Tutorials

WiFi Phishing

The Phishing attack attempts to fetch the password of an access point by means of social engineering. A clone access point is created which forces the users into connecting and providing the password of the original access point.

Fern Pro ships with phishing templates that could be used when auditing an access point, you can however also create and use custom templates if you have basic knowledge of html. The following section describes the steps and procedures for creating a custom template


How To Create Custom Templates

Custom templates are HTML files that contain custom text, images or css code. In other for the template to work with Fern Pro's phishing engine, certain variables must be present in the template file for it to be successfully parsed and used by Fern Pro.

Please see a breif description of variables and parameters that are recognized by the templating engine.

Variable Description Example
__SSID__ This variable represents the name of the access point, Fern Pro will replace the variable with the name of the access point whereever it finds it Linksys
__BSSID__ This variable represents the Mac Address of the access point, Fern Pro will replace the variable with the mac address of the access point whereever it finds it 0C:BA:3C:09:FE:5B
__ENCRYPTION__ This variable represents the encryption of the access point, Fern Pro will replace the variable with the encryption of the access point whereever it finds it WPA2
__ERROR_MESSAGE__ This variable is used to display error messages to the user after a wrong password attempt. The html tag nesting the variable should be styled red using inline css The password entered in incorrect

In addition to the above variables, The template must also contain a form, the form will submit the data to Fern Pro phishing engine when a password attempt is made. The following rules must be followed when creating a form:

  • 1.  The attribute for the action parameter must have the url as 'validate'
  • 2.  The POST method must be used
  • 3.  The enctype attribute must have its parameter as 'multipart/form-data'
  • 4.  The form must include an input tag with a name attribute parameter as 'password'

<form action="validate" method="POST" enctype="multipart/form-data">
   <input type="password" name="password"/>
   <input type="submit" title="Proceed">
</form>

Adding Images

You can add images into the template file. Images added to template need to be embedded and not linked to avoid broken links, in other to add images though, a base64 representation of the image data must be used. Please see an example below:

<img src="image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVQYV2NgYAAAAAMAAWgmWQ0AAAAASUVORK5CYII=" scale="0"/>

For more information about presenting images in base64 embedded format, please see https://tools.ietf.org/html/rfc2397#section-4. You might also want to search google for more information.

CSS Styling

In addition to images, you can also style properties in the template file. Styling of the htlml properties in the template need to however use the inline or embedded method in other to avoid broken links in the target browser. Please see an example of how to style the template properties below:

Example 1

<head>
  <style type="text/css">
    p{
     color: blue;
     }
  </style>
</head>

<p>I am made blue by embedded styling</p>

Example 2

<p style="color:blue">I am made blue by inline styling</p>

We have also included this complete template example which contains all the variables and parameters mentioned in this tutorial, feel free to use this template as a guide in creating attrative templates.

Section