A Greek security researcher has developed WiFiPhisher, a Wi-Fi social engineering tool that is designed to steal credentials from users of WPA networks.

The Greek security expert George Chatzisofroniou has developed WiFiPhisher, a WiFi social engineering tool that allows an attacker to steal credentials from users of secure WiFi networks.

WiFiPhisher is available for download on the software development website GitHub.

“Wifiphisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining WPA credentials.” states George Chatzisofroniou.

Wifiphisher run on Kali Linux and is licensed under the MIT license.

Wifiphisher is a tool that implements many of the known Wi-Fi hacking techniques by automating the attack scenario.  WiFiPhisher relies on the “Evil Twin” attack, the attacker set up a bogus Wi-Fi access point, purporting to provide wireless Internet services, but eavesdropping the user’s traffic.

The bogus Access Point is used to serve to the users in the network faked login pages to steal their Wi-Fi credentials and other sensitive data. The attack scenario could be exploited to run man-in-the-middle attacks or to serve malware to the computers in the targeted network.

Wifiphisher tool first creates a phony wireless Access Point (AP) masquerade itself as the legitimate then to decouple users from the legitimate Wi-Fi Access Point run a denial of service (DoS) attack against the legitimate Wi-Fi access point, or exploit RF interference to force disconnection of the users from it, and prompts users to inspect available networks.