Browse Tag: captive portal

How to Phish Usernames and Passwords from a Rogue Access Point using the Raspberry Pi

About: Setting up a Rogue Access Point on the Raspberry Pi is very easy. Our Access Point will act as a fake network providing free WiFi for our victim. It will have a captive portal which means any website that a user visits will be redirected to our login page where they will need to enter in their credentials to login. You can set the login page up to look like a Facebook or Google login page and name your network “Free Facebook WiFi”. The network I am setting up will not have any internet so everything will be contained on the Raspberry Pi. You can eventually bridge your connection with a 4G network or Ethernet to provide full internet access for users.

The tutorial today will demonstrate how unsafe public WiFi’s are and to never send any personal information over a public WiFi network. We can also setup our Access Point SSID to “attwifi” or “Starbucks”. If you set your access point’s SSID to a popular WiFi SSID then your victims phone will automatically connect to your network if they have been connected to the same SSID before.  The reason for this is that your phone just looks at SSID names and not a MAC Address for a wireless network. This doesn’t apply to phones only, laptops or any WiFi enabled devices will all act the same way.

Objective: To setup a Rogue Access Point and make our network act as a Captive Portal to Phish Passwords

Material: You will need the following:

  • Raspberry Pi (Click the link to check out the price on Amazon. Usually around $36 with free shipping)
  • USB Wireless Adapter (I use the Alpha AWUS036H in this tutorial)

Instructions: Lets start off with a fresh Raspbian install. I installed Rasbian-Lite on my Raspberry Pi since I will be running it headless and will use SSH to connect to my Raspberry Pi.  After you setup your Raspberry Pi lets run the update and upgrade Continue Reading