Wireless Fishing
Preface: Please prepare an external network adapter rt3070 of
Pumpkin is a wireless security detection tool WiFi-Pumpkin is used, this tool can be forged using an access point to complete the-middle attack, but also support other wireless permeation function. Is designed to provide a more secure wireless network service, the tool can be used to intercept target traffic data, to capture the user's knowledge by wireless fishing, in order to achieve the purpose of monitoring the target user data traffic.
Before installation make sure that the source is available, before I installed the update to install and Ali cloud kali source
deb http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
deb-src http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
Good editing /etc/apt/sources.list after the file a new Kali paste the source, while the official source with the # comment out.
Re: APT-GET dist-upgrade
Installation Tools
Installation
- Python 2.7
git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
cd WiFi-Pumpkin
./installer.sh --install
Problems may occur if the installation does not have permission to have the current directory under the .sh file a 777 permission code is as follows:
chmod 777 ./*.sh
(I use the git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
) Or {download .deb files are installed https://github.com/P0cL4bs/WiFi-Pumpkin/releases
sudo dpkg -i wifi-pumpkin-0.8.8-all.deb
sudo apt-get -f install # force install dependencies if not install normally}
FIG error occurred during the installation prompts as there is not installed libpcap-dev
sudo apt-get install libssl-dev
Prompt us to use apt --fix-broken install we press him to install
After installation is complete, we again ./installer.sh --install then install the default yes you can
sudo apt-get -f install
And error, suggesting hostap not install git clone git: //w1.fi/srv/git/hostap.git
After installation is complete perform ./installer.sh --install again
After the installation is complete run python wifi-pumpkin.py
Next download Fishing interface
gitclone https://github.com/XeusHack/Fake-Login-Page.git
Set MySQL
After saving a good fake login page, you need to configure a mysql database. Next, you can configure MySQL follow these steps.
Open a terminal window, enter the following:
service mysql start
At this point you will enter the MySQL command line interface, we need to create a database to store data phishing site. The following command creates a database called xeus of:
create database guashenThen we just switch to create complete database:
use xeusNow, we want to create a table (table), and use it to store the target user's data:
create table logins(network varchar(64), email varchar(64), password varchar (64));OK, the database is already configured it! Next, we need to mount the database and Fishing pages.
Switch to the / www directory host (that is, where you store phishing sites), open the file named database.php, you need to fill in the data in brackets according to their own situation.
$username="[USERNAME]";
$password="[PASSWORD";
$db_name="[DATABASE_NAME]";
$tbl_name="[TABLENAME]";
My settings file as follows:
$username="root";
$password="root";
$db_name="guashen";
$tbl_name="logins";
重启mysql
service mysql restart,
then enter the theme
Now, we need some basic configuration.
1. Switch to "Settings" tab;
2. The "Gateway" set to the router IP address (192.168.1.1 under normal circumstances);
3. "SSID" is set to be the name of the target wifi
4. If you want your rogue hotspots higher safety factor, WiFi password is required (so your target users will need to enter the WiFi password), you can turn on "Enable WiFi Security", then enter the password you want to set, this will further increase the credibility of the hot spots.
5. Do not forget to configure your external wireless card, in general, are wlan0 or wlan1.
6. In the "Plugins" tab, uncheck "Enable Proxy Server" is.
7. Open the "Modules" (menu bar), select "Phishing Manager". IP addresses can be arbitrarily set, such as 10.0.0.1 (port 80), WiFi-Pumpkin can help you connect to your phishing page via a variety of ways. Now that we have set up fake login page, then open the "Set Directory" in the "Options" setting, the "SetEnv PATH" is set to store the address of the website files (/ var / www / html / ...). After the setup is complete, click "Start Server".
8. In the "Modules" - turn "Redirect traffic from all domains"> "DNS Spoofer" option, then click "StartAttack".
Now, when a user connects to our target rogue hotspot, they will be redirected to our fishing page, any database user data entered on this page will be stored in the clear all before we set in.
As a white, which is to write the first blog, language is not very clear, I hope you understand