A man-in-the-middle attack puts you between the victim and the Internet and pretends to be a Wi-Fi network, while every packet that flows through the connection is secretly intercepted. WiFi Pumpkin is a rogue AP framework that lets you easily create these fake networks. In this tutorial, I’ll show you how to install this framework on a low-cost Raspberry Pi with Kali Linux.
How to install Kali Linux on the Raspberry Pi, I’ll show you in this tutorial – Install Kali Linux on the Raspberry Pi
If you want to install Kali Linux as the only operating system on a hard disk, check out this tutorial – Kali Linux Hard Disk Installation
With the Wi-Fi Pumpkin, you can bridge an existing wireless connection and provide Internet access to anyone who wants to connect to an open network. The Wi-Fi Pumkin Framework is packed with features including Rogue Wi-Fi access points, Deauth attacks on client APs, Probe Request and Credentials Monitor, Transparent Proxy, Windows Update Attack, Phishing Manager, ARP poisoning, DNS Spoofing , Pumpkin proxy and image capture during operation.
The name of your network has a big impact on how users handle it. If you’re in a crowd, creating a network with a name like “Starbucks” or “Free WiFi” can cause a large number of devices to connect to your access point.
- USB Wi-Fi Adapter – Kali Linux Wi-Fi Adapter 2018
- Raspberry Pi – Link to Amazon
- Micro SD Card – Link to Amazon
- Power adapter – Link to Amazon
- USB mouse and keyboard – Link to Amazon
- SD-Card adapter – Link to Amazon
- Computer to prepare the SD card
- Powerbank for mobile applications (optional) – Link to Amazon
Install and run WiFi-Pumpkin
- Make sure that Kali Linux is fully updated before each installation:
sudo apt-get update
Step 1 – Installation of Dependencies
- WiFi Pumpkin has a number of dependencies that you need to install to keep things running smoothly. Install Python if you do not already have it on your Raspberry Pi. Python’s package manager Pip helps you manage the rest of the installation. To install it, open the terminal and execute the following command:
sudo apt-get install -y python-pip
- The next three dependencies allow the WiFi-Pumpkin to verify certificates, add HTTP layer support and intercept data flows, and analyze:
pip install service_identity
pip install scapy_http
sudo apt-get install mitmproxy
Step 2 – Installation of WiFi-Pumpkin
- Download WiFi-Pumpkin by cloning the GitHub repository:
- Then go to the folder WiFi-Pumpkin:
- Change the permission of the installation file:
chmod +x installer.sh
- Then run the installer by typing:
Schritt 3 – WiFi-Pumpkin ausführen
- When the installation is done, start WiFi-Pumpkin with the following command:
Now the system is ready and you can create fake access points. But please do this only for testing purposes in your own network. Already the attempt of spying data is punishable. Please read the disclaimer.
Schritt 4 – Access Point erstellen
- In the startup window, select whether you want to connect WiFi-Pumpkin to a wired connection or to a WiFi-Network. This setting will be retained even if WiFi-Pumpkin is started later, as long as the same network connection exists
- In the main window go to the menu item “Settings”
- Give a name to your access point
- Select the network adapter over which you want to deploy the access point
- Put in the “Activity Monitor settings” the cross at “Responder”
- In the main window go to the menu item “Plugins”
- Select “SSLstrip+|Dns2proxy”
- Put the cross on “responder” here as well
- Start the Access Point by clicking on “Start” and wait for the first devices to connect
(IP and Mac address were hidden in the screenshot)
- Open the “Activity Monitor” with one click. Now you can observe the surfing behavior of users, as well as login data in the form of user names and passwords
Remember, for the WiFi-Pumpkin to work, you need to have access to at least one Kali Linux-compatible wireless adapter with AP / Monitor Mode support. The Raspberry Pi needs to be connected to the Internet while monitoring wireless traffic.
You can achieve this by using a wireless network adapter and the internal WiFi card of the Raspberry Pi at the same time or a wired Ethernet connection and a wireless network adapter. If your Raspberry Pi is not WiFi-enabled, you’ll need two wireless WiFi adapters.