Introduction

Wifiphisher is an effective rogue Access Point tool downloaded by hundreds of Wi-Fi hackers everyday. It is free and open source software currently available for Linux.

This site aims to provide with resources regarding the tool usage and the ongoing research. The most important changes (features, bugfixes etc) in each Wifiphisher version are described on the Changelog. Using Wifiphisher is covered on the Documentation Guide.

You can also follow us on Twitter or like us on Facebook.

Happy phishing! :)

News

Wifiphisher v1.3 (with Lure10 support) is out!

Date: 2017-04-15

Wifiphisher v1.3 is out with many new features. Check them out on the Changelog page or go straight to the Download page to try the new release.

This new release includes the Lure10 attack, a novel way for associating automatically with any device that is within range running the latest Windows. A couple of days ago I gave a presentation at Hack In The Box security conference in Amsterdam disclosing the technical details of this attack. You can find the presentation material on the Research page.

We now have a dedicated repo for phishing scenarios here. If you have ever created a phishing scenario using Wifiphisher's template engine, you are welcome to share it with the rest of the community by sumitting a Pull Request there.

Enjoy the new release everyone!


33C3 Lightning talk: Efficient Wi-Fi Phishing

Date: 2017-01-01

Happy new year everyone.

Last week I was happy to give a lightning talk at 33C3. You can find all the material from the talk on the Research page.


Wifiphisher v1.2 is out!

Date: 2016-12-05

Wifiphisher v1.2 is finally out. The two biggest improvements include:
  1. Three new phishing scenarios:
    • WiFi Connect - A novel way for obtaining a PSK of a password-protected Wi-Fi network even from the most advanced users by showing a web-based imitation of the OS network manager.
    • OAuth Login - A scenario for capturing credentials from social networks, like Facebook.
    • Plugin Update - A scenario for getting the victims to download malicious executables (e.g. malwares containing a reverse shell payload)
  2. A new template engine. Users may now easily create their own phishing scenario or customize the existing ones according to their needs. Our documentation guide covers this new feature in much detail.

You may see the full list of changes on the Changelog or go straight to the Download page.

I would like to thank all the community contributing to this release by writing code or reporting bugs. Special thanks to:

Enjoy the release and if you find any bugs you are encouraged to report them on our Github page.