Wifiphisher Cheat Sheet
wifiphisher is a rogue access point (Evil Twin) framework used to perform wireless phishing and credential harvesting by tricking users into connecting to a fake AP.
Start Wifiphisher
wifiphisher
Run with sudo:
sudo wifiphisher
Basic Workflow
- Select wireless interface
- Choose target AP
- Launch deauthentication
- Deploy phishing scenario
- Capture credentials
Common Phishing Scenarios
- Firmware upgrade page
- OAuth login page
- Wi-Fi password prompt
- Captive portal imitation
Select scenario:
Interactive menu → Choose scenario
Deauthentication Attack
Automatically sends deauth frames to force clients to disconnect and reconnect to the rogue AP.
Specify Target ESSID
wifiphisher --essid TargetWiFi
Specify Channel
wifiphisher --channel 6
Disable Internet Access
wifiphisher --no-internet
Useful for offline phishing tests.
MAC Address Randomization
wifiphisher --mac-randomization
Log & Capture Location
Captured credentials stored in:
~/wifiphisher/logs/
Typical Workflow
airmon-ng check kill
wifiphisher
Select target
Launch phishing
Collect credentials
Common Issues
Clients not connecting
- Signal too weak
- Wrong channel
- Stronger real AP nearby
Phishing page not loading
- DNS spoofing blocked
- HTTPS HSTS protection
Wifiphisher vs Wifite
| Feature | Wifiphisher | Wifite |
|---|---|---|
| Rogue AP | Yes | No |
| Phishing | Yes | No |
| Automated cracking | No | Yes |
Related Tools
airbase-ngbettercapsetoolkitbeEF
Use Cases
- Wireless social engineering
- Evil Twin attacks
- Awareness training
- Red team simulations
Legal Notice
Danger
Use Wifiphisher only on networks you own or have explicit permission to test.