Wireless Attacksrogue-apmitmcaptive-portalwirelessap-attackphishing

Wifipumpkin3

Powerful framework for rogue access point attacks enabling man-in-the-middle operations over wireless networks. Includes subtools for captive portals, phishing pages, QR code attacks, and SSL stripping.

Description

Wifipumpkin3 is a Python-based framework designed for security researchers, red teamers, and reverse engineers to create rogue access points for conducting man-in-the-middle (MITM) attacks. It allows mounting wireless networks that can intercept and manipulate traffic from connected clients.

The tool provides a comprehensive suite of subtools including captiveflask for custom captive portals, phishkin3 for external phishing pages, evilqr3 for QR code-based attacks, and sslstrip3 for SSL traffic stripping. These components facilitate various attack scenarios such as credential harvesting and traffic manipulation.

Dependencies include hostapd, iptables, iw, and multiple Python libraries for network operations, DHCP, DNS, and web serving. The framework supports interactive sessions and scripting for automated attacks.

How It Works

Wifipumpkin3 uses hostapd to create rogue access points on specified wireless interfaces while sharing internet via another interface using iptables for NAT/routing. It integrates DHCP (python3-dhcplib, python3-isc-dhcp-leases), DNS (python3-dnslib, python3-dnspython), and captive portal servers (Flask-based) to control client traffic. Subtools like captiveflask serve custom login pages, phishkin3 proxies phishing content, sslstrip3 downgrades HTTPS by manipulating HSTS and traffic, and evilqr3 generates QR codes linking to malicious portals for social engineering.

Installation

bash

sudo apt install wifipumpkin3

Flags

-i INTERFACEset interface for create AP

-iNet INTERFACE_NETset interface for share internet to AP

-s SESSIONset session for continue attack

-p, --pulp PULPinteractive sessions can be scripted with .pulp file

-x, --xpulp XPULPinteractive sessions can be string with ';' as the separator

-m, --wireless-mode WIRELESS_MODEset wireless mode settings

--no-colorsdisable colored output

--restenable REST API

-t, --tamplate TEMPLATEpath the theme login captive portal (captiveflask)

-r, --redirect REDIRECTIpAddress from gataway captive portal (captiveflask)

Examples

Show help message and usage for main wifipumpkin3 tool

wifipumpkin3 -h

Display help for CaptiveFlask subtool which creates captive portals

captiveflask -h

Show help for EvilQR3 subtool for QR code captive portal attacks

evilqr3 -h

Display help for phishkin3 subtool for phishing captive portals

phishkin3 -h

Show help for sslstrip3 subtool for SSL stripping

sslstrip3 -h

Display help for wp3 alias of wifipumpkin3

wp3 -h

Set wlan0 as AP interface and eth0 for internet sharing

wifipumpkin3 -i wlan0 -iNet eth0

Updated 2026-04-16kali.org ↗