Post by m3m0r3x on Oct 19, 2016 19:56:45 GMT
Hi xtr4nge,
first of all, how are you. It's a long time ago since my last post.
It's pretty a while ago since I was last logged in in your forum. Since then you have build some pretty cool modules. But now I want to make a suggestion for a new modul. What if FruityWifi could have the ability to phish for WPA/WPA2 passwords?
I am not sure if you have allready heard from a tool called fluxeon. It is a tool, that captures an WPA/WPA2 handshake of an legit accespoint an uses this handshake later to verify the enterd password on the provided fake accesspoint from fruitywifi.
The dependencies for fluxion are as follow:
And here is the process in detail from the projects git:
What is your opinion and what thinks the community about it?
I'm lokking forward to read the responses.
By the way fluxion is not coded by me nor do I know the developer. In my oppinion it is just a nice tool that has the the poential to add a long requested feature about "hacking" (I know, the right term for tis attack is phihing) WPA/WPA2 passwords.
greetings
mem
first of all, how are you. It's a long time ago since my last post.
It's pretty a while ago since I was last logged in in your forum. Since then you have build some pretty cool modules. But now I want to make a suggestion for a new modul. What if FruityWifi could have the ability to phish for WPA/WPA2 passwords?
I am not sure if you have allready heard from a tool called fluxeon. It is a tool, that captures an WPA/WPA2 handshake of an legit accespoint an uses this handshake later to verify the enterd password on the provided fake accesspoint from fruitywifi.
The dependencies for fluxion are as follow:
- hostapd
- lighttpd
- aircrack
And here is the process in detail from the projects git:
- Scan the networks.
- Capture a handshake (can't be used without a valid handshake, it's necessary to verify the password)
- Use WEB Interface *
- Launch a FakeAP instance to imitate the original access point
- Spawns a MDK3 process, which deauthenticates all users connected to the target network, so they can be lured to connect to the FakeAP and enter the WPA password.
- A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
- A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
- Each submitted password is verified by the handshake captured earlier
- The attack will automatically terminate, as soon as a correct password is submitted
What is your opinion and what thinks the community about it?
I'm lokking forward to read the responses.
By the way fluxion is not coded by me nor do I know the developer. In my oppinion it is just a nice tool that has the the poential to add a long requested feature about "hacking" (I know, the right term for tis attack is phihing) WPA/WPA2 passwords.
greetings
mem