WiFi Pumpkin – Framework for Rogue Wi-Fi AP Attack

WiFi-Pumpkin is security auditing tool that provide the Rogue Access Point to MiTM (Man-In-The-Middle) and network attacks. This tool is capable of creating fake access points to utilise MITM attacks on the WiFi networks, such as: DHCP starvation attacks, Windows updates attacks, DNS spoofing, ARP poisoning, Pumpkin-Proxy, etc.

In addition, Wifi Pumpkin is capable of phishing, credentials monitoring, and capturing images on the fly.

WiFi-Pumpkin: Framework for Rogue Access Point Attack

WiFi-Pumpkin is a complete framework for auditing WiFi security. It comes with a bunch of modules and plugins, which will help you in creating a fake open wireless access point.

Also read: WiFite2 – Automated Wireless Attack Tool 

Features:

  • Rogue Wi-Fi Access Point
  • Deauth Attack Clients AP
  • Probe Request Monitor
  • DHCP Starvation Attack
  • Credentials Monitor
  • Transparent Proxy
  • Windows Update Attack
  • Phishing Manager
  • Partial Bypass HSTS protocol
  • Support BeEF hook
  • ARP Poison
  • DNS Spoof
  • Patch Binaries via MITM (BDF-Proxy)
  • LLMNR, NBT-NS and MDNS poisoner (Responder)
  • Pumpkin-Proxy (ProxyServer (mitmproxy API))
  • Capture images on the fly
  • TCP-Proxy (with scapy)
  • Moduled plugins and proxys
  • Wireless Mode support hostapd-mana/hostapd-karma attacks

Plugins:

  • Dns2proxy – different features for post-explotation once you change the DNS server to a Victim.
  • Sstrip2 – MITM tool that implements Moxie Marlinspike’s SSL stripping attacks based version fork @LeonardoNve/@xtr4nge.
  • Sergio_proxy – HTTP proxy that was written in Python for the Twisted framework.
  • BDFProxy – Patch Binaries via MITM: BackdoorFactory + mitmProxy, bdfproxy-ng is a fork and review of the original BDFProxy
  • Responder – Responder an LLMNR, NBT-NS and MDNS poisoner. (author: Laurent Gaffie)

Transparent Proxy (mitmproxy)

You can use Transparent Proxy to intercept and manipulate HTTP traffic modifying requests and responses, that allow you to inject JavaScripts into the targets visited. You can also implement a module to inject data into pages.

TCP-Proxy Server

A proxy that you can place between in a TCP stream. It filters the request and response streams with (scapy module) and actively modify packets of a TCP protocol that gets intercepted by WiFi-Pumpkin.

Requirements:

Recommended OSs (Dependencies included): Kali Linux 2.0, Kali Linux (Rolling Edition), WiFiSlax 4.11.1/4.12, Parrot OS, Ubuntu 15.10/16.04, Pentoo (Rolling Edition).
  • Python 2.7
  • Ethernet
  • Wifi adapter (support AP/monitor mode)
  • hostapd
  • isc-dhcp-server (optional)
  • php5-cli (optional)
  • Linux require soft: rfkill , iptables , nmcli

Install

Ubuntu/Kali/Linux

Clone it from the GitHub Repo:

$ git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git

Navigate to the WiFi-Pumpkin directory, and execute installer.sh script with sudo:

$ cd WiFi-Pumpkin 
$ chmod +x installer.sh 
$ sudo ./installer.sh --install

Check if your WiFi adapter supports AP/monitor mode:

$ iw list

You’re good to go if you see ‘AP’ the list of “Supported interface modes”.

Debian-based

WiFi-Pumpkin should work in any debian-based system, you’ll just need to install dependencies from requirements.txtwith the following command:

$ pip install -r requirements.txt

Pentoo/Gentoo

Add Pentoo overlay:

$ layman -S && layman -L && layman -a pentoo

or:

$ select repository add pentoo git https://github.com/pentoo/pentoo-overlay.git
$ emerge -av net-wireless/wifi-pumpkinY/N
Also read: SniffAir – Framework For Wireless Pentesting 

Usage

Launch the WiFi-Pumpkin with the following command:

$ sudo wifi-pumpkin
Note: If you try to start it as non-root user, the program won’t work.

After the launch, the following UI will open:

Now you can go to plugins tab and select the desired plugins for auditing/simulating the wifi attack.

Leave a Reply

Your email address will not be published. Required fields are marked *