Capture Images in Mobile using Driftnet through Wifi Pumpkin

WiFi-Pumpkin is an open source security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Using WiFi Pumpkin, one can create a wifi network that captures all the requests made within the network by any device that connects to the network.

First of all u need to download WiFi Pumpkin and install it in your Kali Linux. To download WiFi Pumpkin, go to and click on Clone or Download. Thereafter, copy the url to clipboard and open the terminal. Type in :-

 git clone “url copied to clipboard”

Next, go to the directory of WiFi Pumpkin on the terminal. For eg. if the repo is downloaded to the Desktop, type:

cd Desktop/WiFi-Pumpkin

./ –install

Thereafter, run wifi-pumpkin:

This will open the gui version of WiFi-Pumpkin. Now select the network adapter and change the SSID from PumpAP and rename it as desired.

Thereafter click on the Start button. This will create a new wifi-zone with the name entered in the SSID field.

Now as soon as any device connects to this wifi network, its details will be shown in the table at the right. Select any target device from the list of connected device/s and select Active Driftnet from the Tools menu.  

As soon as Driftnet starts, it will start sending screenshots from the victim’s desktop/mobile. This will also capture the images of facebook.

Author: Shivam Gupta is An Ethical HackerCyber Security Expert, Penetration Tester, India. you can contact here

Wifi Penetration Testing in Remote PC (Part 1)

People often say “news travel fast”. How? The answer is one word Wireless. Wireless network all around the world helps us to move faster in our life. It enables us to make more of already running time. But, today, wireless connections to the internet have become necessisity. And it is now very much possible to take advantage of this necessisity.

Wifi : It is technology that allows electronic devices to connect to internet in a given area. WiFi has a lot of advantages. Wireless networks are easy to set up and inexpensive. They’re also unobtrusive — unless you’re on the lookout for a place to watch streaming movies on your tablet, you may not even notice when you’re in a hotspot.A wireless network uses radio waves, just like cell phones, televisions and radios do. In fact, communication across a wireless network is a lot like two-way radio communication. Here’s what happens:

  1. A computer’s wireless adapter translates data into a radio signal and transmits it using an antenna.
  2. A wireless router receives the signal and decodes it. The router sends the information to the Internet using a physical, wired Ethernet connection.

The process also works in reverse, with the router receiving information from the Internet, translating it into a radio signal and sending it to the computer’s wireless adapter.

When you connect your device to the wifi, your device will store all the information of wifi. And after taking over the control of Victim PC. You can know each and everything about their wifi router, including their password.

For WiFi Penetration Testing, Take a session through meterpreter and reach to the shell of your Remote PC. And run the following commands:

Our first command will allow us to see all the networks to which the remote PC has been ever connected till date.

netsh wlan show profiles

Our next command helps us to see the details and password of a particular router.

netsh wlan show profiles name=[profile name] key=clear

Here, profile name is wifi name.

The following image shows the detail of the router named “Yashika”

The next image shows us the password of the router named Yashika with the heading key content. We can see that password is 99********

Our next command allows us to delete a particular wifi connection.

netsh wlan delete profile name=[profile name]

Here, profile name is wifi name.

Next command allows us to set the priority of a wifi network.

netsh wlan set profileorder name=[profile name]interface=[interface_name] priority=1

Here, profile name is wifi name and interface name is network types such as WLAN, LAN.

Next command allows us to stops our remote PC to automatically connect to a network.

netsh wlan set profileparameter name=[profile name] connectionmode=manual

Here, profile name is wifi name.

Next command allows us to export all the details about a wlan network.

netsh wlan export profile name=[profile name]

Here, profile name is wifi name.

Next command helps us to import any wlan file to a particular wifi network.

netsh wlan add profile filename=[path_and_filename.xml] interface=[interface_name]

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here

Hack Wifi using Evil Twin Method with Linset in kali Linux

Linset is a tool for Evil twin attack

How it works

  • Scan the networks.
  • Select network.
  • Capture handshake (can be used without handshake)
  • We choose one of several web interfaces tailored for me (thanks to the collaboration of the users)
  • Mounts one FakeAP imitating the original
  • A DHCP server is created on FakeAP
  • It creates a DNS server to redirect all requests to the Host
  • The web server with the selected interface is launched
  • The mechanism is launched to check the validity of the passwords that will be introduced
  • It deauthentificate all users of the network, hoping to connect to FakeAP and enter the password.
  • The attack will stop after the correct password checking

 First of all download Linset from github with command:

git clone

and then change the permissions of the linset script with command:

chmod +x linset

and then execute it with command:


After execution it will ask to choose the interface so select wlan0 for wireless extension which will put it into monitor mode.

Then it will ask to select the channel so enter 1 to select all the channels.

Now the monitor mode will listen to all the available wifi connections , so wait till your target appears and then press ctrl^c.

Now it will list  all the AP’s with their SSID ,id no. and signal strength , so enter the id of your target and hit Enter as in my case i have selected rajlab by entering 1.

Now select Hostapd by entering 1 which will help in creating Fake AP.

Now hit Enter for using default path to save the capture file or you can give the custom path to save the capture  file which will ask to select the method for cracking the handshake so select 1 for aircrack-ng.

Now select 1 to de-authenticate all the clients connected to the target AP to capture the handshake.

Now when the handshake is captured you will see it on right top corner of the new window and then enter 1 on the menu window as we have captured the handshake. 

Now select 1 for web interface which will be presented to the victim when he will connect to our fake AP.

Now it will ask for language selection of the web interface so enter 1 for English.

Now 4 terminal windows will be opened of which one will create the Fake AP , one will be regularly de-authenticating all the clients and one will  show all the info of the AP.

Now as you can see there are 2 rajlab AP are present of which one is fake and open and the other is the original but the clients will not be able to connect to the original one due to our deauth attack so they will be forced to connect to our fake AP.

After connecting to the Fake AP it will redirect the victim browser to below given web-page which will require the victim to enter the  original AP password as the attack will only stop when the victim will enter correct password.

After submitting the correct password , the attack will be stopped and a message will be generated that your connection will be restored .

As you can see in my case victim entered the correct password and we found the correct key as:

KEY FOUND! [ raj123987 ]

Author: Himanshu Gupta is an InfoSec Researcher | Technical writer. You can follow him on LinkedIn .

Hack Password using Rogue Wi-Fi Access Point Attack (WiFi-Pumpkin)

WiFi-Pumpkin framework for Rogue Wi-Fi Access Point Attack It helps a hacker to create a free open fake wifi and as soon as victim connects to the fake open wifi, he gets trapped. However, the best feature is that if your internet connection is working, victim will get access to internet. Hence, more chances of him to get trapped(Nice, isn’t it?).

First, to install Wifi-Pumpkin we type on terminal:

git clone

Once the cloning is done, we need to install. Hence, go to the installed directory of WiFi-Pumpkin and open it in terminal and type the following command to install it:

./ –install

Now, open the installed directory of wifi-pumpkin in terminal and type:


It will load wifi pumpkin in GUI as you can see in the screenshot below.

Now, all you have to do is configure your settings and click on ‘Start Access Point’.

Wait for some devices to connect. They will be displayed as you can see below. A good thing is that devices are automatically assigned a class A IP address.

In the victim’s phone PumpAP is created and he/she is accessing the internet without even knowing that they have fallen into the sweet trap of free internet!

While the victim is acessing Wi-Fi like usual, we can see his/her activity. As you can see in the below screenshot that we are able to capture victim’s phone’s “Hike Contacts.

As soon as victim opens anyone’s profile on hike, their number is being captured by us!

Many other notable features include cookie capturing. As n the below screenshot, we can see victim’s device’s cookies being visible. Which is great to know as it may have something interesting?

We are also able to capture any credentials/ login id and password on any http website.

As you can see below that victim has logged in into and their ID and password are being recorded.

For even better case scenarios, when many of victims will be connected to your fake Wireless Network thinking they are in luck, we will be recording everything in clear text. If we are unable to see everything on terminal, don’t worry, WiFi-Pumpkin has stored everything category wise.

Now, we go to the directory:


In that directory many log files are present that have captured numerous items. One such text file is “credentials.log

Here, we will see all the login details

Another notable file is the “urls.log

We can see all the accessed urls on victim’s device, along with their IP address.

So, this is how you allure victims into free internet and steal data without even letting them know!

Related Posts Plugin for WordPress, Blogger...