Skip to main content
Warning: You are using the test version of PyPI. This is a pre-production deployment of Warehouse. Changes made here affect the production instance of TestPyPI (testpypi.python.org).
Help us improve Python packaging - Donate today!

Automated phishing attacks against Wi-Fi networks

Project Description
|Build Status| |Python Version| |License| |Chat IRC|

.. raw:: html

<p align="center">

.. raw:: html

</p>

About
-----

Wifiphisher is a security tool that mounts automated victim-customized
phishing attacks against WiFi clients in order to obtain credentials or
infect the victims with malwares. It is primarily a social engineering
attack that unlike other methods it does not include any brute forcing.
It is an easy way for obtaining credentials from captive portals and
third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared
keys.

Wifiphisher works on Kali Linux and is licensed under the GPL license.

How it works
------------

After achieving a man-in-the-middle position using the Evil Twin attack,
Wifiphisher redirects all HTTP requests to an attacker-controlled
phishing page.

>From the victim’s perspective, the attack makes use in three phases:

1. **Victim is being deauthenticated from her access point**.
Wifiphisher continuously jams all of the target access point’s wifi
devices within range by forging “Deauthenticate” or “Disassociate”
packets to disrupt existing associations.
2. **Victim joins a rogue access point**. Wifiphisher sniffs the area
and copies the target access point’s settings. It then creates a
rogue wireless access point that is modeled by the target. It also
sets up a NAT/DHCP server and forwards the right ports. Consequently,
because of the jamming, clients will eventually start connecting to
the rogue access point. After this phase, the victim is MiTMed.
3. **Victim is being served a realistic specially-customized phishing
page**. Wifiphisher employs a minimal web server that responds to
HTTP & HTTPS requests. As soon as the victim requests a page from the
Internet, wifiphisher will respond with a realistic fake page that
asks for credentials or serves malwares. This page will be
specifically crafted for the victim. For example, a router
config-looking page will contain logos of the victim’s vendor. The
tool supports community-built templates for different phishing
scenarios.

.. raw:: html

<p align="center">

Performing MiTM attack

.. raw:: html

</p>

Requirements
------------

Following are the requirements for getting the most out of Wifiphisher:

- Kali Linux. Although people have made Wifiphisher work on other
distros, Kali Linux is the officially supported distribution, thus
all new features are primarily tested on this platform.
- One wireless network adapter that supports AP mode. Drivers should
support netlink.
- One wireless network adapter that supports Monitor

.. |Build Status| image:: https://travis-ci.org/wifiphisher/wifiphisher.svg?branch=master
:target: https://travis-ci.org/wifiphisher/wifiphisher
.. |Python Version| image:: https://img.shields.io/badge/python-2.7-blue.svg
.. |License| image:: https://img.shields.io/badge/license-GPL-blue.svg
.. |Chat IRC| image:: https://img.shields.io/badge/chat-IRC-ff69b4.svg
:target: https://webchat.freenode.net/?channels=%23wifiphisher
Release History

Release History

This version
History Node

1.3.1

History Node

1.3

History Node

1.2.1

History Node

1.2

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
wifiphisher-1.3.1-py2-none-any.whl (1.0 MB) Copy SHA256 Checksum SHA256 py2 Wheel Mar 22, 2017

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting