Search the Community

Hey everyone, If you have any PineAP questions, please leave them here in this thread. I'll do my best to answer any questions. Please do not report bugs in this thread, but rather do it here.

I know I may sound like a noob here, but is using Karma by itself already illegal? I'm just asking so that I don't go into the wrong direction.

is there anyway to download karma on wifi pineapple nano ? or is there any module that does the same function ? i tried PineAp , but it's not working the way that Karma works .

I currently do not have a WiFi Pineapple. I am using Kali Linux and I know how to create a fake access point. How can I create fake access points based on users probe requests? I tried installing FruityWiFi, but cannot configure it with my network adapter. Any ideas?

What USB wireless adapter do you recommend for use with Kali Linux, Hostapd, Aircrack-NG, Mana, Karma, FruityWiFi, Ghost Phisher, Wifi HoneyPot, etc? What do you think of the Alfa AWUS051NH or the Alfa AWUS051NH v2?

Hi guys, I just wanted to share a little script I made to trigger PineAP & Karma if my phone connects to my management AP. As soon as my device with the specified MAC address connects to it, PineAP and Karma are started (including some visual feedback using the LEDs). When the device disconnects from the AP, PineAP & Karma are turned off. #!/bin/bash <<COMMENT1 Script that checks if a defined MAC address is connected to the hotspot on interface wlan0-1. If the device is connected, the pineapple automatically starts to generate wifi-honeypots. On client dissconnect the honeypots are turned off. COMMENT1 triggerMAC="FF:FF:FF:FF:FF:FF" #Checks if a client with the defined MAC connects to AP client=`iw dev wlan0-1 station dump | grep "$triggerMAC"` echo "Starting to listen for " #Wait for client to connect while [ -z "$client" ]; do sleep 1 client=`iw dev wlan0-1 station dump | grep "$triggerMAC"` done #Notification to WebGUI on client connect pineapple notify "Client connected" #LED animation for visual feedback for i in {1..3} do pineapple led red on pineapple led blue on pineapple led yellow on sleep 1 pineapple led red off pineapple led blue off pineapple led yellow off sleep 1 done pineapple notify "Firing up PineAP and Karma" #Start PineAP pineapple module PineAP start sleep 5 pineapple led yellow on echo "Starting dogma" #Start dogma pineapple module PineAP dogma start sleep 2 echo "Starting responder" #Start beacon responder pineapple module PineAP responder start sleep 2 #Start collecting SSID pineapple module PineAP harvester start pineapple led blue on sleep 5 #Start Karma, to allow client assosiation echo "Starting Karma" pineapple karma start pineapple led red on sleep 5 #Turn LEDs off => for animation pineapple led red off pineapple led blue off pineapple led yellow off #While client is connected, LED animation is running => visual feedback while [ ! -z "$client" ]; do pineapple led yellow on sleep 1 pineapple led yellow off pineapple led blue on sleep 1 pineapple led blue off pineapple led red on sleep 1 pineapple led red off pineapple led blue on sleep 1 pineapple led blue off #Check if client is still connected client=`iw dev wlan0-1 station dump | grep "$triggerMAC"` done #Stop Pineap pineapple notify "Client diconnected! Stopping PineAP and Karma!" pineapple karma stop sleep 5 pineapple module PineAP stop sleep 5 #Reset LEDs to work in default mode pineapple led reset echo "PineAP was shutdown" Hope you guys like it :) Cheers MrGadget

Hi everyone. I am still pretty new to using the WiFi Pineapple, but I would like to try to start a project with it. What I am trying to do is capture all of the beacons that cell phones send out and send them to a log server like Splunk. I want it so that whenever someone walks by my Pineapple, it logs all the beacons that their iPhone sent out trying to connect to different APs. So when their phone sends out a message saying "hey, are you my home network?" I want it to log the name of the AP of their home network. I looked into using Karma, but I couldn't figure out how to use this on the Nano. Is there any documentation on something like this? Thanks!

So I have the AP setup with Karma on, PineAP on, Dogma, Beacon Response, Harvest SSIDs -- all on. Under Networking -> Access Point I have "Open Access Point" called q2 on channel 6 and it's not hidden. Under Networking -> Access Point I have "asdf" with WPA2 Password set (because 'password must be atleast 8 characters' no matter what -- I can't seem to delete the password...) and the "Disabled" box checked. Q2 is still showing up, however, as an encrypted network. Shouldn't it be unencrypted since, after all, it's the "Open Network" ? There's a warning that says "If you've enabled encryption, Karma will not work" -- I'm guessing somehow I enabled encryption? How do I turn this off?

1.0.2 Tetra firmware. Reboot, etc, problem persists. Closest I could find seems to be fixed: https://forums.hak5.org/index.php?/topic/37619-problems-using-filtering/ Applies to web console and command line. Command line dump: root@Pineapple:/# pineapple karma list_ssids XANADU-ZONE root@Pineapple:/# pineapple karma del_ssid XANADU-ZONE Sucessfully removed SSID XANADU-ZONE root@Pineapple:/# pineapple karma list_ssids XANADU-ZONE I think the problem has to do with spaces, not sure how exactly Check this out: root@Pineapple:/# pineapple karma add_ssid TEST-SSID Number 1 Sucessfully added SSID TEST-SSID root@Pineapple:/# pineapple karma list_ssids XANADU-ZONE TEST-SSID root@Pineapple:/# pineapple karma del_ssid TEST-SSID Number 1 Sucessfully removed SSID TEST-SSID root@Pineapple:/# pineapple karma list_ssids XANADU-ZONE If I didn't know the "full" name of the SSID, I couldn't remove it. For now, where are these entries stored on the wifi pineapple so I can manually remove (all of) them? A button/command in karma to clear all filters would be great also! Also note there is a blank entry that cannot be removed either. Anyone know a quick way to clear this karma white/black list without firmware reset?

***WARNING I HAVE HAD TOO MANY CUPS OF COFFEE TODAY IF THIS DOESN'T MAKE SENSE TELL ME**** For a university project, I am attempting to harvest the various AP Beacon frames given off by devices. I set up my Pineapple last night so that when it boots up it starts PineAP, Harvester, and the secure Wi-Fi Ap. I tested it last night, and due to my router having something really wrong with it (Randomly the 5gh and 2.4gh radios will just stop transmitting, which requires me to reboot my router) I checked to make sure that ONLY my cell or my laptop is able to connect to it. Well this morning I am in class, logged into the pineapple and there were ten clients connected to it.... Insert expletives here. I shut it down, and started looking around on how to prevent other devices from connecting to it. In the past the configuration where all my pineapple does was look and not respond worked, now that's not the case. I can't figure out what changed between now and a month and a half ago. Anyone have an idea on what settings I should use to prevent devices from associating with the pineapple? Before you ask, why are doing this on a university campus? IF I can get the data I would like I will post it here.

After reading countless threads about SSLSTRIP not working on systems such as Safari, Firefox, and Chrome I wanted to inquire about something that was released at Defcon Asia... SSLSTRIP 2 and DNS2PROXY https://github.com/LeonardoNve/sslstrip2 This is a new version of Moxie´s SSLstrip with the new feature to avoid HTTP Strict Transport Security (HSTS) protection mechanism. This version changes HTTPS to HTTP as the original one plus the hostname at html code to avoid HSTS. Check my slides at BlackHat ASIA 2014 OFFENSIVE: EXPLOITING DNS SERVERS CHANGES for more information. For this to work you also need a DNS server that reverse the changes made by the proxy, you can find it athttps://github.com/LeonardoNve/dns2proxy. Demo video at: http://www.youtube.com/watch?v=uGBjxfizy48 The DNS Proxy I am having a really hard time following the instructions, I've tried to contact the developer for clarification but no luck. Anyone else care to chime in on how to setup dns2proxy? - > Also is there anyone willing to take on the challenge on adding this as an infusion to the pineapple? My understanding is this would allow you to compromise all browsers such as Safari, Chrome, and Firefox? The demo video interestingly enough shows quite vividly proof of concept -- just trying to figure out how to do this? I'm running a few Kali Linux machines, can someone clarify how I'm supposed to setup the DNS proxy? To the ENTIRE Hak5 Team; Thankyou for working on a device that is truly amazing and endless with opportunity. We are only limited by our creativity when it comes to deployment with this awesome device. I took it upon myself to invest in all the bells and whistles that came with the Mark 5. Lets talk about build quality - FIRST CLASS! This thing is scary - To the untrained eye you wouldn't have ANY idea what it is... To the trained idea, the only term that comes to mind is pwned and operated. PineAP: ... so thats what Dogma does -- and thats why karma doesn't work as expected anymore :D -- Soooo many questions on this forum could be answered by watching this regarding Karma.. Chris Haralson https://www.youtube.com/channel/UCK15ED34btB3NZznGIXQuwA This guys videos and guides are first class - aimed at people with my skill sets I really couldn't ask for anything to be clearer. I am anxiously awaiting your future guides and videos.. (*I check back everyday*). My office :D And a snazzy little pic of some pineapples....

Hello all - I would like to use a WiFi Pineapple to run some pentesting but sense they are currently out of stock I can't buy one. Is it possible to download and run the Karma software on Kali Linux. Does anyone know how or where I can get that software loaded on Linux? Thanks in advance!

Hello. I've found that the following commands are equivalent on the pineapple, in that they both initialize karma. "pineapple karma start" and "hostapd_cli -p /var/run/hostapd-phy0 karma_enable" Hostapd_cli also has several other commands to configure karma, such as karma_black, karma_white, karma_mac_white, karma_add_ssid, and others, but not all of them work properly. For example, I was able to successfully switch the ssid and mac filter lists between deny mode and allow mode, but when I tried to use hostapd_cli to add SSIDs and MACs to the black/whitelist so that I could see them via the Karma tab in the PineAP tile, they did not appear. Running the equivalent command via pineapple, "pineapple karma add_ssid," and "pineapple karma add_mac," worked properly and both lists were populated. My question is why running the hostapd_cli command doesn't work when the pineapple command does, especially since if you run the following command: "strings /bin/pineapple," within the output, you can see the same hostapd_cli commands to add SSIDs and MACs. Is the pineapple executable doing something else that I cannot see from parsing the strings output before running the hostapd_cli commands? Does anyone know? Thanks.

I just purchased a brand new Wifi Pineapple Mark V. I turn it on and followed the instruction video to install new firmware (version 2.4.0). I then logged into the pineapple and turned on wlan0 and also Mk5 (karma). I clicked the PienApp infusion to look at the karma logs, but nothing is showing. Am i missing something here> i have several devices around it looking for wifi connections (mac laptop, google nexus, iphone).

I have an issue with using Pineapple Mark V that I cannot seem to troubleshoot. I like to caveat this my saying that I have the Pineapple configured but I have no idea if I have it configured correct or I just got lucky. I have my Pineapple up and running with a connection to the internet thorugh my host Windows computer WiFi. I can directly connect devices to the Pineapple WiFi access and have them come up as a connected device and use the infusions like URLSnarf, TCPDump, etc... My issue is that when I run Karma I see the log populating and I get devices to connect to the Pineapple, but my internet connection freezes up. I have no idea on what is causing this and I have to power down and power up my Pineapple to get the connection back. This doesn't help me be quiet while doing a PEN test.

My Karma log location is /tmp/ Are all the probe requests and mac addresses stored here? When I ssh into my pineapple, I can't find the specific log for the Karma log requests inside of the /tmp/ folder. Does anyone know the name of it? Thanks

Hey everyone, I wrapped some of the Karma functionality in PHP so you can do AP name-based phishing, and maybe some other things. I only have a Mark IV WFP so I don't know how this integrates with the Mark V. Check it out, and let me know what you think! https://github.com/memyselfandm/wfp_karma_php

I try to deauth a single person or a group of persons and to use Karma to spoof the jammed SSID in order to perform a man-in-the-middle attack (It's a school security project) but I am having some problems with it. {1} Deauth (not working) SETUP whitelist: SSID Target (the one to jam) blacklist: empty method: aireplay-ng Number of deauths to send: 50 Sleeping time in seconds: 5 Channels: 11 (I consider this is not used because I'm working with aircrack) Mode: Whitelist Controls Wifi deauth wlan1 with (--/mon0) RESULTS Starting WiFi Deauth [aireplay-ng]... Interface : wlan1 Monitor : mon1 Number of deauths to send : 50 Sleeping time in seconds : 5 Sleeping for 5 seconds... Sleeping for 5 seconds... Deauthentication infusion is not working {2} python script (working on certain versions) I found a python script that forces the deauth packages using scapy, I'm putting the link to the script here: (https://github.com/DanMcInerney/wifijammer). I got troubles running the script into the 2.3 firmware (error message: Ressource busy) and the same script runs well on 1.2. It is important to mention that I modified the script to use wlan1 as the default monitor interface to jam. I can deauth using aircrack-instructions on command line on any firmware {3} Karma/PineAP (any client got connected to the spoofed SSIDs) Karma config List of MACs (an empty list) / BLACK mode operation List of SSID (an empty list) / BLACK mode operation PineAp config [checked] Send beacon responses [checked] Harvest SSIDs [checked] Dogma Results: All SSIDs requested by the clients (probe request packets) are spoofed by dogma (all of them are visible to any client) but none of them (clients) get connected to the pineapple even if they have been disconnected by a deauth attack. If you have any ideas of what could be the problem, please post them Thanks for your replies

Hi All, I'm working on a project in witch i'm using some old Linksys WRT54GL routers that i've flashed with OpenWRT (Backfire 10.03.1). Now i'm running into some problems with the storage on the device, the device has around 1mb of flash storage that i can use. The thing i want to do is configure the router to send probe request information with UDP to my computer where i'm running a app to visualize this data, i already have an prototype working on the Pineapple. On the pineapple i'm simply watching for changes in the KarmaLog with the following script: KARMALOG="/var/karma-phy0.log" IP="172.16.42.42" PORT="11999" LASTLINE="last" while true; do # compare the lastline with the new line if [[ $LASTLINE != $(tail -n 1 $KARMALOG) ]] ; then LASTLINE=`tail -n 1 $KARMALOG` echo $LASTLINE >/dev/udp/$IP/$PORT fi sleep 1 done This works great, sends the data i need, perfect. The only problem i have now is that i want to use a different router than the pineapple but on the Linksys routers i don't have enough space to install karma, and i actually don't think i need karma to do the job. I know i can set the radio on the Linksys in monitor mode, but i don't know how i can get the probe requests out without installing an extra framework. So i'm looking for a framework or a simple script that can filter out the probe requests, in the ideal situation i would get the SSID, Timestamp, Device Hostname or Mac Address and Signal strength (to calculate a distance from the router). Do you think this is possible and if so where should i start looking? Or should i consider getting other routers with more storage capacity? Many thanks! TheB

Hi peeps, My pineapple gets delivered (new and shiny in his box) last week. Today I did a little walk in the center of my city and connect my Samsung Android device (4.4.2) to a couple of free open wifi networks. So far so good. All of these networks are saved into my phone's wifi list. At this moment my Pineapple is up and running and the good friends 'Karma' and 'Harvester' are enabled. I can see a lot of probes from people next to me, but not from my telephone. Am I missing something? Thanks for helping me, CK

I'm new to the Pineapple and I'm having trouble trying to get clients to connect to it. There seem to be two issues, depending on the client. I'm running Karma, Pineap, Dogma and Beacon Response. I have a router named 'linksys' on the other side of the house, whose signal is significantly weaker than the Pineapple's. Karma is in whitelist mode and 'linksys' is in the whitelist. Additionally, 'linksys' is in the Pineap SSID Management list. When Client_A turns on its WiFi I get the following in the Karma log: Apr 17 16:04:43 KARMA: Probe Request from [client_A_mac] for SSID 'linksys' Apr 17 16:04:43 KARMA: Checking ESSID linksys against linksys Apr 17 16:04:43 KARMA: Match found, leaving loop and the client connects to 'linksys', not the Pineapple. That's what happens most of the time. Sometimes I'll get the following: Apr 17 15:53:30 KARMA: Probe Request from [client_B_mac] for SSID 'linksys' Apr 17 15:53:30 wlan0: STA [client_B_mac] IEEE 802.11: authenticated Apr 17 15:53:30 wlan0: STA [client_B_mac] IEEE 802.11: No WPA/RSN IE in association request and again, no connection to the Pineapple. Now, occasionally a client will actually connect, but it doesn't happen often, and won't happen two times in a row. I would be very happy if someone could help me with this. Another thing: even if you don't have an answer for the above, if someone could give me an authoritative explanation for what "Match found, leaving loop", and "IEEE 802.11: No WPA/RSN IE in association request" mean, I (and probably others searching the phrases) would greatly appreciate it. I've seen both phrases mentioned on the site, but I haven't found any explanations. Thanks in advance!!!

Earlier today I was running PineAP, but after not long I was broadcasting over 200 SSIDs. There was such a flood of them that it was making other tasking difficult on other laptops. Reading here, https://www.wifipineapple.com/?portal&bugs&action=view&id=293, and from what I was trying it appears that karma must be on to use harvester. Is there another way to harvest passively as the help popup states it will? Also, I have not been able to find a way to view the list of connected clients. Top right corner it shows you the number of connected clients, but I have not been able to find a client list.

Hi Everyone! Got my Pineapple a few weeks ago and I'm still trying to learn how it all comes together. I need help with PineAP/Karma. Here is the situation: I have PineAP and all of its components running. There are over a dozen SSIDs in my "PineAP Configuration/SSID Management" section. In the Karma logs I can see activity and probe requests, however when checking available WiFi access points, I see none of the access points listed in "PineAP Configuration/SSID Management" section. I have Dogma turned out, so that should broadcast the access points to everyone. * So why am I not detecting any spoofed access points? Since I haven't had any associated clients, I tried to connect my iPhone to one of the access points on management list, and it could not find the network. I'm right next to the Pineapple, so it should be detecting and connecting immediately. --- To get a better understanding, I SSHed into the pineapple and checked "/tmp/karma-phy0.log" to see what PineAP is doing. I'm seeing probes like this: But then I'm also seeing plenty of these: * Any ideas anyone? Thanks!

http://i.imgur.com/xQuF9Fq.jpg http://i.imgur.com/RAtlIVl.jpg awus036nha v5 anker 15000 mah raspberry pi b+ 2 amp usb hub im at about 135$ so far (money i have made with tips during work hours) i had the pi plugged into 1amp and usb-hub+alfa-card plugged into 2 amp power supply and seems to run just fine... (fails other way around, alfa card needs 2 amps or disconnect/reconnect happens) the video above, i add this to my /etc/rc.local --> ./mana/run-mana/start-noupstream.sh with eth0 as the out interface, i have seen this thing go for 12 hours with out any dmesg errors... (./start-nat-simple.sh) i plan to get a nother alfa card for a good out interface... its ugly, at the moment, i plan to clean it up...

Hi Guys, I've had a Mark V for a couple months now, and only really just starting to use it. Not seen this mentioned before, so not sure if it's possible or whether it's just so simple that no-one's actually had to spell it out for a noob like myself so far! The idea I have is to use Karma to automagically liberate wireless clients in a given environment, by accepting their traffic on one wireless interface, and using another wireless interface to connect to an access point and passing the data through - Obviously this is no mean feat, this is a very basic feature of the Pineapple. What I would like to do differently from the above, is route the clients traffic (transparently) through a pre-defined VPN, thus avoiding any filtering rules on the access point or at that local network infrastructure. This means anyone connected to the Pineapple is granted secure (from the pineapple onwards at least) traffic forwarding to the VPN exit, and are able to browse Facebook/Youtube/etc even if these sites would have been blocked locally. I hope this is clear, but I will clarify if needed - Is the above possible at all? I'm sure you geniuses can help me out in some way! Thanks, Min3