Wifipumpkin3
Wifipumpkin3 is a framework for setting up rogue access points and the associated evil twins. The framework is written in Python. [1]
Features
According to the authors, the main features of the framework are as follows [1]:
Rogue access point attack Man-in-the-middle attack Module for deauthentication attack Module for extra-captiveflask templates Rogue Dns Server Captive portal attack (captiveflask) Intercept, inspect, modify and replay web traffic WiFi networks scanning DNS monitoring service Credentials harvesting Phishkin3 (Support MFA phishing attack via captive portal) EvilQR3 (Support Phishing QR code attack) Transparent Proxies
Installation
Wifipumpkin3 is written in Python3, which is why the installation of Python3 (version 3.7 or later) is required. In addition, it requires a Wi-Fi adapter that allows access point (AP) mode. Windows and Mac OSX are currently (01.01.2024) not supported. [2]
Installation:
Dependencies should be installed first:
sudo apt install python3.7-dev libssl-dev libffi-dev build-essential python3.7
Then wifipumpkin3 can be cloned from the github repo and uninstalled:
git clone https://github.com/P0cL4bs/wifipumpkin3.git cd wifipumpkin3 sudo make install
Alternatively, wifipumpkin3 can be installed under Kali Linux (2022.2) as follows:
sudo apt install wifipumpkin3
Some examples of use
The operation of wifipumpkin3 is reminiscent of the operation of Metasploit. The framework can be started as follows:
sudo wp3
The following commands are relevant for setting up an Evil Twin:[3]
Display all information/parameters about the access point to be spawned:
ap
As in Metasploit, the variables of the AP can be set with set:
set
Display installed proxies:
proxies
A proxy can be activated or set as follows:
set proxy proxy_name
The configured access point can be started with the following command:
start
The AP then starts according to the entered configurations, whereby, depending on the proxy, the traffic or the connected devices and intercepted credentials of the captive portal are then displayed, for example.
References
According to the author, wifipumpkin3 comes with the following pre-installed proxies[4]:
pumpkinproxy - Proxy for intercept network traffic on TCP protocol. captiveflask - Allow block Internet access for users until they open the page login page. noproxy - Runnning without proxy redirect traffic
The respective options of a proxy can also be defined with true/false. For example, pumpkinproxy offers options for html_injection or javascript injection, which can be defined and activated as required. Similarly, the captive portal can be defined for the captive flask proxy.
- ↑ 1.0 1.1 "Wifipumpkin3" - available under: https://github.com/P0cL4bs/wifipumpkin3 - Retrieved 2024-01-01.
- ↑ "Getting Started - Installation" - available under: https://wifipumpkin3.github.io/docs/getting-started - Retrieved 2024-01-01.
- ↑ "Getting Started - Usage" - available under: https://wifipumpkin3.github.io/docs/getting-started#usage - Retrieved 2024-01-01.
- ↑ "Getting Started - Proxies" - available under: https://wifipumpkin3.github.io/docs/getting-started#proxies - Retrieved 2024-01-01.