Getting the most out of Evil Twin with wifiphisher — BSides Athens 2016
My last year’s talk at BSides London introduced to the public Wifiphisher, a security tool that mounts the Evil Twin attack against Wi-Fi networks. The tool has since seen some heavy use by the wireless hacking community which has inspired further research into ways of making the Evil Twin attack more effective. This year, I was happy to discuss the results of this research in another BSides event which was held, for the first time, in my hometown — BSides Athens!
The first topic touched by the presentation was the effectiveness of Evil Twin attacks against networks with different encryption settings. I explained how Enterprise networks that do not leverage EAP-TLS, open networks and WPA/WPA2-protected networks with compromised (or known) pre-shared keys, are vulnerable by default in almost every setup. Furthermore, I showed how a network manager’s “connect automatically” and “available to all users” features may be exploited for user-oriented attacks.
The second topic of the presentation revolved around de-authentication attacks and ways in which these can be calibrated when manual interaction with the victim is required. By properly responding to probe request frames (after kicking out clients), an attacker may leave the victims with no other choice than to connect to the rogue Access Point.
Finally, the third and final topic touched by the presentation was a discussion on the phishing attacks that can be carried out once Evil Twin grants the attacker with a man-in-the-middle position. The community has already contributed various templates for different client-side exploitation scenarios. In this section of the talk the focus was given on phishing templates that mimic the network managers’ behavior as well as other ways in which customized templates may improve the success ratio of phishing attacks.
The presentation material can be found below:
- Presentation slides (pdf)
- Presentation video (youtube)
- Wifiphisher project page (github repo)
I must note that I really enjoyed the post-session brainstorming with the users of the tool.
Big thank you’s to all those who attended, and see you all at BSides Athens next year!