Are you happy with your logging solution? Would you help us out by taking a 30-second survey? Click here

WiFi-Pumpkin

Framework for Rogue Wi-Fi Access Point Attack

Star full 4f7b624809470f25b6493d5a7b30d9b9cb905931146e785d67c86ef0c205a402Star half bd79095782ee4930099175e5ce7f4c89fa3ddabcd56fffcc7c74f6f2a2d46b27Star blank 374f33e4d622a2930833db3cbea26b5d03dc44961a6ecab0b9e13276d97d6682Star blank 374f33e4d622a2930833db3cbea26b5d03dc44961a6ecab0b9e13276d97d6682Star blank 374f33e4d622a2930833db3cbea26b5d03dc44961a6ecab0b9e13276d97d6682 (3 ratings)
Rated 1.83 out of 5
Subscribe to updates I use WiFi-Pumpkin


Statistics on WiFi-Pumpkin

Number of watchers on Github 1815
Number of open issues 5
Average time to close an issue 4 days
Main language Python
Average time to merge a PR about 19 hours
Open pull requests 1+
Closed pull requests 12+
Last commit over 1 year ago
Repo Created about 4 years ago
Repo Last Updated over 1 year ago
Size 6.37 MB
Organization / Authorp0cl4bs
Latest Releasev0.8.4
Contributors1
Page Updated
Do you use WiFi-Pumpkin? Leave a review!
View open issues (5)
View WiFi-Pumpkin activity
View on github
Fresh, new opensource launches 🚀🚀🚀
Trendy new open source projects in your inbox! View examples

Subscribe to our mailing list

Evaluating WiFi-Pumpkin for your project? Score Explanation
Commits Score (?)
Issues & PR Score (?)

logo

build

WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack

Description

WiFi-Pumpkin is a very complete framework for auditing Wi-Fi security. The main feature is the ability to create a fake AP and make Man In The Middle attack, but the list of features is quite broad.

screenshot

Installation

  • Python 2.7 sh git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git cd WiFi-Pumpkin ./installer.sh --install or download .deb file to install ``` sh sudo dpkg -i wifi-pumpkin-0.8.5-all.deb sudo apt-get -f install # force install dependencies if not install normally

refer to the wiki for [Installation](https://github.com/P0cL4bs/WiFi-Pumpkin/wiki/Installation)

### Features
* Rogue Wi-Fi Access Point
* Deauth Attack Clients AP 
* Probe Request Monitor
* DHCP Starvation Attack
* Credentials Monitor
* Transparent Proxy
* Windows Update Attack
* Phishing Manager
* Partial Bypass HSTS protocol
* Support beef hook
* ARP Poison 
* DNS Spoof 
* Patch Binaries via MITM
* Karma Attacks (support hostapd-mana)
* LLMNR, NBT-NS and MDNS poisoner (Responder)
* Pumpkin-Proxy (ProxyServer (mitmproxy API))
* Capture images on the fly
* TCP-Proxy (with [scapy](http://www.secdev.org/projects/scapy/))

### Donation
##### Patreon:
[![Patreon](https://cloud.githubusercontent.com/assets/8225057/5990484/70413560-a9ab-11e4-8942-1a63607c0b00.png)](http://www.patreon.com/wifipumpkin)
##### paypal:
[![donate](https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=PUPJEGHLJPFQL)
##### Via BTC:
1HBXz6XX3LcHqUnaca5HRqq6rPUmA3pf6f

### Plugins
| Plugin | Description | 
|:-----------|:------------|
[Dns2proxy](https://github.com/LeonardoNve/dns2proxy) | This tools offer a different features for post-explotation once you change the DNS server to a Victim.
[Sstrip2](https://github.com/LeonardoNve/sslstrip2) | Sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks based version fork @LeonardoNve/@xtr4nge.
[Sergio_proxy](https://github.com/supernothing/sergio-proxy) | Sergio Proxy (a Super Effective Recorder of Gathered Inputs and Outputs) is an HTTP proxy that was written in Python for the Twisted framework.
[BDFProxy](https://github.com/davinerd/BDFProxy-ng) | Patch Binaries via MITM: BackdoorFactory + mitmProxy, bdfproxy-ng is a fork and review of the original BDFProxy @secretsquirrel.
[Responder](https://github.com/lgandx/Responder) | Responder an LLMNR, NBT-NS and MDNS poisoner. Author: Laurent Gaffie

### Transparent Proxy
![proxy](https://raw.githubusercontent.com/P0cL4bs/WiFi-Pumpkin/master/docs/proxyscenario.png)

 Transparent proxies(mitmproxy) that you can use to intercept and manipulate HTTP traffic modifying requests and responses, that allow to inject javascripts into the targets visited.  You can easily implement a module to inject data into pages creating a python file in directory "plugins/extension/" automatically will be listed on Pumpkin-Proxy tab.
#### Plugins Example Dev

 ``` python
from mitmproxy.models import decoded # for decode content html
from plugins.extension.plugin import PluginTemplate

class Nameplugin(PluginTemplate):
    meta = {
        'Name'      : 'Nameplugin',
        'Version'   : '1.0',
        'Description' : 'Brief description of the new plugin',
        'Author'    : 'by dev'
    }
    def __init__(self):
        for key,value in self.meta.items():
            self.__dict__[key] = value
        # if you want set arguments check refer wiki more info. 
        self.ConfigParser = False # No require arguments 

    def request(self, flow):
        print flow.__dict__
        print flow.request.__dict__ 
        print flow.request.headers.__dict__ # request headers
        host = flow.request.pretty_host # get domain on the fly requests 
        versionH = flow.request.http_version # get http version 

        # get redirect domains example
        # pretty_host takes the "Host" header of the request into account,
        if flow.request.pretty_host == "example.org":
            flow.request.host = "mitmproxy.org"

        # get all request Header example 
        self.send_output.emit("\n[{}][HTTP REQUEST HEADERS]".format(self.Name))
        for name, valur in flow.request.headers.iteritems():
            self.send_output.emit('{}: {}'.format(name,valur))

        print flow.request.method # show method request 
        # the model printer data
        self.send_output.emit('[NamePlugin]:: this is model for save data logging')

    def response(self, flow):
        print flow.__dict__
        print flow.response.__dict__
        print flow.response.headers.__dict__ #convert headers for python dict
        print flow.response.headers['Content-Type'] # get content type

        #every HTTP response before it is returned to the client
        with decoded(flow.response):
            print flow.response.content # content html
            flow.response.content.replace('</body>','<h1>injected</h1></body>') # replace content tag 

        del flow.response.headers["X-XSS-Protection"] # remove protection Header

        flow.response.headers["newheader"] = "foo" # adds a new header
        #and the new header will be added to all responses passing through the proxy

About plugins

plugins on the wiki

TCP-Proxy Server

A proxy that you can place between in a TCP stream. It filters the request and response streams with (scapy module) and actively modify packets of a TCP protocol that gets intercepted by WiFi-Pumpkin. this plugin uses modules to view or modify the intercepted data that possibly easiest implementation of a module, just add your custom module on plugins/analyzers/ automatically will be listed on TCP-Proxy tab.

from scapy.all import *
from scapy_http import http # for layer HTTP
from default import PSniffer # base plugin class

class ExamplePlugin(PSniffer):
    _activated     = False
    _instance      = None
    meta = {
        'Name'      : 'Example',
        'Version'   : '1.0',
        'Description' : 'Brief description of the new plugin',
        'Author'    : 'your name',
    }
    def __init__(self):
        for key,value in self.meta.items():
            self.__dict__[key] = value

    @staticmethod
    def getInstance():
        if ExamplePlugin._instance is None:
            ExamplePlugin._instance = ExamplePlugin()
        return ExamplePlugin._instance

    def filterPackets(self,pkt): # (pkt) object in order to modify the data on the fly
        if pkt.haslayer(http.HTTPRequest): # filter only http request 

            http_layer = pkt.getlayer(http.HTTPRequest) # get http fields as dict type
            ip_layer = pkt.getlayer(IP)# get ip headers fields as dict type

            print http_layer.fields['Method'] # show method http request
            # show all item in Header request http
            for item in http_layer.fields['Headers']:
                print('{} : {}'.format(item,http_layer.fields['Headers'][item]))

            print ip_layer.fields['src'] # show source ip address 
            print ip_layer.fields['dst'] # show destiny ip address 

            print http_layer # show item type dict
            print ip_layer # show item type dict

            return self.output.emit({'name_module':'send output to tab TCP-Proxy'}) 

About TCP-Proxy

TCP-Proxy on the wiki

Screenshots

Screenshot on the wiki

FAQ

FAQ on the wiki

Contact Us

Whether you want to report a bug, send a patch or give some suggestions on this project, drop us or open pull requests

WiFi-Pumpkin open issues Ask a question     (View All Issues)
  • about 3 years Create a Debian/Ubuntu package
  • over 2 years gui of wifi-pumpkin not visible
  • over 2 years Fonts are too big
  • over 2 years Python DNS Server improvements
WiFi-Pumpkin open pull requests (View All Pulls)
  • [DO NOT MERGE] [HELP REQUIRED] Added WEP Support
WiFi-Pumpkin list of languages used
WiFi-Pumpkin latest release notes
v0.8.5 WiFi-Pumpkin v0.8.5

Features

  • added new plugin TCP-Proxy
  • added capture image HTTP request (Tab ImageCap)
  • added new HTTP-request widgets get info from Headers requests
  • added new columm (url) on HTTP-Authentication
  • added now WF allow to start without internet connection
  • added option that exclude USB card on start
  • added support to use 2 wireless cards #211
  • added Python DNS Server improvements #165
  • added new style in progressbar on home
  • added option for check network connection Tab->Settings
  • added option for restore NM USB adpater after app closed #239
  • added plugin PumpkinProxy: disable browser caching, cache-control in HTML
  • added constants into a separate module [more modular design]
  • added new colorQListWidget [hover, selection]
  • added new design Qtableview for default theme
  • added hostapd option BSSID configuration [Settings TAB]
  • added show security password type option [Settings TAB]
  • added dashboard infor [uptime,threads,AP info] in tab home
  • added Qapplication: allow only one instance of WP to run
  • added more code organization in file main.py

Fixes

  • remove netcreds plugin thks for all DanMcInerney
  • fixed possible bug when start AP with interface wlanx
  • fixed exit app when exclude USB adapter
  • fixed Network-ManagerUI again
  • fixed error: iptables Bad argument
  • fixed error TCP-Proxy plugin imageCap #218
  • fixed possible error [Errno 2] No such file or directory #217
  • fixed replace bs4 to BeautifulSoup #228
  • fixed argument for 's' must be a string #232 thanks @okazymyrov
  • fixed IndexError: Layer [Raw] not found #234
  • moved option settings -> Menu File
  • fixed hide error sslstrip exceptions.RuntimeError
  • fixed [Errno socket error] [Errno -2] Name or service not known #252
  • fixed control lock/unlock plugins tabs when changes options
  • fixed PhishingManager error when try shutdown httpd server
  • fixed Windows UpdateFake modules
  • fixed check return is NoneType from function get_interface_mac
  • fixed No such file or directory: 'settings/dhcpd.conf' #266
  • fixed Wireless Deauth module scan network with airodump-ng
  • fixed pumpking-proxy all plugins inject page #272
  • fixed issue #273
  • fixed function get ipaddress by interface
  • fixed dhcpserver exception try get hostname device #277
  • fixed set border just table home in default theme
  • fixed dhcpd server error can't read file or directory
  • removed monitors views [dns2proxy,urlcreds,credentials]
  • fixed bug not working as expected #279
  • fixed small bug with Table when add new users
  • added new icon WiFi-Pumpkin
  • fixed group all object PyQt4 QtGui,QtCore
  • fixed except when try import QtGui
  • fixed detect if range ip class is same the [DHCP Server] #285
  • fixed import QtGui thanks @Brain2000 #282
  • fixed redirect Traffic from all domain [dns spoof] #296
v0.8.4 WiFi-Pumpkin v0.8.4

Features

  • added new plugin Pumpkin-Proxy (mitmproxy API)
  • added new notifications for donations
  • added tables for logging plugins HTTP-request, PumpkinProxy, HTTP-auth
  • added enable/disable Wireless Security WPA Shared Key on Settings Tab
  • added support for update requeriments.txt when get news versions

Fixes

  • fixed theme default QtableView Color hover
  • fixed logging name from jskeylogger plugin
  • fixed exclude from Network-manager by interface #149
  • fixed set the application GUI style QStyleFactory #151
  • fixed responder is not starting #162
  • fixed class DNSServer resolver domain (DNS Response)
  • fixed no Internet Connection AP DNSServer #164
  • fixed enable Copy/edit row from HTTP-Requests Tables #167
  • fixed update Responder and fixed SSL server on port 443 #166
  • fixed update version mitmproxy 0.17 to 0.18.2 #195
  • fixed dnsspoof module to redirect with plugin disabled
  • fixed ARPspoof module get MAC address by interface
v0.8.3 WiFi-Pumpkin v0.8.3

Features

  • added new design main tool
  • added new column VendorMac in man Table
  • added set sorted in all Tablewidget
  • added new plugins options and description
  • added more options in statusbar main
  • added find file in directory cfg for check update
  • added error messages more explained
  • added option to set Hostapd binary path (support hostapd-mana)
  • added new plugin Responder (LLMNR, NBT-NS and MDNS poisoners)
  • added check if interface wireless support AP/Mode
  • added python implements a DHCP Server by psychomario
  • added function: get possible errors from hostapd service

Fixes

  • fixed allow traffic to/from wlan (iptables)
  • changed the all directory structure characters to lowercase
  • ffixed No such file or directory [logs] #102
  • fixed Error nmcli exceptions.OSError #104
  • fixed improvements fuctions get_interfaces #109
  • fixed Redirect traffic from all domains in dnsspoof module
  • removed isc-dhcp-server(dhcpd) from dedependencies (optinal)
  • fixed installer:install mitmproxy in ubuntu
  • fixed get_file_cfg_Update: get update from github
  • fixed DNSServer: closes itself with this error #116
  • fixed report.py: check if module QtWebKit is installed #120
More projects by P0cL4bs View all
Other projects in Python