July 21st, 2019 by cedcraftscodes
Phishing is a criminal act of deceiving other people into sharing their sensitive information like credit card numbers or account credentials. Usually, it is carried out by sending victims fake URLs which imitate a legitimate website such as social media accounts, bank login pages, and more. In this demonstration, we will be broadcasting a wifi access point with DNS redirection to host the Captive portal with a fake Facebook login page.
You will see how a wifi access point name was replicated and, how a fake Facebook page was displayed to the victim’s device. We use a NodeMCU, a cheap 5$ wifi Module to achieve such a feat.
Upon connecting to our captive portal, “Facebook Messenger” displays a notification that the user needs to do something to be able to use messenger.
Also, Android devices have a default behavior of showing “Sign in to Network” which calls for an action to do something.
Since we are not broadcasting Wifi with an active connection, I have added a way to catch 404 and redirect it to the fake login page. So if you open up your browser E.g. Chrome or default Android browser, you will see the fake, Facebook Page.
It is also applicable for laptop devices, especially those who use Windows 10. A browser will popup, with the URL “msftconnect.com”, and the website imitation will appear.
Just checking the URL of the website is not enough. It is best to use mobile data and be wary of connecting to public Wifi.
For Android, what you can do is disable the “captive portal detection” by executing an ADB shell command. You do not need root to accomplish it.
settings put global captive_portal_detection_enabled 0
You can also follow this tutorial on StackOverflow to disable Active Probing in Windows.