Previous Article Next Article wifiphisher 是一個無線網路釣魚工具,但是
Posted in Secutiry

wifiphisher 是一個無線網路釣魚工具,但是

wifiphisher 是一個無線網路釣魚工具,但是 Posted on 2015 年 02 月 08 日Leave a comment

wifiphisher 可以硬來的假裝它是主要的無線 AP,跟所有連上原始 AP 的使用者說,我才是正牌的,來連我這吧,你就自動上釣了

Wifiphisher is a security tool that mounts fast automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.

但有人說這種不用建立密碼的 AP 的方式不太可能,因為連線會被警告是新的連線了
參考 WiFiPhisher — Automated Phishing Attacks Against Wi-Fi Networks

"The tool is actually creating a second, unencrypted network. On Windows it will give you a warning that the configuration of the network has changed. On Android you'd have to manually reconnect to the unencrypted network. So their method doesn't automatically perform a man-in-the-middle attack," said one of the critics on Reddit.

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *