
Reply
1
Washu Washu 1 year ago
If they enter the wrong password then it will not work but quite honestly I don't think its worth trying to verify it since everyone on the network will see this webpage and the odd that they all enter the wrong password is slim.
Cheers,
Washu
Reply
1
help finder 1 year ago
do I need to be connected to internet when doing this attack or my Kali can be offline?
Reply
1
Robert Paulson 1 year ago
You can be offline
Reply
1
Washu Washu 1 year ago
You should theoretically be able to use this when offline since the victim never actually connects to the internet.
Cheers,
Washu
Reply
1
occupytheweb 1 year ago
You should be online.
Reply
1
Washu Washu 1 year ago
Well if you not online the target won't get internet but they will still go to the fake upgrade page which will allow you to steal their password.
Cheers,
Washu
Reply
2
TripHat 1 year ago
Being online should not be mandatory... after you got the password you can simply stop the fake AP, victim will disconnect and reconnect to real one automatically. Or you could automate it by adding a small script to stop the attack as soon as the victim inputs the password.
Password validation can be added as well, either trying to authenticate with the just gotten password, or using aircrack against a previously captured wpa handshake. Again, this can all be scripted and executed when victim types his password. This way attacker might know in real time if password is correct, and eventually output the result in the phishing page before stopping the attack. So in case a suspecting user types some gibberish in the password field, it won't be greeted with 'YAYYY Password is correct' !!. Personally, I don't always type my passwords when they try to phish me, but when I do, I type some gibberish password that ends with ' OR 1=1
Reply
1
Mr_Nakup3nda 1 year ago - edited 1 year ago
very nice tool, and when i was troubleshooting i found that by using only one network adaptor you can use this tool to block any wifi from using internet...very interesting..wish y'all can try it..
Mr_Nakup3nda
Reply
2
ogbobby 1 year ago
OTW you have mentioned that their are guide on how to increase the tx power on wireless adapters. But are there any that are updated for Kali 2.0 because the old methods are not working anymore?
Reply
1
Singularity 1 year ago
Did you ever figure out how? Quite lost myself. Been searching for days now.
Reply
1
sandy_candy 1 year ago
In the firmware upgrade page, is there an option to notify the user in the first attempt that the credentials provided were wrong so that people who hesitate to put usernames and passwords in suspicious looking pages could be tricked. Doing this on the first login attempt could fool the people who might insert wrong credentials intentionally in the first attempt to see how page responds. Others might think that they might have mistyped. Both in most cases should provide the correct credentials on the second attempt.
And also can the firmware page be modified? The page template could raise suspicion if the router page they are used to looks completely different.
Both these things can be done with a bit of javascript, html and css. So where does the fake firmware page exist?
Great article as always!
Reply
1
TripHat 1 year ago - edited 1 year ago
This can be added, and actually improved. Read my comment above.
Yes, the firmware pages can be modified, check em.
Reply
1
nee onama 1 year ago
In the firmware upgrade page, is there an option to notify the user in the first attempt that the credentials provided were wrong so that people who hesitate to put usernames and passwords in suspicious looking pages could be tricked. Doing this on the first login attempt could fool the people who might insert wrong credentials intentionally in the first attempt to see how page responds. Others might think that they might have mistyped. Both in most cases should provide the correct credentials on the second attempt.
And also can the firmware page be modified? The page template could raise suspicion if the router page they are used to looks completely different.
Both these things can be done with a bit of javascript, html and css. So where does the fake firmware page exist?
Great article as always!
Reply
1
occupytheweb 1 year ago
No, that option does not exist, but you could definitely add it. This is all just a Python script.
Reply
1
nee onama 1 year ago
Ok thanks. I looked up the project and found the html page in
phishing-scenarios/minimal/ directory.
Reply
1
nee onama 1 year ago
Ok i'll look into it then. Thanks.
Reply
1
BlackCat 1 year ago
once again, i cant install anything
So i tried to - run apt-get update.
And this happened:
-HELP
how can I fix this error?
I would appreciate your help a lot!
Black Cat
Reply
1
Washu Washu 1 year ago
The 2 things I can think of is firstly, make sure that your source.list is properly configured. Secondly make sure that you have a good internet connection. If it takes more than a couple of minutes to install hostapd its probably because of your internet.
If your on a vm you could always revert to an earlier snapshot?
Cheers,
Washu
Reply
1
who am i 1 year ago
Hello can you talk through Facebook
Reply
1
occupytheweb 1 year ago
Why not talk here?
Reply
1
Scott Mckinley 10 months ago
your in root so if nothing has worked try sudo apt-get rather than just apt-get
Reply
-6
Obadiah Robert Robinson 1 year ago
I HATE LINUX!!! Why don't you make something like this for Mac and Windows users?
Reply
1
Jeremiah Payne 1 year ago
It's python, its exactly the same on any OS, also Mac is UNIX based just like Linux
Reply
2
Phoenix750 1 year ago
If you hate Linux, don't even consider becoming a hacker...
-Phoenix750
Reply
1
papanireal 1 year ago
true ^^
Reply
1
jo 1 year ago
Why do you need 2 WIFI Adapters? Can 1 work?
Reply
1
TripHat 1 year ago
You need two because one injects deauth packets to the victim, the other one creates the fake AP.
Injection requires the adapter to be in monitor mode, spawning the AP requires the adapter to be in master mode, and you can't be in both modes simultaneously.
Reply
1
occupytheweb 1 year ago
You need 2. One serves as the AP and the other connects to the Internet.
Reply
1
Louis Shawn 1 year ago
I'm thinking about the security issue. Is it safe to do so?
Reply
1
occupytheweb 1 year ago
Safe to do what?
Reply
-6
Mandy Martin Mulhern 1 year ago
Do people REALLY do this? Why? Isn't it kinda, sorta "illegal", and if not illegal, just plain wrong.
I'm posting it on Facebook so people can watch out for lowlife bottom feeders such as y'all.
Reply
2
Eliek Horton 1 year ago
Yes, people do this, but you're misdirecting your comment. This blog is geared towards white hacks interested in becoming security professionals, so they need to know how these types of things works to spot them in their field.
Reply
1
jo 1 year ago
So with the wireless adapters, will this configuration work: 1 internal Intel Centrino Advanced-N 6235 and 1 Alfa AWUS036NH adapter.
Reply
1
occupytheweb 1 year ago
As long as one can do packet injection, you are good. The Alfa is capable of packet injection.
Reply
1
creed world 1 year ago
phoenix 750 ,could you please make tutorial how to on using wifiphisher in parrot sec please.......
Reply
1
Syed Shahnawaz 1 year ago
unable to access 'https://github/sophron/wifiphisher/ ': Could not resolve host: github
help me guru
Reply
1
Jannissary 1 year ago
This is isn't really ideal right because you can't really choose which device gets attacked....?
Reply
1
occupytheweb 1 year ago
By device, do you mean AP? Yes, of course, you can. We are attacking the AP, not an individual computer. Once we have the password, we can use the AP at will.
Reply
1
Jannissary 1 year ago - edited 1 year ago
I thought only one target user would get disconnected and reconnected... does this mean all (wireless) connected devices on the targets AP will?
Also how long does this process take?
Reply
1
occupytheweb 1 year ago
Yes, everyone would be disconnected, but that really isn't the point. In a WPA2-PSK AP, the PSK stands for Pre-Shared Key. Everyone's password is the same. Get one password and you get everyone's.
Reply
1
Jannissary 1 year ago
Yeah you are absolutely right. I just tried it out on my laptop with a TL-WN722N in combination with my desktop using another dongle. But without success it just keeps jamming and jamming devices...... not sure if that is normal?
Reply
1
jo 1 year ago
Hi. I'm looking for a good solid adapter for kali that can do all the things a expensive one can but for half the price. I know alfa adapters are good but they range from $30 - $40 . I'm looking for something priced about $15 (give or take). Any suggestions?
Reply
1
Jannissary 1 year ago
@JO
I recommend the TL-WN722N it's relatively cheap and has decent results. You can start with that atleast, and later maybe upgrade to one of the alfa's.
Reply
1
bradbravo 1 year ago
Right from the beginning, It says
Canot open: no such file or directory
Error is not recoverable:exiting now
Child returned status 2
Error is not recoverable:exiting now
What seems to be the problem?
Also, after my terminal or screen left idle a while, i'm prompted to log-in, with the user id 'root'. I've dont even set up user id before, cant log-in as dont hv the password, just keep on reboot the system everytime i come to that.
Reply
1
Usr Isro 1 year ago
Help please... I seem to be unable to install hostapd... kali timed out trying to connect to server and/or couldn't find the hostapd on the kali servers
Reply
1
Paul David 1 year ago
In this program it ask for wpa password ,not everyone knows what is a wpa . So is there any possibilities that i can that into wifi password
Reply
1
Šimon Šmoula Pavlík 1 year ago
Is here someone who can help me?
I have an internet connection in kali linux ( i can normlally go to google or null byte.com ) but when I run setoolkit ( site cloner) or wifiphisher it is saying to me that i need an persistnet internet connection. How can i Fox this? pls help
Reply
1
Vito S 1 year ago
this is why you need 2 adapters. 1 for keeping you online, and another one is for creating evil twin AP. Once you set your only adapter to monitor mode - you lose internet connection.
Reply
1
Dog 1 year ago - edited 1 year ago
How long does this process normally take? Because for me it will just only jam and not actually force the user to the proxy webserver. What I believe is happening is users get kicked out of network (deauth is working). But then the fake AP isn't setup properly because it wont connect to the fake AP instead my computer is trying to connect the the real AP but gets instantly kicked out of it and this will just loop (Yes I am using two wifi adapters, AWUS036NHA and the TL-WN722N).
Reply
1
BlackCat 1 year ago
I cant install it, this error shows up: http://scr.hu/8l45/b7f65
Reply
1
papanireal 1 year ago
this is not a error, please enter "y" and go fwd
Reply
2
SneakyEast 1 year ago
I tried this on my own network but the fake page for entering the wpa code doesn't show up.
Does anyone know why this isn't show up?
Reply
1
Brenner Charlston 1 year ago - edited 1 year ago
I'm having a bit of a problem starting the fake AP. Hoping you guys can help!
I'm running the newest (to this date) version of Kali Linux in Virtualbox 5, using an Alfa AWUS036NHA for the deauth and a D-Link DWA-140 as the second wireless adapter.
According to everything that happens on the screen, it should be working just fine. I do get deauth'd on my devices, but the fake AP doesn't show up on the list of available networks (checked on Samsung Galaxy S3 running CyanogenMod 13). I even went as far as to get WiFi Analyzer for my phone, which is an app that searches for nearby WiFi signals. It could not find the fake AP either, which leads me to think the AP was never created in the first place. However, no errors show up on screen in Kali.
I've even tried manually setting the deauth adapter by using the -jI switch; python wifiphisher.py -jI wlan0.
What could be the cause?
It seems network manager was the problem. If anyone else experiences this problem, you might wanna try and kill the service.
You can do so by using the command "service network-manager stop" without the quotes, of course.
Reply
1
papanireal 1 year ago - edited 1 year ago
Hi, guys
i have some questions about wifiphisher and evil twin.
if you have some free time please explain,
i didn't understand when i run wifiphiser it runs and only deauth me from my AP but didn't create another one without passwd.
you said that we will need 2 wireless card but you didn't specify how we use the second one.
So i tried to go fwd on this article https://null-byte.wonderhowto.com/how-to/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data-0147919/
but here airbase-ng create de fake AP without passwd but i can't connect to this AP,
and how to config malicious web page.
mby i need to learn more about proxy ?
and what you mean to config proxy so he will redirect users to web page ?
thanks allot
-papanireal
Reply
1
occupytheweb 1 year ago
Please provide more info and screenshots.
Reply
3
Singularity 1 year ago - edited 1 year ago
Hello! Having the same issues as these guys. I have attempted to best explain my (possibly/hopefully theirs as well) situation.
I am running Kali on a Live USB stick and using the -jI selector to use my Alfa (AWUS036H) on monitor mode and using my built in adapter (PCI Adapter) for Internet access. I then select my network and the script goes into a loop (Im assuming that is causing the issue?) where it continually repeats this screen.
Image via wonderhowto.com
I am presuming this is continually booting off all users (as this is whats happening) thus, disallowing anyone to connect and even reach the fake webpage.
Hopefully I have given you enough to work off of. If not, I will be happy to add more. Thanks.
-Edit- Also, dont know if it matters, but BOTH my adapters are running at txpower: 20. (Due to having several issues with changing TX power) I dont beleive this is an issue as I have selected wlan2 (my Alfa adapter) to be in monitor mode manually using: python wifiphisher.py -jI wlan2
Reply
2
bye byte! 1 year ago
i hope someone coult answer this one, i am facing the same here ??
Reply
1
Singularity 1 year ago
Sorry didnt notice your comment till now. But if your still interested or havnt figured it out, checkout my guide! You can find it by going to my profile.
Reply
1
Sweet Corn 1 year ago
What do you type to download wifiphisher from github? You say you are attacking the winderhowto network #11 on your screen.
When you hit control C you say you enter #12.
Why? Wouldn't it be #11? I'm confused
Lastly thank you for the great article.
Reply
1
occupytheweb 1 year ago
Sweetcorn;
The command to download is right in the article.
git clone https://github/sophron/wifiphisher
You are confusing the channels with the number of the AP. Wonderhowto is on channel 11 but is #12 AP.
OTW
Reply
1
Sweet Corn 1 year ago
I see it now. I was reading off my phone and couldn't see the channels before. Thanks.
Reply
1
Pratik Sam 1 year ago
Can you use two external wifi adapters for this attack?
like two tp-link TL -wn722n?
It's because, my laptop's internal wireless card is a broadcom one, and it doesn't support monitor mode.
Reply
1
occupytheweb 1 year ago
Yes, you can use two external wireless adapters.
Reply
1
who am i 1 year ago
What is the solution
Reply
1
occupytheweb 1 year ago
Where is the wifiphisher file?
Reply
1
who am i 1 year ago
I did not find
Reply
1
occupytheweb 1 year ago
Did you download it? It's not on Kali unless you download it.
Reply
1
who am i 1 year ago
I have a lot of problems in the kali will re-inauguration thank you
Reply
1
August Fackyou 1 year ago
Can you help me please? i get this error whenever i try to run it... + Choose the num of the scenario you wish to use: 1
Selecting Browser Connection Reset template
Starting the fake access point...
Driver initialization failed! (hostapd error)
Try a different wireless interface using -aI option.
! Closing
Reply
1
occupytheweb 1 year ago
Do you have two wireless cards?
Reply
1
August Fackyou 1 year ago
I have an ALFA wireless and the built in one for mac. When I type ifconfig it shows wlan0 and wlan1.
Reply
1
occupytheweb 1 year ago
The error message implies that one of the wireless cards is not compatible. My guess is that it is the one built into the Mac.
Reply
1
August Fackyou 1 year ago
dang... Well I have some money might buy another... Thanks.
Reply
1
jinesh varun 1 year ago
Hey. I read few of ur hacking tips of wifi. But I am more intrested in wifiphiser , I have few douths on it. When we send that authentication to the user , can he suspect and see our mac address. Is it safe to use this method. Does this method work on all type of wifi protected routers. And why do we need 2 adapters . Can we do this method with one adapter. Pls if there is a video for this , then can u send the address. Thanku and waiting for ur reply.
Reply
1
jinesh varun 1 year ago
And ya does it work on Windows 8.1
Reply
1
occupytheweb 1 year ago
Jinesh:
You don't seem to have this article.
First, you need Linux. Second, it will work on any wifi protected router. Third, you have two wireless cards because one is used to deauth the AP and the second creates a fake AP.
Reply
1
jinesh varun 1 year ago
Does any type of less cost adapter work??
Reply
1
occupytheweb 1 year ago
Only those on the aircrack-ng compatibility list.
Reply
1
Tayseer Jaber 1 year ago
Hi
i'm getting this error on the last step !! any help ? please
Choose the num of the AP you wish to copy: 1
Traceback (most recent call last):
File "bin/wifiphisher", line 12, in <module>
run()
File "/root/wifiphisher-master/wifiphisher/pywifiphisher.py", line 1079, in run
template = selecttemplate(args.template)
File "/root/wifiphisher-master/wifiphisher/pywifiphisher.py", line 486, in selecttemplate
templatemanager = phishingpage.TemplateManager()
File "/root/wifiphisher-master/wifiphisher/phishingpage.py", line 132, in _init_
self.templates = {"connectionreset": connection, "office365": office,
NameError: global name 'office' is not defined
Reply
1
occupytheweb 1 year ago
Please give us a screen shot so we can help you.
Reply
1
Tayseer Jaber 1 year ago
i tired to start the virtual
machine now got another problem !
Reply
1
occupytheweb 1 year ago
Is your wireless adapter in monitor mode?
Reply
1
jinesh varun 1 year ago
And can u pls upload the entire video from tip to toe, the requirements, procedure, softwares to be installed before starting , and the end how it happened, it is request from all the beginer hackers, thanku
Reply
1
jinesh varun 1 year ago
I bought 2adapters (TP link tl wn722n )and one more is (wavlink wl wn687ni) will these two work, I have an hp Windows 8.1laptoplaptop .
Reply
1
occupytheweb 1 year ago
Are you running Kali Linux? Did you check for compatibility on the aircrack-ng website?
Reply
1
Mustang 9 1 year ago - edited 1 year ago
I installed and it runs with no Errors with one Alpha AWSU036H connected. It stays blinking and my iPhone doesn't get rerouted to my evil twin. What to do with the second USB Wifi adapter? Just plug in or configure?
Reply
1
Noman Aziz 11 months ago
Hi i followed all of your steps but after jamming devices nothing happens or no device appears
This is fake image but as u can see everything is blank.And im using 2 wlan cards
Reply
1
Michaelj 9 months ago
Hello i ran into this problem whilr trying to unpack, when i got the error thats when i tried yo update and i tried again but im still getting error
Reply
1
NoAh Kun 8 months ago
uhmm can i do this w/out internet in my laptop?
Reply
1
Alvian Putra 8 months ago
can i turn on only the fake ap without the jammer? poor man mode, i only have 1 usb wifi. because my internal card is not detected in kali.
Reply
1
Dimas Saputra 6 months ago
The big problem is HSTS detect on chrome an firefox
Reply
1
William Alderson 5 months ago
is this work for ubuntu?? i have a scapy error when use it
please reply
Reply
1
Rohaan Alam 4 months ago
does we need two wifi adapters for it to make it work If yes then I am sick of googling how to set my new TL-WN727N on linux :/
Reply
2
Pratik Das 3 months ago
You Are A Genius. That's Why I Love Visiting This Site More Often. Keep Up The Good Work.
Reply
1
Alex Haiduc last month
Hey guys. When i install the wifipshisher file i get this error :
No wireless interfaces found, bring one up and try again
I was told that if i.m using Virtual Box i can.t connect to my wifi driver, so that means i can.t use this method?
Reply
1
Darwin Sipe last month
IS it possible to use window operating systems
Reply
1
Allinson Angie 2 days ago
I never knew a post could be of such help to anyone until i saw a post about a professional hacker called JONNYCYBERGHOST, which is why i'm posting this with the hope that i might help someone through this also. Well i contacted him through his email (jonnycyberghost@gmail . com) in good faith that he was going to help me out by hacking into my husband's phone and email and he didn't even disappoint me for a second, rather he provided me with full access to both his email and phone, Facebook, Whatsapp, IG, Viber, text messages and monitor his phone calls allowing me to see everything for myself, how a cheat of an husband the man i loved was. I would forever be indebted to him and i really appreciate him for a job well done. text him (+1) 850 631 5597, I already made him my personal hacker and PI, i advise that you do the same. Tell him Allinson referred you.
Reply
Share Your Thoughts
You Login to Comment
Click to share your thoughts
Hot
Latest
How To: Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
How to Hack Wi-Fi: Capturing WPA Passwords by Targeting Users with a Fluxion Attack
How To: 4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
Mac for Hackers: How to Get Your Mac Ready for Hacking
How To: An Intro to Vim, the Unix Text Editor Every Hacker Should Be Familiar With
How To: Successfully Hack a Website in 2016!
Hack Like a Pro: How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
How To: Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
How To: Install Kali Live on a USB Drive (With Persistence, Optional)
How To: Hack Android Using Kali (Remotely)
How To: Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
Hack Like a Pro: How to Hack Facebook, Part 2 (Facebook Password Extractor)
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
How To: Hack WPA WiFi Passwords by Cracking the WPS PIN
How To: The Essential Skills to Becoming a Master Hacker
Hack Like a Pro: Getting Started with Kali, Your New Hacking System
Hack Like a Pro: How to Crack Passwords, Part 1 (Principles & Technologies)
Hack Like a Pro: How to Remotely Install a Keylogger onto Your Girlfriend's Computer
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords with Cowpatty
All Features
How To: 4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
How To: Successfully Hack a Website in 2016!
Hack Like a Pro: How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
How To: Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
How To: Install Kali Live on a USB Drive (With Persistence, Optional)
How To: Hack Android Using Kali (Remotely)
How to Hack Wi-Fi: Capturing WPA Passwords by Targeting Users with a Fluxion Attack
How To: Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
Hack Like a Pro: How to Hack Facebook, Part 2 (Facebook Password Extractor)
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
How To: Hack WPA WiFi Passwords by Cracking the WPS PIN
How To: The Essential Skills to Becoming a Master Hacker
How To: Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
Hack Like a Pro: Getting Started with Kali, Your New Hacking System
Hack Like a Pro: How to Crack Passwords, Part 1 (Principles & Technologies)
Hack Like a Pro: How to Remotely Install a Keylogger onto Your Girlfriend's Computer
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords with Cowpatty
How to Hack Like a Pro: Getting Started with Metasploit
Hack Like a Pro: How to Spy on Anyone, Part 1 (Hacking Computers)
All Hot Posts
© 2017 WonderHowTo, Inc
Collections
Hack Like a Pro
Mac for Hackers
Sections
Null Byte How-Tos
Raspberry Pi
Wi-Fi Hacking
Python Training
Facebook Hacks
Security-Oriented C
Snort
Forensics
Hack Like a Pro
Metasploit Basics
Recon
Windows 7 Hacking
Dionaea
Electricity Basics
Linux Basics
Hacking Web Apps
Evading AV Software
Networking Basics
Android
Advice from a Hacker
Mr. Robot Hacks
DB Hacking
Bluetooth Hacking
C/C++ for Hackers
Exploit Building
MitM
Password Cracking
Spy Tactics
Attack on Stack
Scripting
Kali Forensics
Shodan
Social Engineering
Listeners
Tor
Everything Else
News
Null Byte News
Anonymity & Darknets
Everything Else
Forum
Null Byte Forum
Featured Sites
WonderHowTo Home
Gadget Hacks
Food Hacks Daily
Next Reality
Invisiverse
Driverless
Null Byte
The Secret Yumiverse
MacGyverisms
Lock Picking
Mad Science
Mind Hacks
Categories
Alcohol
Arts & Crafts
Autos, Motorcycles & Planes
Beauty & Style
Business & Money
Computers & Programming
Dance
Dating & Relationships
Diet & Health
Disaster Preparation
Education
Electronics
Family
Film & Theater
Fine Art
Fitness
Food
Gambling
Games
Hobbies & Toys
Home & Garden
Hosting & Entertaining
Language
Magic & Parlor Tricks
Motivation & Self Help
Music & Instruments
Outdoor Recreation
Pets & Animals
Pranks & Cons
Software
Spirituality
Sports
Travel
Video Games
Weapons
Gadget Hacks Sites
Gadget Hacks Home
Android
Samsung Galaxy S5
HTC One
Nexus
Samsung Galaxy S3
Samsung GS4
Nexus 7
Samsung Galaxy S6
Samsung Galaxy Note 3
Samsung Galaxy Note 2
Amazon Fire
OnePlus
LG G3
Galaxy Note 4
Samsung Galaxy S7
iOS & iPhone
Smartphones
Digiwonk
Hacks, Mods & Circuitry
Internet
Mac Tips
Windows Tips
Cord Cutters
Tablets
Tech Pr0n
Next Reality Sites
Next Reality Home
Augmented Reality News
Mobile AR News
Google Glass
Mixed Reality News
HoloLens
Meta 2
Magic Leap
Virtual Reality News
Mobile VR News
HTC Vive
Oculus Rift
Invisiverse Sites
Invisiverse Home
Driverless Sites
Driverless Home
Login or signup
Settings
Loading..
No comments:
Post a Comment