Phishing is a criminal act of deceiving other people into sharing their sensitive information like credit card numbers or account credentials. Usually, it is carried out by sending victims fake URLs which imitates a legitimate website such as social media accounts, bank login pages and more. In this demonstration, we will be broadcasting a wifi access point with DNS redirection to host Captive portal with a fake Facebook login page.
Phishing is the simplest cyber attack, but the most effective one. It doesn’t require sophisticated technical knowledge to carry out.
You will see how a wifi access point name was replicated and, how a fake Facebook page was displayed to the victim’s device. We use a NodeMCU, a cheap 5$ wifi Module to achieve such a feat.
Why is this super effective?
As you can see in this video, upon connecting to our captive portal, “Facebook Messenger” displays a notification that the user needs to do something to be able to use messenger.
Also, Android devices have a default behavior of showing “Sign in to Network” which calls for an action to do something.
Since we are not broadcasting a Wifi with active connection, I have added a way to catch 404 and redirect it to the fake login page. So if you open up your browser E.g. Chrome or default Android browser, you will see the fake, Facebook Page.
It is also applicable for laptop devices, especially those who use Windows 10. A browser will popup, with URL “msftconnect.com”, and the website imitation will appear.
How to prevent such attacks?
Just checking the URL of the website is not enough. It is best to use mobile data and be wary of connecting to public Wifi.
For Android, what you can do is to disable the “captive portal detection” by executing an ADB shell command. You do not need root to accomplish it.
settings put global captive_portal_detection_enabled 0
You can also follow this tutorial on StackOverflow to disable Active Probing in Windows.