“Free Wifi” it has got a nice ring to it, isn’t it? I mean most of the cafes these days are a major attraction not just cause of the coffee they serve but of the free Wifi they give out to their customers. Most of the people feel so proud to have free net accesss and one of my friend was actually bragging saying “I must have used their internet more than what I paid for the coffee”.
Freebies have been attracting humans in general for generations now, but what if you could find a way to weaponise that? This attack demonstrate exactly that how a free wifi could be used to carry out several different attacks on the people trying to get these free stuff. In this article I will demonstrate one of the capability of the tool i.e. to harvest facebook login creds.
Data is more valuable than oil in the present day and so let’s show how you can have access to other’s data. So the tool that I am going to use for the demonstration of this attack is wifiphiser and you need to run this attack on your Kali Machine. The hardware that you require is a wireless USB adapter something from Alfa networks is preferable or from TP-Link. Manually clone the repository of rougehostapd as I had errors in the beginning with this.
So, now that we have all this ready let us begin with the practical hack and get some facebook creds. You can go ahead and install wifiphisher
git clone https://github.com/wifiphisher/wifiphisher.git #Download cd wifiphisher # Go to the directory sudo python setup.py install # Install dependencies
Once these steps are done and completed you can just type the following command in the terminal to start hacking
Once, you enter the command in the terminal it might fail in the first time just type it again and then it should proceed properly. You should be presented with something like this.
You will be presented with the following output for a momentarily basis. The screen will swiftly switch and then you will be prompted with the WiFi signals that are present in the vicinity. From the WiFi signals that are present around you, then you can choose on which particular WiFi network you want to carry out your hack on.
Once you know which particular WiFi hotspot you want to target then you can go ahead and select that by pressing the ENTER key. As soon as you do that you will be redirected to the page where the attack will begin which will look something like this
These have three different result outputs. The first being Extensions feed, these maintain a list of clients that have attached to that network and then it send de-auth packets to them. This particular step is carried out so that the client systems will disconnect from the network and these devices will try to initiate a new connection to the WiFi router. The second is the Connected Victims that give you an idea of how many people are actually connected to your WiFi hotspot and the third being HTTP requests that shows what are the request sent by your rouge access point to the victims web browser.
When the de-authentication takes places and the machines try to reconnect, they will mostly connect with the open WiFi that is present with the same name. That is the main idea of this attack and as soon as people connect to this WiFi point they will be prompted with something like this.
Here the user who is trying to get connected is prompted to enter their login credentials of Facebook to gain access to the WiFi service. All they have to do is enter their login credentials and that will be intercepted by us and stored with the attacker. Now once they have entered their details they are prompted with the following output.
The client sees this as an output but in reality the attacker has their login credentials saved with them in plain text. The attacker’s console will look something like this.
Voila! You have the victim’s facebook credentials and now you can just go ahead and login to their accounts and do whatever you want.
The biggest take away from this hack is to never connect with open free WiFi hotspots. Visit only HTTPS websites and above all never use your credentials to login on HTTP websites. You may never know who else might be sniffing the network and they will pick up your login credentials all just by viewing the network traffic. If feasible then use your VPN services to encrypt your traffic, they provide you with security no matter where you are. So the next time you encounter websites that are not https, just run away or be really careful to not leak anything personal information.