January 21, 2020

Evil Twin Access Point | WiFI Pumpkin

fr4nc1stein
Share

Hello Everyone:I would like to share how to setup an Evil Twin Access Point.

Pre-requisite:

Operating System: Kali 2.0/WifiSlax 4.11.1/Parrot 3.0.1/2.0.5In other Linux like UBUNTU you need to install the following dependencies:
  •     Python 2.7
  •     hostapd
  •    isc-dhcp-server
  •     php
  •     aircrack-ng
  •     dnsmasq
WiFi Adapter: TP-LINK TL-WN722N - I use these on my presentation and demo using 2PCSS.Note: If you are using VMWARE you can bridge the connection, Connect your OS to through WIFI, if you are using PURE Kali use one LAN for internet source and use the WIFI Adapter for FAKE AP 

Installation:

git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git cd WiFi-Pumpkin ./installer.sh --install
Note: Use sudo or install in root access. 

WIFI Pumpkin

WiFi-Pumpkin is a open source security tool that provides the Rogue access point to Man-In-The-Middle and network attacks.

Features

  • Rogue Wi-Fi Access Point
  • Deauth Attack Clients AP
  • Probe Request Monitor
  • DHCP Starvation Attack
  • Credentials Monitor
  • Transparent Proxy
  • Windows Update Attack
  • Phishing Manager
  • Partial Bypass HSTS protocol
  • Support beef hook
  • Mac Changer
  • ARP Poison
  • DNS Spoof
  • Patch Binaries via MITM
 Now, I  would like to share the process how to Capture POST Credentials Request using WiFi-Pumpkin.

CAPTURE CREDENTIALS POST

Step 1: We need to install follow instruction above.InstallStep 2: Just start using "sudo wifi-pumpkin" after installedstartStep 3: Click Start -> View ->Credential NetCredsStep 4: Capture LogsCapture LogsStep 4: If the Victim connected and login to nont-httpsLoginStep 5: Viola, you get plain text credentialsGotchaThis is for educational purpose and thank to the P0cL4bs TeamStay tuned and I will show you next the tutorial in bypassing HSTS.   

Start learning with Cybrary

Create a free account

Related Posts

All Blogs
Building a Security Team
June 27, 2023

Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It

A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.

Read More
Building a Security Team
June 28, 2023

How to Build a Red Team

An overview of what a red team is (and isn’t), and practical tips on how to build a Red Team and develop offensive security skills in your team.

Read More
Tools & Applications
June 7, 2023

How to Make the Most of Blending Learning with Cybrary Live

Learn how to get the most from your cybersecurity training platform by blending on-demand learning with virtual, live courses led by industry experts.

Read More
News & Events
June 7, 2023

Introducing the New Cybrary Learner Experience

Cybrary is launching a key update to the Cybrary Learner experience to elevate hands-on learning and measurement as guiding tenets of Cybrary’s mission.

Read More