The Phishing attack attempts to fetch the password of an access point by means of social engineering. A clone access point is created which forces the users into connecting and providing the password of the original access point.
Fern Pro ships with phishing templates that could be used when auditing an access point, you can however also create and use custom templates if you have basic knowledge of html. The following section describes the steps and procedures for creating a custom template
Custom templates are HTML files that contain custom text, images or css code. In other for the template to work with Fern Pro's phishing engine, certain variables must be present in the template file for it to be successfully parsed and used by Fern Pro.
Please see a breif description of variables and parameters that are recognized by the templating engine.
|__SSID__||This variable represents the name of the access point, Fern Pro will replace the variable with the name of the access point whereever it finds it||Linksys|
|__BSSID__||This variable represents the Mac Address of the access point, Fern Pro will replace the variable with the mac address of the access point whereever it finds it||0C:BA:3C:09:FE:5B|
|__ENCRYPTION__||This variable represents the encryption of the access point, Fern Pro will replace the variable with the encryption of the access point whereever it finds it||WPA2|
|__ERROR_MESSAGE__||This variable is used to display error messages to the user after a wrong password attempt. The html tag nesting the variable should be styled red using inline css||The password entered in incorrect|
In addition to the above variables, The template must also contain a form, the form will submit the data to Fern Pro phishing engine when a password attempt is made. The following
<form action="validate" method="POST" enctype="multipart/form-data">
<input type="password" name="password"/>
<input type="submit" title="Proceed">
You can add images into the template file. Images added to template need to be embedded and not linked to avoid broken links, in other to add images though, a base64 representation of the image data must be used. Please see an example below:
<img src="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVQYV2NgYAAAAAMAAWgmWQ0AAAAASUVORK5CYII=" scale="0"/>
For more information about presenting images in base64 embedded format, please see https://tools.ietf.org/html/rfc2397#section-4. You might also want to search google for more information.
In addition to images, you can also style properties in the template file. Styling of the htlml properties in the template need to however use the inline or embedded method in other to avoid broken links in the target browser. Please see an example of how to style the template properties below:
<p>I am made blue by embedded styling</p>
<p style="color:blue">I am made blue by inline styling</p>
We have also included this complete template example which contains all the variables and parameters mentioned in this tutorial, feel free to use this template as a guide in creating attrative templates.