WiFi Phishing Tutorial - Kali Linux

wifi phishing

WiFi Phishing , art of social Engineering. Many people are aware of " Phishing Attack " which in terms come in Social Engineering attack but amazingly only few of them are aware of " WiFi Phishing" attack which is amazing magical attack which attackers can do to steal the WiFi Password.

There are many automated scripts available for performing WiFi Phishing attack and we have tried almost every tool and we found that there is one tool which is the best of all and its name is " linset " which is written by some french programmer accordingly and the complete script was in French i guess but we have tried our best to translate this tool into English so you can enjoy this tool. In this tool there are many options to perform attack in different ways but we have translated only the first way which we found is the best to attack and steal the password.

Note :- Do not try this on any WiFi without the permission of owner , or you can face legal notice and it terms a criminal activity.

What it will do ?

The Question which arise in your mind is what actually this will do ?

First of all it will scan all the WiFi Networks in your range and keep in mind to select only the network which you think is near your machine. After scanning when you will select the network to perform the attack it will create a Fake WiFi Network or Access Point / WiFi Hotspot with the same configuration of your target i.e same channel number , BSSID , name etc and after generating the fake wifi hotspot it will disconnect all the clients or people who are using this internet and when the clients will get disconnected from their real Internet hotspot it will send high range signals to their machines and in a mean while if the clients are near your fake AP / machine they will get connected to your WiFi Hotspot and once they are connected to your fake WiFi Hotspot now they will think that they are using their internet but no they are trapped badly now when ever they will open any website in web browser such as google.com , facebook.com or securityfuse.com they will be redirected to a login page.

Now when the login page will ask them the WiFi Password and without it they cant use the internet they will always be redirected to that login page simply the dns is hijacked too on LAN and they are getting redirected.

wifi phishing

Now when you will enter the password our machine will check the password by checking it with the captured handshake file. Yes it means you will also need a handshake of the wifi before starting attack. if the password is incorrect it will again ask the user to enter the correct password after matching it with the encryption of handshake. Now when the user will enter the correct password it will congratulate the user and will display him a text that he will be able to use his internet soon. now the password will be displayed on your screen and will also be saved in your /root/ directory.

Download

To Download this tool " linset " in English translated version by Security Fuse click here

or visit : http://ptc.securityfuse.com/linset

Note : if the link is not working please contact or do a comment

Lets Start

You can run this tool on linux os but i will recommend you to use Kali Linux because this tool need few applications which comes pre-loaded with Kali Linux like mdk3 and many more.

Before starting , please be sure that you have installed those applications in Kali Linux before proceeding or this may not work properly or even may not allow you to use it without the installation of those applications which are listed below.

aircrack-ng
aireplay-ng
airmon-ng
airodump-ng
awk
curl
dhcpd
hostpad
iwconfig
lighttpd
macchanger
mdk3
nmap
php5-cgi
pyrit
python
unzip
xterm

To install any of them you can simply try the bellow command

apt-get install unzip

to install unzip application , or if you are still facing any trouble please google to install the application and once you will start this linset program you will get a red list of those applications which are not installed in Kali Linux or Linux OS.

Moreover keep in mind that you also need a handshake of the WiFi which you are going to attack because when user will enter the password this script will generate the encrypted handshake of that password and will try to match the handshake with the handshake which you captured earlier if both matched you will get the password so please capture the handshake before starting this program. For this try googling on " How to capture a valid handshake " it will be in .cap file.

After Downloading this tool , open the terminal and move to the directory where you have downloaded this tool such as in my case i have downloaded it in Desktop so i will type the below command.

kali Linux terminal

cd Desktop

Note: Type Desktop with capital D or it will give you error if typed with small d.

Now type the below command

linset

Now the program will be started and it will list the applications in green mean they are installed or if in red it means those are not found in system you need to install them first to proceed.

linset

Now select your monitor mode or interface of wlan which you can start by commanding " airmon-ng start wlan0 "

Type the number of the WiFi Wlan which you want to use , in my case its 1

linset english

Now select Option 1 to scan the WiFi Networks in your range and please note that do not type any other option such as 2 , or any other except as guided. so type 1 to scan the WiFi networks and After press Enter.

linset english

After it will display all the WiFi networks in your range now after one minute of scanning press " CTRL + C " to stop scanning.

wifi hacking

Now Enter the number of the WiFi which you want to attack and keep in mind you must have a handshake of that WiFi.

wifi phishing

Now Enter the option 1 " WiFi Phishing with Handshake "

wifi phishing

Now it will ask you for the handshake of that WiFi , now enter the root path of the .cap file or handshake file where it is located such as in my case it was located in

/root/hs/handshake.cap

wifi phishing

Now chose the option 1 Again type " 1 " and press enter to proceed.

wifi phishing

Now select the language that in which language do you want to display the phishing page , in my case i would chose option 1 and its english.

So Type 1 and press enter

wifi phishing

Now it will start it,s work and its magic of WiFi Phishing.

linset english

Now it will create a fake WiFi access point with same name , channel , bssid and with more power. Bring your machine near to the clients who are using their internet once you did this , your machine will disconnect the users from the original access point and when their machine will try to re-connect it will be connected to our fake access point easily and when user will open any website on his machine due to DNS spoofing or DNS hijacking on our fake network he will be redirected to a fake page where he will be asked for login details.

wifi phishing

As a result it will display the password as shown in the below image.

handshake decryption

This is how attackers can easily hijack into your machine and can steal your password. We hope you liked the tutorial , please share and contact us if you are facing any problem regarding the tutorial also send us your suggestions.

Visitors are strictly tend to follow the terms and conditions and The content provided on this page is the authority of Security Fuse and the content provided is only for educational purpose. Security Fuse is not responsible for any of the act caused by viewers after reading the content from *.securityfuse.com. our aim is to provide a quality information on Cyber Security and exploitation and the knowledge is only for peace and educational purpose.

About ahmed mehtab

Ahmed Mehtab is a white hat cyber security researcher , speaker , trainer and blogger at security fuse. He loves to research on cyber security issues , cyber crime and hacktivism. Quote " Being a hacker without having knowledge of programming is just like a knife without sharpness ~ Ahmed Mehtab "

Follow @ahmedmehtabpk