wifiphisher 可以硬來的假裝它是主要的無線 AP,跟所有連上原始 AP 的使用者說,我才是正牌的,來連我這吧,你就自動上釣了
Wifiphisher is a security tool that mounts fast automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.
但有人說這種不用建立密碼的 AP 的方式不太可能,因為連線會被警告是新的連線了
參考 WiFiPhisher — Automated Phishing Attacks Against Wi-Fi Networks
"The tool is actually creating a second, unencrypted network. On Windows it will give you a warning that the configuration of the network has changed. On Android you'd have to manually reconnect to the unencrypted network. So their method doesn't automatically perform a man-in-the-middle attack," said one of the critics on Reddit.
留言