Post reply

Name:
Email:
Subject:
Message icon:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: devnullius
« on: 11. January 2015., 22:03:46 »

Nice information, will remember this one :)

Devvie
Posted by: Samker
« on: 05. January 2015., 17:52:38 »



Crypto geek George Chatzisofroniou has published a WiFi social engineering tool used to steal credentials and credit cards from users of secure wireless networks.

The administrator at the University of Greece developed the WiFiPhisher tool which sought out and then replicated WPA-protected networks, sans password: https://github.com/sophron/wifiphisher

The tool, yours for the taking on GitHub, spits deauthorisation packets at a legitimate access point jamming it and prompting users to inspect available networks.

Users will see the malicious network masquerading as their trusted access point.

"WiFiPhisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase [and] does not include any brute forcing," Chatzisofroniou @_sophron said: https://twitter.com/_sophron

"WifiPhisher sniffs the area and copies the target access point's settings [and] creates a rogue wireless access point that is modeled on the target.

"As soon as the victim requests a page from the internet, WifiPhisher will respond with a realistic fake page that asks for WPA password confirmation due to a router firmware upgrade."

Users would need to ignore warnings generated by various devices in response to joining the now-unprotected mimicked network.

Similarly, users would need to accept the WiFi password request on face-value. Bad guys and security testers could do their best to generate further phishing and man-in-the-middle attacks against connected users.

Phones and laptops would keep connecting to the dodgy network operated on Kali Linux with a wireless interface capable of injection.

The University of Greece administrator asked the community to contribute to the development of the tool.

Alternative attacks exist that target users connecting to legitimate open wireless networks: http://www.reddit.com/r/netsec/comments/2raztz/wifiphisher_fast_automated_phishing_attacks/cne7skk

Tools such as KARMA set: http://www.theta44.org/karma/ can be used in conjunction with cheap network jammers to create replica networks that victims would automatically connect to without receiving warnings: http://people.cs.kuleuven.be/~mathy.vanhoef/papers/acsac2014.pdf

(ElReg)
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising