Framework for Rogue Wi-Fi Access Point Attack
WiFi-Pumpkin is a security tool that provides the Rogue access point to Man-In-The-Middle and network attacks.
Kali 2.0/WifiSlax 4.11.1/Parrot 2.0.5
git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
cd WiFi-Pumpkin
chmod +x installer.sh
./installer.sh --install
refer to the wiki for Installation
- Rogue Wi-Fi Access Point
- Deauth Attack Clients AP
- Probe Request Monitor
- DHCP Starvation Attack
- Credentials Monitor
- Transparent Proxy
- Windows Update Attack
- Phishing Manager
- Partial bypass HSTS
- Support beef hook
- Mac Changer
- ARP Poison
- DNS Spoof
- net-creds - Sniff passwords and hashes from an interface or pcap file
- dns2proxy - This tools offer a different features for post-explotation once you change the DNS server to a Victim.
- sslstrip - Sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks by xtr4nge based version
Transparent proxies that you can use to intercept and manipulate HTTP traffic modifying requests and responses, that allow to inject javascripts into the targets visited. You can easily implement a module to inject data into pages creating a python file in directory "Proxy" automatically will be listed on PumpProxy tab.
The following is a sample module that injects some contents into the tag to set blur filter into body html page:
from Plugin import PluginProxy
class blurpage(PluginProxy):
''' this module proxy set blur into body page html response'''
_name = 'blur_page'
_activated = False
_instance = None
_requiresArgs = False
@staticmethod
def getInstance():
if blurpage._instance is None:
blurpage._instance = blurpage()
return blurpage._instance
def __init__(self):
self.LoggerInjector()
self.injection_code = []
def setInjectionCode(self, code):
self.injection_code.append(code)
def inject(self, data, url):
injection_code = '''<head> <style type="text/css">
body{
filter: blur(2px);
-webkit-filter: blur(2px);}
</style>'''
self.logging.info("Injected: %s" % (url))
return data.replace('<head>',injection_code )
Find a bug? Want more features? Let us know! Please send file an issue