WiFi-Pumpkin framework for
Rogue Wi-Fi Access Point Attack It helps a hacker to create a free open fake
wifi and as soon as victim connects to the fake open wifi, he gets trapped.
However, the best feature is that if your internet connection is working, victim
will get access to internet. Hence, more chances of him to get trapped(Nice,
isn’t it?).
First, to install
Wifi-Pumpkin we type on terminal:
Once the cloning is done, we need to
install. Hence, go to the installed directory of WiFi-Pumpkin and open it in
terminal and type the following command to install it:
./installer.sh
--install
Now, open the installed directory of
wifi-pumpkin in terminal and type:
python
wifi-pumpkin.py
It will load wifi pumpkin in GUI as you can
see in the screenshot below.
Now, all you have to do is configure your
settings and click on ‘Start Access
Point’.
Wait for some devices to connect. They will
be displayed as you can see below. A good thing is that devices are
automatically assigned a class A IP address.
In the victim’s phone PumpAP is created and
he/she is accessing the internet without even knowing that they have fallen
into the sweet trap of free internet!
While the victim is acessing Wi-Fi like
usual, we can see his/her activity. As you can see in the below screenshot that
we are able to capture victim’s phone’s “Hike
Contacts.”
As soon as victim opens anyone’s profile on
hike, their number is being captured by us!
Many other notable features include cookie
capturing. As n the below screenshot, we can see victim’s device’s cookies
being visible. Which is great to know as it may have something interesting?
We are also able to capture any credentials/
login id and password on any http website.
As you can see below that victim has logged
in into way2sms.com and their ID and password are being recorded.
For even better case scenarios, when many
of victims will be connected to your fake Wireless Network thinking they are in
luck, we will be recording everything in clear text. If we are unable to see
everything on terminal, don’t worry, WiFi-Pumpkin has stored everything
category wise.
Now, we go to the directory:
/WiFi-Pumpkin/logs/AccessPoint
In that directory many log files are
present that have captured numerous items. One such text file is “credentials.log”
Here, we will see all the login details.
Another notable file is the “urls.log”
We can see all the accessed urls on
victim’s device, along with their IP address.
So, this is how you allure victims into
free internet and steal data without even letting them know!
0 comments:
Post a Comment