A man-in-the-middle attack puts you between your target and the Internet and pretends to be a Wi-Fi network, while all the packets that flow through the connection are secretly examined. The WiFi Pumpkin is a rogue AP framework that makes it easy to create these spoofed networks while routing legitimate traffic to and from the unsuspecting destination.
Today we learn to install this framework on a cost-effective Raspberry Pi Kali Linux. You may want to get a Raspberry Pi 3 Kit or Raspberry Pi 3 B + Kit for this manual. If you already have one, let us go!
On the Raspberry Pi 3 with Kali Rolling, some Kali Linux tools can be split into stand-alone, almost disposable devices. A perfect example is the WiFi Pumpkin, an attack framework for creating rogue access points to stage man-in-the-middle (MitM) attacks. This allows an attacker to lure victims to their evil access point and monitor Internet traffic, thereby taking control of the data flow for all connected victims.
When to Use the WiFi Pumpkin
The WiFi Pumpkin is a great tool if you can bridge an existing Ethernet or Wi-Fi connection and have access to the Internet for everyone connect to an open network without asking too many questions. It is replete with features including rogue Wi-Fi access points, Deauth attacks on client APs, Probe Request and Credentials Monitor, Transparent Proxy, Windows Update Attack, Phishing Manager, ARP poisoning, DNS Spoofing, Pumpkin Proxy and Image capture on the fly.
Following an earlier tutorial, Wireless Probe Frames can reveal networks that a phone or laptop is looking for. One way to use the WiFi Pumpkin is to monitor probe frames and create a network in response. We can use the WiFi Pumpkin to perform a "karma" attack and create a network with the same SSID that the target device expects or was previously connected to.
The name of your network will have a significant impact on people interacting with it. If you're in a crowd, creating a network called Starbucks can get you connected to a staggering number of devices in less than a minute. Be creative in how you get users to connect to your nasty AP. If you want to have precise control over the various elements of a man-in-the-middle attack, the simple Wi-Fi Pumpkin GUI is easy enough for most beginners.
The setup for creating a WiFi pumpkin is minimal and requires few components. To put it together, you need the following:
Installation & Operation of WiFi-Pumpkin (Kali Linux)  Before each reinstallation, make sure that your system is fully up to date. For WiFi-Pumpkin you need a current Python on your computer.
sudo apt-get update
sudo apt-get update
WiFi Pumpkin has a number of dependencies that you must install before it runs smoothly. Install the following if you are not already installed on your Kali-Pi.
Python's Package Manager Pip helps us manage the rest of the installation. Run the following commands to install it on Kali Linux:
sudo apt-get install -y python-pip
The next three dependencies allow WiFi Pumpkin to verify certificates for HTTP layer support add and intercept and inspect traffic flows. Install each as shown below.
pip install service_identity pip install scapy_http sudo apt-get install mitmproxy
Step 2: Install WiFi Pumpkin
Download WiFi Pumpkin by cloning the GitHub repository:
git clone https://github.com/P0cL4bs/ WiFi-Pumpkin.git  Then go to the folder:
and change the permission of the installation file:
chmod + x installer.sh
And then the installer by entering the
./ installer.sh --install
This may take a while, during which you can grab a cookie.
When it's done, run WiFi Pumpkin just by typing the following.
You're ready to start making fake APs!
For WiFi Pumpkin to work, you need to have access to at least one Kali Linux compatible wireless adapter with AP / Monitor mode , You need your Pi to connect to the Internet while monitoring the radio traffic around you.
You can achieve this by using a wireless network adapter and your Pi's internal Wi-Fi card in tandem or a wired Ethernet connection using a wireless network adapter. If your particular Pi is not Wi-Fi capable, you will need two wireless network adapters. If you are not sure whether the WLAN adapter supports AP / Monitor mode, you can check in the terminal with iw list . If there is an "AP" in the "Supported Interface Modes" list, this is supported by your device.
If you need a Kali Linux-compatible wireless adapter with the proper functionality, see the following article. You can ask questions here or @ sadmin2001 on Twitter or Instagram.
Do not miss: Choose a wireless adapter for hacking