The security audit framework used to test the security of wifi against threats like the man in the middle attacks is known as Wifi Pumpkin. The tool generates fake access points to employ MITM attacks on the wifi networks. The machine is capable of utilizing cyber-attacks, such as by developing fake/rogue access points, de-authenticating clients from access points, DHCP starvation attacks, Windows updates attacks, Karma attacks, DNS spoofing, and ARP poisoning. Moreover, Wifi Pumpkin carries the potentiality of phishing, credentials monitoring, and capturing images on the fly.
Wifi Pumpkin is operated by the support of Kali Linux, Parrot OS, Pentoo, and Ubuntu. By cloning the framework from GitHub and running the installer as shown in the following commands Wifi Pumkin can be installed.
git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git cd WiFi-Pumpkin chmod +x installer.sh sudo ./installer.sh --install
Wifi Pumpkin requires the following software to operate.
Isc-dhcp-server and php5-cli are optional. The dependencies can be installed by running the requirements.txt file as follows.
pip install –r requirements.txt
How Wifi Pumpkin Works
There are many ways to use Wifi Pumpkin. For demonstration purpose, we are going to develop a rogue access point where anyone can join without requiring any credentials. To make wifi access point Wifi Pumpkin needed Ethernet and wifi adapter. Run the following command to check the available wifi interface.
In most of the cases, it is wlan0. The next step is to launch the Wifi Pumpkin. Operate the following command to release the Wifi Pumpkin interface.
If that does not perform, run the same command with sudo option i-e
After opening the Wifi Pumpkin interface, go to the plugins tab to choose the desired plugins for auditing or simulating the wifi attack.
After that, you need to configure the access point from the settings tab. The settings tab provides various configurations to adapt, such as Access Point setting (configuring SSID and BSSID, choosing the network adapter), activity monitor setting, and DHCP setting. The settings tab doesn’t have an option of enabling the wireless security. Keep it unchecked for creating rogue access point without any credentials.
Once you are done with the setting, press the start button to allow the access point to broadcast the free wifi in the vicinity. Wifi Pumpkin has an activity monitoring window that records all the traffic of the users who are connected with the rogue access point.