Hack Password using Rogue Wi-Fi Access Point Attack (WiFi-Pumpkin)

at 8:35 AM Monday, July 4, 2016
WiFi-Pumpkin framework for Rogue Wi-Fi Access Point Attack It helps a hacker to create a free open fake wifi and as soon as victim connects to the fake open wifi, he gets trapped. However, the best feature is that if your internet connection is working, victim will get access to internet. Hence, more chances of him to get trapped(Nice, isn’t it?).

First, to install Wifi-Pumpkin we type on terminal:


>git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git


Once the cloning is done, we need to install. Hence, go to the installed directory of WiFi-Pumpkin and open it in terminal and type the following command to install it:
./installer.sh --install


Now, open the installed directory of wifi-pumpkin in terminal and type:
python wifi-pumpkin.py
It will load wifi pumpkin in GUI as you can see in the screenshot below.


Now, all you have to do is configure your settings and click on ‘Start Access Point’.
Wait for some devices to connect. They will be displayed as you can see below. A good thing is that devices are automatically assigned a class A IP address.


In the victim’s phone PumpAP is created and he/she is accessing the internet without even knowing that they have fallen into the sweet trap of free internet!


While the victim is acessing Wi-Fi like usual, we can see his/her activity. As you can see in the below screenshot that we are able to capture victim’s phone’s “Hike Contacts.
As soon as victim opens anyone’s profile on hike, their number is being captured by us!


Many other notable features include cookie capturing. As n the below screenshot, we can see victim’s device’s cookies being visible. Which is great to know as it may have something interesting?

We are also able to capture any credentials/ login id and password on any http website.

As you can see below that victim has logged in into way2sms.com and their ID and password are being recorded.


For even better case scenarios, when many of victims will be connected to your fake Wireless Network thinking they are in luck, we will be recording everything in clear text. If we are unable to see everything on terminal, don’t worry, WiFi-Pumpkin has stored everything category wise.
Now, we go to the directory:

/WiFi-Pumpkin/logs/AccessPoint


In that directory many log files are present that have captured numerous items. One such text file is “credentials.log
Here, we will see all the login details.


Another notable file is the “urls.log
We can see all the accessed urls on victim’s device, along with their IP address.


So, this is how you allure victims into free internet and steal data without even letting them know!
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)