Credential harvesting using raspberry pi

Abstract

Due to advances in digital technology, cyberattack grows faster than other crimes. According the cybersecurity statistics for 2020, Gartner forecasts the worldwide cybersecurity spending reaches up to $133.7 billion in 2022. As the growth of cyber threats, the practical cybersecurity education is gaining its importance. Hands-on experience through the lab exercise becomes crucial component because students tend to learn thing better when observing how practically it's been applied in real system. The most common attacks are phishing and social engineering, which more than 60% of business experienced in 2018. Recently, the phishing attack in Wi-Fi, Wifiphisher, which utilizes automated phishing agent to public Wi-Fi to steal the credential information or infect victim's device with malware, has been introduced. Here, we propose the Phishing Wi-Fi man-in-the-middle attack utilizing Wi-Fi, HTTP, and DNS for cybersecurity education. Since virtualization technology, commonly used in cybersecurity education, is not suitable for wireless lab exercise, we use Raspberry Pi, small and affordable computer, to build Wi-Fi Phishing lab. In this paper, we introduce the concept and guideline of the Phishing Wi-Fi attack using Raspberry Pi including building, delivery method, and countermeasures.