قالب وردپرس درنا توس
Home / Tips and Tricks / How to Build a Pumpkin PU – The Rogue AP & MITM Framework that Fits Your Pocket «Zero Byte :: WonderHowTo

How to Build a Pumpkin PU – The Rogue AP & MITM Framework that Fits Your Pocket «Zero Byte :: WonderHowTo



A man-in-the-middle attack puts you between your target and the Internet and pretends to be a Wi-Fi network, while all the packets that flow through the connection are secretly examined. The WiFi Pumpkin is a rogue AP framework that makes it easy to create these spoofed networks while routing legitimate traffic to and from the unsuspecting destination.

Today we learn to install this framework on a cost-effective Raspberry Pi Kali Linux. You may want to get a Raspberry Pi 3 Kit or Raspberry Pi 3 B + Kit for this manual. If you already have one, let us go!

Man-in-the-Middle Pumpkin Pie

On the Raspberry Pi 3 with Kali Rolling, some Kali Linux tools can be split into stand-alone, almost disposable devices. A perfect example is the WiFi Pumpkin, an attack framework for creating rogue access points to stage man-in-the-middle (MitM) attacks. This allows an attacker to lure victims to their evil access point and monitor Internet traffic, thereby taking control of the data flow for all connected victims.

A rouge device for creating fake Wi-Fi hotspots from a Raspberry Pi. Image of SADMIN / Zero Byte

When to Use the WiFi Pumpkin

The WiFi Pumpkin is a great tool if you can bridge an existing Ethernet or Wi-Fi connection and have access to the Internet for everyone connect to an open network without asking too many questions. It is replete with features including rogue Wi-Fi access points, Deauth attacks on client APs, Probe Request and Credentials Monitor, Transparent Proxy, Windows Update Attack, Phishing Manager, ARP poisoning, DNS Spoofing, Pumpkin Proxy and Image capture on the fly.

Following an earlier tutorial, Wireless Probe Frames can reveal networks that a phone or laptop is looking for. One way to use the WiFi Pumpkin is to monitor probe frames and create a network in response. We can use the WiFi Pumpkin to perform a "karma" attack and create a network with the same SSID that the target device expects or was previously connected to.

The name of your network will have a significant impact on people interacting with it. If you're in a crowd, creating a network called Starbucks can get you connected to a staggering number of devices in less than a minute. Be creative in how you get users to connect to your nasty AP. If you want to have precise control over the various elements of a man-in-the-middle attack, the simple Wi-Fi Pumpkin GUI is easy enough for most beginners.

What You Must Begin

The setup for creating a WiFi pumpkin is minimal and requires few components. To put it together, you need the following:

A simple configuration for a portable rouge AP, easy to hide or leave Behind. Image of SADMIN / Null Byte

Installation & Operation of WiFi-Pumpkin (Kali Linux) [19659004] Before each reinstallation, make sure that your system is fully up to date. For WiFi-Pumpkin you need a current Python on your computer.

  sudo apt-get update 

WiFi Pumpkin has a number of dependencies that you must install before it runs smoothly. Install the following if you are not already installed on your Kali-Pi.

Step 1: Installing Dependencies

Python's Package Manager Pip helps us manage the rest of the installation. Run the following commands to install it on Kali Linux:

  sudo apt-get install -y python-pip 

The next three dependencies allow WiFi Pumpkin to verify certificates for HTTP layer support add and intercept and inspect traffic flows. Install each as shown below.

  pip install service_identity

pip install scapy_http

sudo apt-get install mitmproxy 

Step 2: Install WiFi Pumpkin

Download WiFi Pumpkin by cloning the GitHub repository:

  git clone https://github.com/P0cL4bs/ WiFi-Pumpkin.git [19659019] Then  go to the folder: 

  cd WiFi-Pumpkin 

and change the permission of the installation file:

  chmod + x installer.sh 

And then the installer by entering the

  ./ installer.sh --install 

This may take a while, during which you can grab a cookie.

Step 3: Run WiFi Pumpkin

When it's done, run WiFi Pumpkin just by typing the following.

  sudo wifi-pumpkin 

You're ready to start making fake APs!

The Wi-Fi Pumpkin in action. Sadmin / Zero Byte Image

Some Considerations with the WiFi Pumpkin

For WiFi Pumpkin to work, you need to have access to at least one Kali Linux compatible wireless adapter with AP / Monitor mode , You need your Pi to connect to the Internet while monitoring the radio traffic around you.

You can achieve this by using a wireless network adapter and your Pi's internal Wi-Fi card in tandem or a wired Ethernet connection using a wireless network adapter. If your particular Pi is not Wi-Fi capable, you will need two wireless network adapters. If you are not sure whether the WLAN adapter supports AP / Monitor mode, you can check in the terminal with iw list . If there is an "AP" in the "Supported Interface Modes" list, this is supported by your device.

If you need a Kali Linux-compatible wireless adapter with the proper functionality, see the following article. You can ask questions here or @ sadmin2001 on Twitter or Instagram.

Do not miss: Choose a wireless adapter for hacking

Title image of SADMIN / Null Byte




Source link