Introduction

Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. Using Wifiphisher, penetration testers can easily achieve a man-in-the-middle position against wireless clients by performing targeted Wi-Fi association attacks. Wifiphisher can be further used to mount victim-customized web phishing attacks against the connected clients in order to capture credentials (e.g. from third party login pages or WPA/WPA2 Pre-Shared Keys) or infect the victim stations with malwares.

This site aims to provide with resources regarding the tool usage and the ongoing research. The most important changes (features, bugfixes etc) in each Wifiphisher version are described on the Changelog. Using Wifiphisher is covered on the Documentation Guide.

You can also follow us on Twitter or like us on Facebook or star us on Github.

Happy phishing! :)

News

Wifiphisher v1.4 is out!

Date: 2018-01-12

It has been more than nine months since the Wifiphisher 1.3 release and I'm very pleased to announce a new release for you to enjoy! This is the biggest release that we had so far and it includes many improvements, performance enhancements and bug fixes.

The most important changes in Wifiphisher v1.4 are:

You can check out all the changes on the Changelog page or go straight to the Download page to try the new release.

This release wouldn't be possible without the amazing contributions of the Wifiphisher community. Thanks to everyone who helped and especially to Wifiphisher core developers Brian Smith and Anakin Tung.

Wifiphisher v1.3 (with Lure10 support) is out!

Date: 2017-04-15

Wifiphisher v1.3 is out with many new features. Check them out on the Changelog page or go straight to the Download page to try the new release.

This new release includes the Lure10 attack, a novel way for associating automatically with any device that is within range running the latest Windows. A couple of days ago I gave a presentation at Hack In The Box security conference in Amsterdam disclosing the technical details of this attack. You can find the presentation material on the Research page.

We now have a dedicated repo for phishing scenarios here. If you have ever created a phishing scenario using Wifiphisher's template engine, you are welcome to share it with the rest of the community by sumitting a Pull Request there.

Enjoy the new release everyone!


33C3 Lightning talk: Efficient Wi-Fi Phishing

Date: 2017-01-01

Happy new year everyone.

Last week I was happy to give a lightning talk at 33C3. You can find all the material from the talk on the Research page.


Wifiphisher v1.2 is out!

Date: 2016-12-05

Wifiphisher v1.2 is finally out. The two biggest improvements include:
  1. Three new phishing scenarios:
    • WiFi Connect - A novel way for obtaining a PSK of a password-protected Wi-Fi network even from the most advanced users by showing a web-based imitation of the OS network manager.
    • OAuth Login - A scenario for capturing credentials from social networks, like Facebook.
    • Plugin Update - A scenario for getting the victims to download malicious executables (e.g. malwares containing a reverse shell payload)
  2. A new template engine. Users may now easily create their own phishing scenario or customize the existing ones according to their needs. Our documentation guide covers this new feature in much detail.

You may see the full list of changes on the Changelog or go straight to the Download page.

I would like to thank all the community contributing to this release by writing code or reporting bugs. Special thanks to:

Enjoy the release and if you find any bugs you are encouraged to report them on our Github page.