Member-only story
Hack Social Media Accounts using a Captive Portal
In this article, I will show you how to steal login information from social media accounts using a malicious Wi-Fi captive portal.
A Wi-Fi captive portal is a webpage that is displayed to newly connected users of a Wi-Fi network before they are granted access to the internet.
These web pages that appear as soon as you connect to the Wi-Fi are known as captive portals. In them, many companies not only ask you to accept the terms and conditions but you are also requested to enter your login credentials from social networks, such as Facebook, Twitter, or Google.
Captive portals are typically used by business centers, airports, coffee shops, and other places that offer free Wi-Fi hotspots for Internet users.
Usually, you will be redirected to a captive portal when you try to connect to a public hotspot. After authenticating on the web page, you can access the Internet using the hotspot.
To demonstrate the attack I will use a script from GitHub called RougeWifi.
Clone the Script
In order to use the script, you need to download/clone the package from Github using the following command.
git clone https://github.com/s0meguy1/RougeWifi.gitOnce done with that, change the directory to the script folder.
cd Rouge-WifiNow you need to copy all the files from this directory to the Apache web server location (/var/www/html) using the following command.
cp –r * /var/www/htmlLet’s change the directory to /var/www/html and use ‘ls’ command to see all the files.
cd /var/www/html
Here you can see the files.
At this point, you can run the script using the following command.
./wifi.sh wlan0 eth0 Free-WiFiThis command will use wlan0 which is the wireless interface for creating the access point, and the second interface eth0 will be used to give internet…
