WiFi-Pumpkin 3 -- Dangerous Access Point

Sometime on some places we got free WiFi networks. Free WiFi is always a weakness of modern day people. As a cybersecurity expert we always say to not connect to publicly available networks. But why?

In our this detailed article we learn how WiFi-Pumpkin3 works on Kali Linux 2020 and how black-hat guys steel other's credentials using a rouge access point. We also discuss about how to be safe.

Wifi pumpkin3 install in Kali Linux

We can do this manually, but using Aircrack-ng, configuring the IP tables and using some other tools are time consuming. WiFi-Pumpkin3 do these manually.

Key Features of WiFi-Pumpkin

  1. Rouge WiFi access point.
  2. Deauth attacks on clients AP.
  3. Intercept, inspect, modify and replay web traffic.
  4. Probe request monitor.
  5. DHCP Starvation attack.
  6. Credential monitor.
  7. Transparent proxy.
  8. Windows update attack.
  9. Phishing manager.
  10. ARP poisoning.
  11. DNS spoof.
  12. Pumpkin proxy (MITM proxy server).
  13. Capture images on the fly.

Installing WiFi Pumpkin3 on Kali Linux

Let's start the installation process of WiFi-Pumpkin. Before installing WiFi-Pumpkin we need to install some requirements like hostapd and pyqt5 on our Kali Linux system. To install them we need to run following command on our terminal:
sudo apt install python3-pyqt5 hostapd
After entering this command the installation process will be started. Also we recommend to install some system packages, os-level dependencies for errorless installation and work. We need to apply following command in our terminal:
sudo apt install libssl-dev libffi-dev build-essential
After installing these packages we are ready to install WiFi-Pumpkin3 on our system. First we need to clone this from It's GitHub repository by using following command:
git clone https://github.com/P0cL4bs/wifipumpkin3
The output of the command shows in the following screenshot:
WiFi Pumpkin 3 clonning from GitHub
Then we navigate to the wifipumpkin3 directory using cd command:
cd wifipumpkin3
Now we start the installation process by running following command:
sudo python3 setup.py install
We can see that after applying this command, our installation process has been started.
Installing WiFi Pumpkin 3 on Kali Linux 2020
This might take a little bit time. Usually this process takes 3-5 minutes depending on our internet speed and system speed. We are taking a coffee break.

After our coffee finished we see that WiFi-Pumpkin3 installation is finished, it actually install some necessary packages to rum WiFi-Pumpkin.

Using WiFi Pumpkin3 on Kali Linux

Now we can run WiFi-Pumpkin3 from our terminal directly by using following command:
sudo wifipumpkin3
In the following screenshot we can see that our WiFi-Pumpkin3 is started. We are inside the pumpkin😜.
Wifi Pumpkin3 on Kali Linux
Now we configure the access point first. To configure an access point we need to run ap command:
ap
Here we get the access point settings. Here we can changes SSID, Channel, Interface and Security.

In the above screenshot we can see that no interface is selected, we set interface by using set interface <name> command.

In our case we use wlan0 as our Wi-Fi interface, so we use following command:
set interface wlan0
Then we configure our SSID and to get attracted by people we choose a juicy SSID (we named it Free WiFi for social engineering.. he😂he). We can easily make it by using following command:
set ssid Free WiFi
Then if we want we can set a security password, in our case we are going to share a rouge access point without password but if we want to assign a weak password we can use set security true after that to set a password we can use set security.wpa_sharedkey myeasypass.

We disable the DNS log, otherwise it comes on terminal again and again. To disable it we use following command:
ignore pydns_server
 
For an example we are going to set a proxy for capturing Facebook passwords. If we set the proxy then whenever someone connects on our free WiFi, our WiFi forcefully navigate the target to a Facebook login phishing page. If the anyone puts credential then we got it.

Using help command we can see that we can see modules by using show command.
show
wifi pumpkin3 show modules

Here we can see the captiveflask module. to use it we simply apply use command:

use misc.extra_captiveflask
Then we can run the help command here. The output is in the following screenshot:
wifi pumpkin3 module setup

Here we can see the list from GitHub or we can download available templates. We apply download command.
download
 
Wifi pumpkin3 downloading modules

Then we can install Facebook template by using following command:
install facebook
The following screenshot shows the output of applied command:
installing facebook plugin on wifipumpkin3

We can see that Facebook plugin is successfully installed. Now we need to reinstall WiFiPumpkin3 tool to see the changes. We need to exit command to exit from WiFiPumpkin3 and again install it by using following command:
sudo python3 setup.py install
This will be updated in some seconds. After that we again run this tool by using following command:
sudo wifipumpkin3
Again we need to use CaptiveFlask by using following command:
use misc.extra_captiveflask
We can see the list by using following command:
list
In the following screenshot we can see that Facebook plugin is available to use. 
 
Facebook plugin for wifi pumpkin3

Now we need to set a proxy for this. We use back command to get back to the main page of WiFiPumpkin3.
back
Now we set the proxy to CaptiveFlask by using following command:
set proxy captiveflask
Our proxy is set to captiveflask and if we want we can see the proxies using proxies command.
proxies list on wifipumpkin3

In the above screenshot we can see that Facebook is set to false, so we are going to change it. To make it "true" we run following command:

set captiveflask.facebook true
After applying the command we can see that Facebook is set as "true" in the following screenshot.
set facebook plugin true in wifipumpkin3

Now everything is done we can run the WiFiPumpkin3 tool by just using following command:

start
This will configure some things and start it in some seconds as we can see in the following screenshot.
wifipumpkin3 start
Now we open our android device and connect to our created WiFi access point (named Free WiFi).

 
wifipumpkin3 wifi on Android

Then our created WiFi access point will say "Tap here to sign in to network". Our created rouge access point will force our Android device to sign in. It will open Facebook login page as we can see in the following screenshot.

wifipumpkin3 rouge wifi

When we puts the credentials here it will be showed on our WiFiPumpkin3's terminal.

credential capturing using wifipumpkin3

In the above screenshot we can see that we got the credentials here.

That is why we always told that publicly available free WiFi might give us trouble. We need to always be aware.

Tips:

To create a CapiveFlask proxy we need internet connection. But if we are using a laptop and a home WiFi network for internet then we need to disconnect our WiFi to create an access point.

Then what about the internet connection?

We can get it from LAN connection. In our case we have used a separate USB WiFi adapter (wlan1) to get internet connection for proxy and create the rouge access point using laptop's inbuilt WiFi module (wlan0).

Note:- This tutorial is for educational purpose only. Stealing account credential is a serious crime. We showed this on our own devices for public awareness. If anyone do any illegal activity then we are not responsible for that.

This is how a malicious access point can be created very easily using WiFiPumpkin3 on Kali Linux 2021. Not only that WiFiPumpkin3 is capable to perform more dangerous attacks. We can try other methods. With some programming knowledge we can create our own captive portals for batter social engineering.

Liked our articles? Make sure to subscribe our e-mail subscription for free. (We send mail whenever new article releases). We are also available on GitHub & Twitter we also posts updates there.

For any problem or anything, we always happy to help. Just leave a comment in the comment section below. We always reply.

author-img
Kali Linux

Comments

9 comments
Post a Comment
  • TrozZ Sabin photo
    TrozZ SabinDecember 24, 2020 at 9:06 AM

    Do i need to connect my laptop with ethernet? I'm connected to my wifi. I have written all the commands properly but at last it is not starting. it says "You may need to another Wi-Fi USB adapter for create AP or try use with local connetion(Ethernet)."

    Delete Comment
    • Kali Linux photo
      Kali LinuxDecember 24, 2020 at 5:02 PM

      You Requires internet to run the attack. If your laptop's inbuilt WiFi module can't catch signal during attack because it will busy to create Fake AP. So you need a different internet source like LAN or another external (USB) WiFi adapter to take internet connection to your system. Any doubt?

      Delete Comment
      • ANONY photo
        ANONYApril 9, 2021 at 9:21 PM

        plugin facebook not found after I run the command install facebook; what can I do?

        Delete Comment
        • Kali Linux photo
          Kali LinuxApril 10, 2021 at 7:25 PM

          You need to change the local path to current directory of wp3, go to the directory when you make download and execute the command again. Thanks

          Delete Comment
          • ANONY photo
            ANONYApril 11, 2021 at 4:52 AM

            change the local path to current directory of wp3? can you please show me!

            Delete Comment
            • Kali Linux photo
              Kali LinuxApril 12, 2021 at 6:11 PM

              Looking on this matter. We are also facing same problem as you. When we got any update we surely leave our foundings here.

              Delete Comment
              • come hack someone photo
                come hack someoneApril 22, 2021 at 9:33 AM

                hey bro here is your answer

                when it say plugin facebook not found

                type following
                info
                list
                help
                install facebook

                Delete Comment
              • AnonymousMay 12, 2021 at 8:02 PM

                Do I need a wireless USB adapter for this to work? I've set up the AP but upon starting it it said the WLAN0 interface is not available, I checked the shell for wireless connections using iwconfig which too indicated that there wasn't any wireless extensions available, only the wired eth0 LAN and the loopback interfaces seemed to be up.

                Delete Comment
                • Kali Linux photo
                  Kali LinuxMay 14, 2021 at 5:59 PM

                  Which type of Kali installation do you have? VMware? or WSL or something else?

                  Delete Comment
                google-playkhamsatmostaqltradent