Showing the vulnerabilities of networking with MITM attacks

[TheB]

Hi All!

I'm currently busy with a project in witch i want to use man in the middle attacks to show the vulnerabilities of networking and explicitly phones who automatically connect to a known wifi network. I'm doing this for a school graduation project at an art school in the Netherlands, so i'm not an expert at hacking but i have a bit of experience programming. I want to use this tread to showcase the work i'm going to do, and to gather feedback from people (you boys and girls) far more experienced then me!

So, my planning thus far is to set up an development/ possible final set up that can do MITM attacks and output this in an graphical way. I would like to use a raspberry PI 2B to be the graphical output device and host device for sharing the network with the wifi pineapple. The most reliable solution for that would be (i'm guessing) to share the internet from the raspberry to the pineapple trough a serial interface. What do you think of this set up? Would you share the internet in the same way or chose different hardware altogether?

At the moment i'm testing wat i can get out of the pineapple in terms of data, i'm very interested in wat way i can best collect this data flowing trough the device. I've done some test with DNS spoofing what is working pretty decent. Also with Ettercap, TCPDump and SSLStrip. But i noticed that when i use Ettercap or SSLStrip the victim has a very slow connection, could this be because in my test set up i'm using the pineapple in client mode connected to another wifi? In the end i would like to intercept traffic that confronts the viewer, i don't want to show them there password but maybe scrambled pieces of written text like email, instant messaging usernames etc. I don't want to bluntly show all there data on a screen, and i also don't want to permanently store the data to do harm later on. Do you have tips on what are the best techniques to do this sort of data collecting and is it even possible to read the contents of a packet?

I hope you could give me some feedback and direction!

Many Thanks!

[TheB]

Hi all, here's a follow up on recent developments.

I have my development set up compete, i have a ubuntu installation running on my mac from where i control the wifi pineapple and share the internet from.

And now i'm having a lot of fun trying out the infusions available from the pineapple bar! I did notice that the SSLStrip infusion makes the network go really slow when doing its thing resulting in a "can not connect to the server" while active. So in the meantime i'm analyzing the regular http traffic in search for patters i can use. Until now i have had no luck finding patterns in the seas of data flowing trough the device, i guess that is not a human job to do ;).

Do any of you have some tips on what tricks i can do to analyse the traffic going trough the pineapple, my ideal situation would be to get the messages (Facebook messenger, posts, etc.) but i guess that those are (luckily) very well encrypted.

[TheB]

Another quick follow up, i was doing some tests with the URLSnarf infusion, checking what the different outcomes would be with analyzing web traffic vs app traffic. So i opened Facebook app and got nothing, the app uses mostly tcp for the communications but after that i opened the app store data started pouring in, mostly images so okay no big deal only images. But then i did an app update.. and i could see an http request for the app's .ipa file!

"GET http://a259.phobos.apple.com/eu/r30/Purple3/v4/c5/c8/24/c5c82436-6c75-e90f-3602-22680bf6a066/CRV_AP_150x90.lir?downloadKey=thedownloadkey"

"GET http://a989.phobos.apple.com/eu/r1000/029/Purple1/v4/8c/85/c4/8c85c461-ea5c-f012-08f8-c2f385af8d2c/mzps1425594539023081587.ipa"

First thing that came trough my mind was, is it possible to change this ipa file for my own .. ?