I executed the following command of Wifiphisher 1.4.GIT in my Kali Linux 2018.3:
wifiphisher -aI wlan0mon -eI wlan1 -p firmware-upgrade -e ESSID --logging -lP PATH
It is executed correctly but when I connect my lapdop to the fake AP, the firmware-upgrade page is not appear.
Analyzing the logs, I found this:
HTTPServerRequest(protocol='http', host='149.154.167.51:80', method='POST', uri='/api', version='HTTP/1.1', remote_ip='10.0.0.69', headers={'Content-Length': '40', 'Accept-Language': 'es-ES,en,*', 'Accept-Encoding': 'gzip, deflate', 'Host': '149.154.167.51:80', 'User-Agent': 'Mozilla/5.0', 'Connection': 'Keep-Alive', 'Content-Type': 'application/x-www-form-urlencoded'})
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/tornado-4.5.3-py2.7-linux-x86_64.egg/tornado/web.py", line 1510, in _execute
result = method(*self.path_args, **self.path_kwargs)
File "/usr/local/lib/python2.7/dist-packages/wifiphisher-1.4-py2.7.egg/wifiphisher/common/phishinghttp.py", line 127, in post
post_data = tornado.escape.url_unescape(self.request.body)
File "/usr/local/lib/python2.7/dist-packages/tornado-4.5.3-py2.7-linux-x86_64.egg/tornado/escape.py", line 135, in url_unescape
return unicode_type(unquote(utf8(value)), encoding)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xd4 in position 8: invalid continuation byte
What is happened?How can I fix it?
Thanks!
This is the bug of our side, we didn't filter the right POST request. (I.E. since when the victims enter password, their device will send the POST request with the PW) and this one is not what we want.
I don't understand what you want say, is it possible fix it or is a bug that you don't want fix?
Thx!!
We'll fix it at some point. Thanks for reporting it.
I just pushed a commit that fixes this. Since we don't know in which codeset we'll get data, we should reject those that didn't UTF-8 decode.