How To: Build a Pumpkin Pi — The Rogue AP & MITM Framework That Fits in Your Pocket

Build a Pumpkin Pi — The Rogue AP & MITM Framework That Fits in Your Pocket

A man-in-the-middle attack places you between your target and the internet, pretending to be a Wi-Fi network while secretly inspecting every packet that flows through the connection. The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target.

Today, we'll learn to set up this framework on a low-cost Raspberry Pi running Kali Linux. You may want to look into getting a Raspberry Pi 3 kit or Raspberry Pi 3 B+ kit for this guide. If you already have one, great, let's go!

Man-in-the-Middle Pumpkin Pie

On the Raspberry Pi 3 running Kali Rolling, some Kali Linux tools can be broken out into standalone, almost disposable devices. One perfect example is the WiFi-Pumpkin, an attack framework for creating rogue access points to stage man-in-the-middle (MitM) attacks. This allows an attacker to lure victims to their evil access point and begin monitoring internet traffic, effectively seizing control over the flow of data to any connected victims.

A rouge device for creating fake Wi-Fi hotspots from a Raspberry Pi. Image by SADMIN/Null Byte

When to Use the WiFi Pumpkin

The WiFi-Pumpkin is a great tool to use when you can bridge an existing Ethernet or Wi-Fi connection, serving internet access to anyone willing to connect to an open network without asking too many questions. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor, transparent proxy, Windows update attack, phishing manager, ARP Poisoning, DNS Spoofing, Pumpkin-Proxy, and image capture on the fly.

Following up from a previous tutorial, wireless probe frames can reveal networks a phone or laptop is probing for. One way we can use the WiFi-Pumpkin is to monitor probe frames and create a network in response. We can use the WiFi-Pumpkin to conduct a "Karma" attack and create a network with the same SSID that the target device is expecting, or has connected to before.

The name of your network will have a significant effect on how people interact with it. If you are in a crowd, creating a network with names like "Starbucks" can cause a startling number of devices to connect to you in under a minute. Be creative in how you trick users into connecting to your evil AP. When you want precision control over the various elements of a man-in-the-middle attack, the WiFi-Pumpkin's easy GUI is straightforward enough for most beginners to grasp.

What You'll Need to Get Started

The setup to create a WiFi-Pumpkin is minimal and requires only a few components. To put this together, you'll need the following.

A simple setup for a portable rouge AP, easy to hide or leave behind. Image by SADMIN/Null Byte

Installing & Running WiFi-Pumpkin (Kali Linux)

As before any new install, ensure that your system is fully updated. WiFi-Pumpkin will require that you have an up-to-date Python installed on your machine.

sudo apt-get update

WiFi-Pumpkin has a number of dependencies you will need to have installed before it can run smoothly. Install the following if you don't already have them on your Kali-Pi.

Step 1: Install Dependencies

Python's package manager, Pip, will help us manage the rest of the installation. To install it on Kali Linux, run the following commands.

sudo apt-get install -y python-pip

The next three dependencies will allow WiFi-Pumpkin to verify certificates, add HTTP layer support, and intercept and inspect traffic flows. Install each as shown below.

pip install service_identity

pip install scapy_http

sudo apt-get install mitmproxy

Step 2: Install WiFi-Pumpkin

Download WiFi-Pumpkin by cloning the GitHub repository:

git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git

Then go inside the folder:

cd WiFi-Pumpkin

And change the permission of the installer file:

chmod +x installer.sh

And then run the installer by entering the following.

./installer.sh --install

This may take a little time, during which you can go grab a cookie.

Step 3: Run WiFi-Pumpkin

When it's complete, run WiFi-Pumpkin by simply entering the following.

sudo wifi-pumpkin

You're ready to get started creating fake APs!

The Wi-Fi Pumpkin in action. Image by Sadmin/Null Byte

Some Considerations with the WiFi-Pumpkin

Keep in mind, in order for WiFi-Pumpkin to work, you will need to have access to at least one Kali Linux compatible wireless adapter with AP/Monitor mode support. You will need your Pi to be connected to the internet while also capable of monitoring wireless traffic around you.

You can achieve this by using one wireless network adapter and your Pi's internal Wi-Fi card in tandem or a wired Ethernet connection and one wireless network adapter. In the case your particular Pi isn't Wi-Fi capable, you'll need two wireless network adapters. If you are unsure if the wireless adapter you have supports AP/Monitor mode, you can check in terminal with iw list. If there is an "AP" in the list of "Supported interface modes," then your device supports it.

If you're in need of a Kali Linux compatible wireless adapter with the appropriate functionality, check out the following linked article. You can ask me questions here or @sadmin2001 on Twitter or Instagram.

Cover photo by SADMIN/Null Byte

Never Miss a Hacking or Security Guide

Get new Null Byte guides every week.

19 Comments

Hi, great tutorial however, I am having an issue.

When loading up wifi-pumpkin using sudo, I get the following message:

X Error: BadDrawable (invalid Pixmap or Window parameter) 9
Major opcode: 62 (X_CopyArea)
Resource id: 0x100001a

This message continues to repeat itself over and over again. The GUI is completely grey. I have searched the forums and found something to do with updating the /etc/environment file with the following code:

QTX11NO_MITSHM=1

However, this hadn't made any difference.
Can anyone help?

Thanks in advance

is there a non GUI version of the program? I want to automate it so it's a lug and go kinda thing

I have a cheap wifi adapter which does not supports AP mode but rpi3 internal wifi chip does so by nexmon Kali putting rpi3's wifi chip in monitor mode and connecting to internet via the other cheap wifi adapter can I use it

Can I do it with RPi3 internal wifi chip and connecting to internet with another cheap wifi adapter which doesn't supports AP mode.

Nice tuto Sadmin..thanks for the work
My advice is only for education purpose !!

most phones, laptops etc. is set to auto connect to known AP's .. so all you really need to do is copy the ESSID they are looking for and they will auto connect to it. ;)..

I will not explain it in details how to do this but it should give you an idear how to exploid that ;)...

Hi,

how does the 036NEH compare to 036NHA performance wise?

Thanks.

Hi,

How would you set this up with a headless rpi3 using ssh, similar to in the picture

As it uses a GUI then to remotely control the PI you can use VNC viewer.

To enable it on the PI use the command:

raspi-config

And then set up VNC viewer on another machine

What is the need of a wireless adapter as the Raspberry pi 3 has inbuilt WiFi and Bluetooth connectivity??

Are you kidding? The inbuilt wifi connectivity is almost useless! What range do you think is its maximum? It cannot even be compared with an external adapter!

I completed everything and wifi-pumpkin installed with all dependancies, however I encountered this:

root@kali:~# sudo wifi-pumpkin
Traceback (most recent call last):
File "wifi-pumpkin.py", line 37, in <module>
from core.utility.application import ApplicationLoop
File "/usr/share/WiFi-Pumpkin/core/utility/application.py", line 3, in <module>
from core.main import version
File "/usr/share/WiFi-Pumpkin/core/main.py", line 24, in <module>
from core.utils import (
File "/usr/share/WiFi-Pumpkin/core/utils.py", line 14, in <module>
import configparser
ImportError: No module named configparser

Hi,
Good job Sadmin..thanks for the video...
Could U help me please ?

You do not have a working installation of the serviceidentity module: 'cannot import name opentype'. Please install it from <pypi.python.org/pypi/service_identity> and make sure all of its dependencies are satisfied. Without the serviceidentity module, Twisted can perform only rudimentary TLS client hostname verification. Many valid certificate/hostname mappings may be rejected.

Traceback (most recent call last):
File "wifi-pumpkin.py", line 50, in <module>
from Core.Main import Initialize
File "/usr/share/WiFi-Pumpkin/Core/Main.py", line 52, in <module>
from Core.helpers.report import frm_ReportLogger
File "/usr/share/WiFi-Pumpkin/Core/helpers/report.py", line 2, in <module>
from PyQt4.QtWebKit import QWebView
ImportError: No module named QtWebKit

I already install ....service_identity....but still the same message...

Thanks

wifi-pumpkin is pretty bugged to the beginners eye...at least the creater says so

github.com/P0cL4bs/WiFi-Pumpkin/issues/390

">>mh4x0f<< commented on 30 Jul 2018

That's what I'm talking about #398, @curtismany is trying to do arpspoof without understanding how it works . the tool only works for those who understand what they are doing and not for newbies. the security tool is not normal software you need to understand the attack so that it works is not simply to use. I will still not support such people, anymore."

Sad that he refuses to make a total guide so everybody can get food on the table. And not just them who already are old rats in the programming world who already own Mercedes, Tesla and such (wealthy closed club). Notice, he wants beginners to stumble over these "bugs" so they cant use his program it seems.

It is like this all over the world. The rich & elite & successful don't want to share the cake. They try to block the path for others in most cases. This is true greed and ego.

"I will give support - but only if your a pro & old programmer rat who dont even need help" lol.

That is a fucked up mentality.

Wifi-pumpkin bugged my raspberry pi so now all interfaces is shut down "device not managed" - for eth0 ( cable internet ), "wifi is disabled" for wlan0 and wlan1 ( all wireless interfaces )

So my raspberry cant get on the internet no matter you do. Reboot, restart network manager nothing works.

There seems to be a fix but the idiot on the support forum never said the path to the directory to edit the file so i'am stuck here with a headache.

  • No internet = cant even install the "locate" module so I can search on my pi!

So again, there is a fix if you waste a lot of time or is an old rat.

The second solution is to reinstall my SD card...and update = 5 hours.

I fucking hate aggrogant idiots. Had taken him 1 second to write the path of the file but nono, he wanted the beginners to get stuck in their tracks. Evil motherfucker.

They cant stop the unstoppable beginner, so why even try. Stupid, unintelligent, people.

Why I like null bytes, this guy got a big heart and want to bring up the next generation of PeNTesters. His heart is not old, cold and corrupted like most. ( corrupted by greed and ego )

In reality the world need 10x more security pro's because the hackers outnumber the whitehats by A LOT and the old rats maybe want to keep their pay insanely high as a result? Many possible agendas behind.

The more whitehats the world got the stronger the security world wide. 1 new security invention from such a whitehat could stop millions of attacks...just a bright head and some lines of code...but when you block the next generation of whitehacks then you will never get where I talk about. And the blackhats will dominate as they do today.

The harder / longer / frustaing the learning curve ( due to idiots ) the less whitehats you get. The backhats you cant stop...they are determined with a set goal in mind ( and need food on the table ) so they will always get in goal. But the guy who is just curious and want to learn will likely give up wasting his time on this shit lol.

If I did not know the insane timewaste due to bullshit errors during this journey - as a result of half guides, or are outdated guides, skipped info and so on. Was worth it in the end, I would not do it either.

Maybe a fix for the "device disabeled" bug is to backup the right network-manager files on beforehand so after using wifi-pumpkin you delete them and throw the old onces in again. Becuase wifi-pumpkin for some edite the networkmanager files permanently why it is bugged even after reboot :/

Fucking stupid that the developer is such a jerk.

Share Your Thoughts

  • Hot
  • Latest