Requirements:
Kali Linux Operating System.
A Compatible Wireless Adapter with AP mode.
In this tutorial, you’ll learn how to steal WiFi passwords using social engineering. Social engineering attacks are powerful because they often completely bypass security. If you can trick a user to enter a password into a fake page, it doesn’t matter how strong the password is.
So, the idea here is to create an evil twin access point (fake network), and then de-authenticate the users from the real AP or router.
When users re-authenticate to your fake AP with the same name, they will see a webpage demanding the Wi-Fi password to enable a firmware update. If they enter the password, you capture it. To demonstrate this attack, I will use a tool called Wifiphisher.
To install the tool, open a terminal and type:
apt install wifiphisher
This should install Wifiphisher, which you can start by typing “wifiphisher” in a terminal from now on.
You should see a page showing nearby wireless networks. Select the network which you want to attack, and press Enter. I will select “SkyNet”.
Options: [Esc] Quit [Up Arrow] Move Up [Down Arrow] Move DownAvailable Phishing Scenarios:
1 - Network Manager Connect
Imitates the behavior of the network manager. This template shows Chrome's "Connection "Failed" page and displays a network manager window through the page asking for the pre-shared key. Currently, the network managers of Windows and MAC OS are supported.
2 - Firmware Upgrade Page
A router configuration page without logos or brands asking for WPA/WPA2 password due to a firmware upgrade. Mobile-friendly.
3 - OAuth Login Page
A free Wi-Fi Service asking for Facebook credentials to authenticate using OAuth
4 - Browser Plugin Update
Next, the script will ask what phishing attack you want to run. In my case, I will select option 2 “Firmware Upgrade Page”.