George Chatzisofroniou - Introducing wifiphisher, a tool for automated WiFi phishing attacks

WiFi networks are commonly plagued by two serious issues: i) management frames can be easily forged and ii) wireless devices tend to automatically connect to the Access Point with the best signal. The Evil Twin and Karma attacks exploit the above issues, allowing attackers to perform man-in-the-middle and phishing attacks. This presentation will introduce wifiphisher (https://github.com/sophron/wifiphisher), an open-source tool that automates the process of launching WiFi phishing attacks. Wifiphisher comes with a set of community-built templates for different phishing scenarios. The presentation will explain in detail how WiFi phishing attacks work. It will also explain the reasons behind the success rate of these attacks, showing how different Operating Systems (and users in different environments) react during these attacks. Finally, countermeasures will be discussed that could limit the exposure to such attacks for individuals and organizations.

https://census-labs.com/media/effective_wifi_phishing_33c3.pdf