Facebook Account Hacking -- The Best 9 Methods

Sometime on some places we got free WiFi networks. Free WiFi is always a weakness of modern day people. As a cybersecurity expert we always say to not connect to publicly available networks. But why?

In our this detailed article we learn how WiFi-Pumpkin3 works on Kali Linux 2020 and how black-hat guys steel other's credentials using a rouge access point. We also discuss about how to be safe.

We can do this manually, but using Aircrack-ng, configuring the IP tables and using some other tools are time consuming. WiFi-Pumpkin3 do these manually.

Key Features of WiFi-Pumpkin

1. Rouge WiFi access point.
2. Deauth attacks on clients AP.
3. Intercept, inspect, modify and replay web traffic.
4. Probe request monitor.
5. DHCP Starvation attack.
6. Credential monitor.
7. Transparent proxy.
8. Windows update attack.
9. Phishing manager.
10. ARP poisoning.
11. DNS spoof.
12. Pumpkin proxy (MITM proxy server).
13. Capture images on the fly.

Installing WiFi Pumpkin3 on Kali Linux

Let's start the installation process of WiFi-Pumpkin. Before installing WiFi-Pumpkin we need to install some requirements like hostapd and pyqt5 on our Kali Linux system. To install them we need to run following command on our terminal:

sudo apt install python3-pyqt5 hostapd

After entering this command the installation process will be started. Also we recommend to install some system packages, os-level dependencies for errorless installation and work. We need to apply following command in our terminal:

sudo apt install libssl-dev libffi-dev build-essential

After installing these packages we are ready to install WiFi-Pumpkin3 on our system. First we need to clone this from It's GitHub repository by using following command:

git clone https://github.com/P0cL4bs/wifipumpkin3

The output of the command shows in the following screenshot:

Then we navigate to the wifipumpkin3 directory using cd command:

cd wifipumpkin3

Now we start the installation process by running following command:

sudo python3 setup.py install

We can see that after applying this command, our installation process has been started.

This might take a little bit time. Usually this process takes 3-5 minutes depending on our internet speed and system speed. We are taking a coffee break.

After our coffee finished we see that WiFi-Pumpkin3 installation is finished, it actually install some necessary packages to rum WiFi-Pumpkin.

Using WiFi Pumpkin3 on Kali Linux

Now we can run WiFi-Pumpkin3 from our terminal directly by using following command:

sudo wifipumpkin3

In the following screenshot we can see that our WiFi-Pumpkin3 is started. We are inside the pumpkin😜.

Now we configure the access point first. To configure an access point we need to run ap command:

ap

Here we get the access point settings. Here we can changes SSID, Channel, Interface and Security.

In the above screenshot we can see that no interface is selected, we set interface by using set interface <name> command.

In our case we use wlan0 as our Wi-Fi interface, so we use following command:

set interface wlan0

Then we configure our SSID and to get attracted by people we choose a juicy SSID (we named it Free WiFi for social engineering.. he😂he). We can easily make it by using following command:

set ssid Free WiFi

Then if we want we can set a security password, in our case we are going to share a rouge access point without password but if we want to assign a weak password we can use set security true after that to set a password we can use set security.wpa_sharedkey myeasypass.

We disable the DNS log, otherwise it comes on terminal again and again. To disable it we use following command:

ignore pydns_server

 

For an example we are going to set a proxy for capturing Facebook passwords. If we set the proxy then whenever someone connects on our free WiFi, our WiFi forcefully navigate the target to a Facebook login phishing page. If the anyone puts credential then we got it.

Using help command we can see that we can see modules by using show command.

show

Here we can see the captiveflask module. to use it we simply apply use command:

use misc.extra_captiveflask

Then we can run the help command here. The output is in the following screenshot:

Here we can see the list from GitHub or we can download available templates. We apply download command.

download

 

Then we can install Facebook template by using following command:

install facebook

The following screenshot shows the output of applied command:

We can see that Facebook plugin is successfully installed. Now we need to reinstall WiFiPumpkin3 tool to see the changes. We need to exit command to exit from WiFiPumpkin3 and again install it by using following command:

sudo python3 setup.py install

This will be updated in some seconds. After that we again run this tool by using following command:

sudo wifipumpkin3

Again we need to use CaptiveFlask by using following command:

use misc.extra_captiveflask

We can see the list by using following command:

list

In the following screenshot we can see that Facebook plugin is available to use. 

 

Now we need to set a proxy for this. We use back command to get back to the main page of WiFiPumpkin3.

back

Now we set the proxy to CaptiveFlask by using following command:

set proxy captiveflask

Our proxy is set to captiveflask and if we want we can see the proxies using proxies command.

In the above screenshot we can see that Facebook is set to false, so we are going to change it. To make it "true" we run following command:

set captiveflask.facebook true

After applying the command we can see that Facebook is set as "true" in the following screenshot.

Now everything is done we can run the WiFiPumpkin3 tool by just using following command:

start

This will configure some things and start it in some seconds as we can see in the following screenshot.

Now we open our android device and connect to our created WiFi access point (named Free WiFi).

 

Then our created WiFi access point will say "Tap here to sign in to network". Our created rouge access point will force our Android device to sign in. It will open Facebook login page as we can see in the following screenshot.

When we puts the credentials here it will be showed on our WiFiPumpkin3's terminal.

In the above screenshot we can see that we got the credentials here.

That is why we always told that publicly available free WiFi might give us trouble. We need to always be aware.

Tips:

To create a CapiveFlask proxy we need internet connection. But if we are using a laptop and a home WiFi network for internet then we need to disconnect our WiFi to create an access point.

Then what about the internet connection?

We can get it from LAN connection. In our case we have used a separate USB WiFi adapter (wlan1) to get internet connection for proxy and create the rouge access point using laptop's inbuilt WiFi module (wlan0).

Note:- This tutorial is for educational purpose only. Stealing account credential is a serious crime. We showed this on our own devices for public awareness. If anyone do any illegal activity then we are not responsible for that.

This is how a malicious access point can be created very easily using WiFiPumpkin3 on Kali Linux 2021. Not only that WiFiPumpkin3 is capable to perform more dangerous attacks. We can try other methods. With some programming knowledge we can create our own captive portals for batter social engineering.

Liked our articles? Make sure to subscribe our e-mail subscription for free. (We send mail whenever new article releases). We are also available on GitHub & Twitter we also posts updates there.

For any problem or anything, we always happy to help. Just leave a comment in the comment section below. We always reply.