Page 5 of 20
will try to sniff out the post request that may contain users’ credentials like email and password, this
would only work with HTTP. Let’s go in to see how this works
After starting the Fake access point, we can see that some protocols have also been started these will help
in the capturing of sensitive information which is passed over the network.
wifipumpkin3
set interface wlan0
set ssid Free Wifi
set proxy noproxy
ignore pydns_server
start
Page 6 of 20
From our second device, we will find the SSID for bogus AP, when the victim connects to this he will receive
malicious IP from our DHCP server.
From our second device, we could go to an HTTP page that doesn’t have SSL (secured socket layer) with
this whatever information like email, username, or password entered we would be able to view the text
entered by the victim.
Page 7 of 20
Wifipumkin capture the traffic and the credentials which were entered by the victim
