Skip to content
/ phishing-demo Public

Demonstration of wifi sniffing, dns poisoning, mitm and phishing attack

11 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

defeo/phishing-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
phishs
phishs
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 
create_ap.conf
create_ap.conf
 
 
lighttpd.conf
lighttpd.conf
 
 
lighttpd.pem
lighttpd.pem
 
 

Repository files navigation

A phishing demo

This material illustrates sniffing and phishing attacks on wireless internet.

Dependencies

You will need the following software

What's included

This package contains demonstration material for two attacks on unsecured wifi networks:

  • The "Starbucks attack": sniffing passwords sent over HTTP on a public wifi network.

  • The "DNS hijacking attack": setting up an AP that redirects all traffic to a local server with self-signed certificates.

Detailed contents

  • HTML slides, in the localhost folder, to present the attacks (in French).

  • Configuration for the create_ap script that creates an AP named FreeWifi.

  • Phishs of the landing pages of the following domains, served by lighttpd:

  • Configuration for a lighttpd server with a self-signed certificate. TODO: see if it is possible to redirect all traffic, except the phishs, to the wifi.free.fr domain (useful for automated captive portal support in browsers).

Most contents are for the second attack. See the commands in the next section to run the first attack.

Commands to run the show

Starbucks attack

Switch off network management apps

sudo systemctl stop wicd.service
sudo systemctl stop NetworkManager.service

Put the wireless interface in monitor mode

sudo airmon-ng start <interface> <channel>

Now you can passively sniff cleartext network traffic on the selected channel, e.g., using Wireshark. Just let the victim browse a service that sends passwords over http, and sniff the contents.

This attack obviously fails for websites that redirect to https, such as Facebook.

DNS hijacking attack

The goal of this attack is to circumvent the redirection to https by serving a phish of the target site. Strict Transport Security blocks the attack on modern browsers by redirecting to https anyway: since we can only serve a self-signed certificate, the browser error message should be sufficient to block the attack. There are at least three ways in which this attack can succeed, nevertheless:

  • Browser is old (e.g., IE 10);
  • Browser has never visited the website before;
  • Website does not activate STS: this is a moving target (the redirect to https must not be in the browser's cache, however).

To run the show, stop monitoring on the wireless interface

sudo airmon-ng stop <interface>mon

Create an access point on the wireless interface

sudo create_ap --redirect-to-localhost --config create_ap.conf

To start the phishing HTTP(S) server, be sure to allow lighttpd to listen on priviledged ports

sudo setcap 'cap_net_bind_service=+ep' /usr/bin/lighttpd

then run lighttpd with

lighttpd -f lighttpd.conf -D

Every HTTP(s) request is now redirected to your local phishing server.

About

Demonstration of wifi sniffing, dns poisoning, mitm and phishing attack

Topics

security wifi

Resources

Readme
Activity

Stars

11 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages