{"id":20600271,"url":"https://github.com/defeo/phishing-demo","last_synced_at":"2026-03-09T11:31:32.813Z","repository":{"id":67789888,"uuid":"60733458","full_name":"defeo/phishing-demo","owner":"defeo","description":"Demonstration of wifi sniffing, dns poisoning, mitm and phishing attack","archived":false,"fork":false,"pushed_at":"2018-11-05T22:16:02.000Z","size":1778,"stargazers_count":11,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-06T15:51:40.391Z","etag":null,"topics":["security","wifi"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/defeo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-06-08T21:56:43.000Z","updated_at":"2025-02-18T08:22:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"85b7d6bc-b384-4e58-857d-1d32a1d1d3dc","html_url":"https://github.com/defeo/phishing-demo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/defeo/phishing-demo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defeo%2Fphishing-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defeo%2Fphishing-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defeo%2Fphishing-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defeo%2Fphishing-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/defeo","download_url":"https://codeload.github.com/defeo/phishing-demo/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defeo%2Fphishing-demo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30292396,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T11:12:22.024Z","status":"ssl_error","status_checked_at":"2026-03-09T11:10:54.577Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["security","wifi"],"created_at":"2024-11-16T08:37:43.999Z","updated_at":"2026-03-09T11:31:32.797Z","avatar_url":"https://github.com/defeo.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# A phishing demo\n\nThis material illustrates sniffing and phishing attacks on wireless\ninternet.\n\n## Dependencies\n\nYou will need the following software\n\n- [lighttpd](https://www.lighttpd.net/) for serving phished web pages,\n- [aircrack-ng](https://www.aircrack-ng.org/) for wifi sniffing,\n- [wireshark](https://www.wireshark.org/) for packet analysis,\n- [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html),\n  [hostapd](http://w1.fi/) and\n  [create_ap](https://github.com/oblique/create_ap) for creating a\n  wireless access point.\n\n## What's included\n\nThis package contains demonstration material for two attacks on\nunsecured wifi networks:\n\n- The \"Starbucks attack\": sniffing passwords sent over HTTP on a\n  public wifi network.\n\n- The \"DNS hijacking attack\": setting up an AP that redirects all\n  traffic to a local server with self-signed certificates.\n\n### Detailed contents\n\n\n- HTML slides, in the `localhost` folder, to present the attacks (in\n  French).\n\n- Configuration for the `create_ap` script that creates an AP named\n  *FreeWifi*.\n\n- Phishs of the landing pages of the following domains, served by\n  `lighttpd`:\n  - facebook.com, m.facebook.com, www.facebook.com,\n  - instagram.com, www.instagram.com,\n  - linked.com, www.linkedin.com,\n  - wifi.free.fr;\n\n- Configuration for a `lighttpd` server with a self-signed\n  certificate.  **TODO:** see if it is possible to redirect all\n  traffic, except the phishs, to the wifi.free.fr domain (useful for\n  automated captive portal support in browsers).\n\nMost contents are for the second attack. See the commands in the next\nsection to run the first attack.\n\n## Commands to run the show\n\n### Starbucks attack\n\nSwitch off network management apps\n\n\tsudo systemctl stop wicd.service\n\tsudo systemctl stop NetworkManager.service\n\nPut the wireless interface in monitor mode\n\n\tsudo airmon-ng start \u003cinterface\u003e \u003cchannel\u003e\n\nNow you can passively sniff cleartext network traffic on the selected\nchannel, e.g., using Wireshark. Just let the victim browse a service\nthat sends passwords over http, and sniff the contents.\n\nThis attack obviously fails for websites that redirect to https, such\nas Facebook.\n\n### DNS hijacking attack\n\nThe goal of this attack is to circumvent the redirection to https by\nserving a phish of the target site.  Strict Transport Security blocks\nthe attack on modern browsers by redirecting to https anyway: since we\ncan only serve a self-signed certificate, the browser error message\nshould be sufficient to block the attack.  There are at least three\nways in which this attack can succeed, nevertheless:\n\n- Browser is old (e.g., IE 10);\n- Browser has never visited the website before;\n- Website does not activate STS: this is a moving target\n  (the redirect to https must not be in the browser's cache, however).\n\nTo run the show, stop monitoring on the wireless interface\n\n\tsudo airmon-ng stop \u003cinterface\u003emon\n\nCreate an access point on the wireless interface\n\n\tsudo create_ap --redirect-to-localhost --config create_ap.conf\n\nTo start the phishing HTTP(S) server, be sure to allow lighttpd to\nlisten on priviledged ports\n\n\tsudo setcap 'cap_net_bind_service=+ep' /usr/bin/lighttpd\n\nthen run lighttpd with\n\n\tlighttpd -f lighttpd.conf -D\n\nEvery HTTP(s) request is now redirected to your local phishing server.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdefeo%2Fphishing-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdefeo%2Fphishing-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdefeo%2Fphishing-demo/lists"}