MITM – Hacking With WiFi-Pumpkin

December 30, 2016 | Views: 35451

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

MITM – Hacking With WiFi-Pumpkin

Hi, welcome to “man in the middle” hacking with Wifi-Pumpkin tutorial:

This tutorial will show you how to get user credentials (social media credentials) using a tool called Wifi-Pumpkin on ParrotSec with a custom fake login page. Following hacks has been tested with ParrotSec (Linux operating system for pentesting) with Wifi-Pumpkin tool. You can also use Kali Os as the operating system for this hack to work.

Here are the links for Parrotsec and Wifi-Pumpkin

Besides the application, you also need to make sure that you have an external wifi card that supports AP (access point) mode. I would recommend TP-Link WN722N. This wifi card has been proven to work with all sorts of wifi attacks. So for example if you are performing this attack at a “Starbucks” your internal wifi card will be connected to their wifi and your external card will be used for attack as the Rogue AP.

What this tutorial will not cover is the installation process of ParrotSec Os or Kali Linux Os. Please find the installation documentation at their respective websites. Parrotsec can be installed as VMware or as the main operating system. The choice is entirely up to you. Please note that you must have some knowledge on VMware and Linux operating system.

I will assume you have either Kali or ParrotSec running, next, we need to install Wifi-Pumpkin. The installation for this tool is really straight forward. Type this command in your terminal:

 git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
 cd WiFi-Pumpkin
 ./installer.sh –install

If you do run into some errors while installing, please refer to their website for a solution. The reason for incomplete installation could just be that your Linux is missing some of its dependencies.
Once the installation process completes, run it at the terminal “sudo wifi-pumpkin“.  A beautiful Gui application pops-up. All your hacking is done right here. You don’t need to open any other terminal and run painstaking commands to make it work.

Wifi-Pumpkin comes withs loads of modules and plugins. For this specific tutorial, I will be concentrating on Rogue AP, Phishing Manager module and DNS Spoof module.
Before we start hacking with this awesome tool, there are few more things that we need to do. That is we need to download the custom fake-portal from fake-portal. Download and unzip the files to your web server folder, which is normally under /var/www or /var/www/html.

Next, we need to make sure our Mysql has the right database and tables to reflect the fake-portal. Mysql and Apache usually comes pre-installed in Kali and Parrotsec. If not you can follow the installation procedure on my fake-portal link.

Open terminal and type “mysql -u root” , now you will be in MySQL console. Next, we need to create a database so type “create database rogue_AP;” and enter. The name rogue_AP can be anything you want. Just make sure you write it down somewhere for later use. We need to change to the current database which we just created. So type “use rogue_AP;“. Next we need to create the correct tables, so type “create table social_login(socialn varchar(64), email varchar(64), userpassword varchar (64));
That’s it for MySQL setup just make sure you run the above commands without the “double quotes“. Next, we need to edit a file which we unzipped to var/www/html . Open up the file named “dbconnect.php” and edit this part:

$host=”localhost“;  (this is normally localhost)
$username=”your mysql username“;  (your MySQL username, default is root)
$password=”your mysql password“;  (your MySQL password)
$db_name=”rogue_AP“;  (the database name which you created)
$tbl_name=”social_login“;  (leave this as default)

Once done start MySQL with this command, “sudo /etc/init.d/mysql restart”

*Please note if you have not set your MySQL root password, please set it first. You can follow this guide to set it up.

https://ubuntu.flowconsult.at/en/mysql-set-change-reset-root-password/

A brief introduction on WiFi-Pumpkin

Wifi-Pumpkin is basically an MITM tool. The victim will connect to rogue ap and once connected, a victim will see a fake portal. In this fake-portal victim will be tricked in to logging in with their social media accounts in order to use so-called “free internet”.

Take note that this database does not in any way actually connects to the actual social media sites, hence there is no way verify whether their captured credentials are real or not. The only way to verify is to use the captured credentials and use it to login on the respective social media accounts.

Now that everything is setup and ready to go, launch wifi-pumpkin. In the “settings” menu set your “Gateway” ip address (your router ip) , set “SSID” name to whatever you like, for example, “starbucks“. Choose your available network adapter wlan0 or wlan1. Set class IP range address. If your current network uses a class C range, then make sure the range you select is not the same as your current network range. Save settings.

Under “plugins” menu untick enable proxy server. Start the access point by clicking Start. Next, go to “modules” and select “phishing manager“, under options select set directory. Set ip address to 10.0.0.1.
SetEnv Path” will be the fake portal files which you unzipped to /var/www/html and start server.

Next go to “modules” under “DNS::spoof” remove any URL in there by right clicking, clear all. Select redirect traffic from all users, and start the attack. Next under “view” select “monitor “NetCreds” and click capture logs.
When victim connects to the rogue ap, you will see the login credentials here, and also at the main panel under “activity-monitor“.

And that’s it! once down stop all servers. Use the captured credentials to try to login to a social media account like Facebook or others, depending on what the victim selected under the fake portal.

Wifi-Pumpkin is an excellent tool for MITM,well-maintained app compared to mana-toolkit or any other MITM app out there. Try out other plugins and modules in there and start learning and hacking!

Good Luck.


Like this article? Try this one, “Evil Twin Access Point | Wifi-Pumpkin

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
34 Comments
  1. in phishing manager it shows failed to listen on 10.0.0.1:80(reason: address already in use) pls solve this problem

    • this is my ifconfig output

      enp3s0f2: flags=4163 mtu 1500
      inet 192.168.88.253 netmask 255.255.255.0 broadcast 192.168.88.255
      inet6 fe80::7c2f:8660:1278:5b70 prefixlen 64 scopeid 0x20
      ether 20:6a:8a:82:14:6e txqueuelen 1000 (Ethernet)
      RX packets 1508 bytes 1318785 (1.3 MB)
      RX errors 0 dropped 0 overruns 0 frame 0
      TX packets 1511 bytes 168022 (168.0 KB)
      TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

      lo: flags=73 mtu 65536
      inet 127.0.0.1 netmask 255.0.0.0
      inet6 ::1 prefixlen 128 scopeid 0x10
      loop txqueuelen 1 (Local Loopback)
      RX packets 29026 bytes 1782363 (1.7 MB)
      RX errors 0 dropped 0 overruns 0 frame 0
      TX packets 29026 bytes 1782363 (1.7 MB)
      TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

      wlp4s0: flags=4163 mtu 1400
      inet 10.0.0.1 netmask 255.0.0.0 broadcast 10.255.255.255
      ether 44:6d:57:48:1a:75 txqueuelen 1000 (Ethernet)
      RX packets 810 bytes 132933 (132.9 KB)
      RX errors 0 dropped 0 overruns 0 frame 0
      TX packets 421 bytes 61362 (61.3 KB)
      TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    • Check what app or service is running under port 80. Stop the service and exit the apps and try again.

  2. in phishing manager which port should be use

  3. i think its normal that when we press enter or spacebar in an editor, the two (2) dash lines will comes together and looks like one, it’s not actually a typo error sir. nice one

  4. I followed the instructions to download on my Kali OS today. Worked perfectly, except for the install command should be:
    ‘# ./installer.sh –install’
    as in, “2” dashes.
    Excellent!

  5. Good article but adding some snaps will make it PERFECT!!!!

Page 1 of 41234»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel