Browse Tag: access point

How to Phish Usernames and Passwords from a Rogue Access Point using the Raspberry Pi

About: Setting up a Rogue Access Point on the Raspberry Pi is very easy. Our Access Point will act as a fake network providing free WiFi for our victim. It will have a captive portal which means any website that a user visits will be redirected to our login page where they will need to enter in their credentials to login. You can set the login page up to look like a Facebook or Google login page and name your network “Free Facebook WiFi”. The network I am setting up will not have any internet so everything will be contained on the Raspberry Pi. You can eventually bridge your connection with a 4G network or Ethernet to provide full internet access for users.

The tutorial today will demonstrate how unsafe public WiFi’s are and to never send any personal information over a public WiFi network. We can also setup our Access Point SSID to “attwifi” or “Starbucks”. If you set your access point’s SSID to a popular WiFi SSID then your victims phone will automatically connect to your network if they have been connected to the same SSID before.  The reason for this is that your phone just looks at SSID names and not a MAC Address for a wireless network. This doesn’t apply to phones only, laptops or any WiFi enabled devices will all act the same way.

Objective: To setup a Rogue Access Point and make our network act as a Captive Portal to Phish Passwords

Material: You will need the following:

  • Raspberry Pi (Click the link to check out the price on Amazon. Usually around $36 with free shipping)
  • USB Wireless Adapter (I use the Alpha AWUS036H in this tutorial)

Instructions: Lets start off with a fresh Raspbian install. I installed Rasbian-Lite on my Raspberry Pi since I will be running it headless and will use SSH to connect to my Raspberry Pi.  After you setup your Raspberry Pi lets run the update and upgrade Continue Reading

How to get the PSK or Password of a WiFi network if you have the WPS Pin

About: I have previously discussed how easily a router that has WPS enabled can be hacked. You can check out my post on how to perform a Pixie Dust Attack and attempt to grab a WPS pin from a unsecured router.  The attack takes a matter of seconds not days and will expose your WiFi password. It doesn’t matter if you are using WPA or WPA2 security since the WPS pin completely bypasses this security. Since you already have the WPS Pin you should be able to connect to the users SSID but you will not know their network password. The method I will show you today will expose their SSID password. If you have their SSID password, they may be using the same password for Facebook or Google or any other website.

A little knowledge about WPS. WPS stands for Wi-Fi Protected Setup and it is a wireless networking standard that tries to make connections between a router and your wireless devices faster and easier. It only works for wireless networks that have WPA/WPA2 security. It is suppose to make it easier to connect devices without a keyboard, like a TV, to your home network. Most routers come with WPS enabled and work by pushing the WPS button on your router and connecting your device. I personally have never heard or WPS before doing this research and have never used it in my personal life.

Objective: To demonstrate how to retrieve the PSK (password) of a WiFi network if you have the WPS Pin

Material: You will need the following:

  • Raspberry Pi (I have PwnPi 3.0 running on mine)
  • USB WiFi Adapter – I used the Panda USB WiFi adapter in this tutorial
  • PwnPi or Kali Linux distro on your Raspberry Pi or Linux machine
  • WPS Pin for the Network you are attempting to steal the PSK (Password)

Instructions: I am using PwnPi distro on my Raspberry Pi which has the tools I will need to get the PSK of the victims WiFi. You will pretty much need ‘WPA_Supplicant’ and ‘WPA Cli’ installed on your distro to expose the PSK so using PwnPi or Kali isn’t really necessary if you want to install those packages separately.
Continue Reading

How to setup your Raspberry Pi as an Access Point

About: Setting up your Raspberry Pi as an access point may come in handy. Especially in a pinch when your home router dies and you need some WiFi in your house while a new router is on order. It can also be useful if you want to set up an access point to perform evil doings like monitoring all the traffic or setting up an evil twin network.

In this tutorial we will be setting up a WiFi Access Point and linking all data to our Ethernet connection, so make sure we have an active internet connection on the Ethernet port to tunnel all the WiFi data to it.

Objective: To create a WiFi access point on our Raspberry Pi and link our WiFi connection to the Ethernet connection.

Material: You will need the following:

Instructions: Just a warning before continuing, setting up your network settings can mess things up if you are using the Raspberry Pi for something else. Be sure to make a backup of your Raspberry Pi before continuing if you need to. Also troubleshooting network issues can be difficult if you are inexperienced with networking. Be sure to follow the directions carefully and you should be alright.

Continue Reading