[
*
]
GET 10.0.0.43
[
*
]
GET 10.0.0.43
At the bottom of the output from
wifiphisher
, you will see that a password has been
entered. While this is just a bogus password that I entered to get through the page,
any user thinking they were connecting to a legitimate network would presumably
enter what they believed the password to that network to be. In this way, the attacker
would get the password to the network. Additionally, since the 802.11 messages are
passing at least to the rogue AP, the attacker gets any network communication being
sent from the client. This may include attempts to log in to websites or mail servers.
This can happen automatically without the client even knowing, depending on
whether the clients or browser are running or if there are background processes set
up. Once the password is sent through to the attacker, the client is presented with the
page in
Figure 7-10
.
Figure 7-10. Firmware update page
You will notice that the word
disconnect
is misspelled on the page. There is also no
copyright holder at the bottom, though there is a copyright date. It looks legitimate,
though if you look closely, you will see that it’s entirely bogus. A typical user would
likely not notice any of these issues. The entire point is to look legitimate enough to
get users to believe they should be entering their passwords so the attacker can collect
them.
