Darren Kitchen

Nope, that does the trick. No need to replace the other files. Glad you got it sorted.

Part of the problem is that there are only two fields in a probe request, SSID and data rate. It's up to the OS to figure out the rest based on the probe response. What I think could really be fun is cross compiling mdk3 for the atheros and running it on the pineapple set to broadcast beacons from the top 1000 most popular SSIDs. We could call that feature Live Bait ;)

I believe so but just by looking at the clients I'm catching and the SSID's they're associating with it's hard to tell.

I replied to you with detailed instructions on both of your threads. Sorry if I missed a PM, my mailbox is almost always full. Better to just email me directly. I also added your issue to the FAQ on wifipineapple.com

If you have a Fon 2100, 2200 or an open-mesh mini the Mark II can easily be flashed using any of the MK2 guides posted here. If you have an ALFA AP51 you can download the latest backfire source, karma patches, MK3 interface source, configuration files and packages all linked from wifipineapple.com. Just flash the latest build, patch karma, install the listed packages and copy over /www and /etc from the archive. A few notes on the MK3 and the interface: You'll need to cron the below script every 4 minutes or at least while true; do /etc/heartbeat.sh;uptime;sleep 180; done echo "#!/bin/sh gpioctl dirout 3 gpioctl clear 3 gpioctl set 3" > /etc/heartbeat.sh chmod +x /etc/heartbeat.sh Add it to cron with echo "*/3 * * * * /etc/heartbeat.sh" >> /etc/crontabs/root Setup links to dhcp and arp and ngrep ln -s /proc/net/arp /www/pineapple/arp ln -s /tmp/dhcp.leases /www/pineapple/dhcp ln -s /tmp/ngrep.log /www/pineapple/ngrep.log also after installing "at" you need to create an atd link in rc.d ln -s /etc/init.d/atd /etc/rc.d/S50atd After installing PHP fix the config with sed -i 's,doc_root.*,doc_root = "",g' /etc/php.ini */ sed -i 's,;short_open_tag = Off,short_open_tag = On,g' /etc/php.ini Then setup uhttpd to use php files by adding the following to /etc/config/uhttpd list interpreter ".php=/usr/bin/php" option 'index_page' 'index.php' *for some reason the single quotes are vital here The important bits for ICS to work are in /etc/config/dhcp list 'dhcp_option' '3,<ip of computer>' list 'dhcp_option' '6,<ip of pineapple>,8.8.8.8'#this is google's dns server list 'dhcp_option' '6,<ip of pineapple>,<second dns server>' and /etc/config/network option 'ipaddr' '<ip of pineapple>' option 'gateway' '<ip of computer>' option 'netmask' '255.255.255.0' option 'dns' '8.8.8.8' #or your dns provider of choice Then on your computer setup iptables with: pineapplenet=172.16.42.0/24 pineapplelan=eth2 pineapplewan=wlan0 #wlan0 for wifi, ppp0 for 3g pineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #bring up interface and start pinging pineapple ifconfig eth2 172.16.42.42 netmask 255.255.255.0 up; ping 172.16.42.1 #enable IP forwarding echo '1' > /proc/sys/net/ipv4/ip_forward #clear chains and rules iptables -X iptables -F #setup IP forwarding iptables -A FORWARD -i $pineapplewan -o $pineapplelan -s $pineapplenet -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE #remove default route route del default #add default gateway route add default gw $pineapplegw $pineapplewan and finally on the router issue route add default gw 172.16.42.42 br-lan I just updated the wiki with links to all the goodies you'll need.

Just replied in detail to your query at http://forums.hak5.org/index.php?showtopic=23446&st=0&gopid=189727entry189727 I also address this on the wifipineapple.com FAQ at http://www.wifipineapple.com/doku.php#faq Once your karma.conf has been cleansed of the offending ^M characters Karma will start just fine. Either follow the directions in the above links to manually SSH in and use vi to edit /etc/hostapd/karma.conf To do so with vi, first ssh to the pineapple (on Windows use Putty or on mac/linux issue "ssh root@172.16.42.1") The username is root and the default password is pineapplesareyummy (you may want to change this later on) Now that you're logged into the pineapple issue "vi /etc/hostapd/karma.conf" In vi you'll notice the offending "^M" characters at the ends of each line. Enter insert mode by pressing "i" and use your arrow keys to navigate the cursor to just after the "^M". Press backspace. Lather, rinse, repeat. Once all of the "^M"s have been removed press ESCAPE to exit insert mode, press ":", type "X" and press ENTER. For more on using vi check out this tutorial: http://www.unix-manuals.com/tutorials/vi/vi-in-10-1.html I'm sure between this post and the two linked above you'll get all squared away. Cheers!

I should have clarified on the forums as I did just recently on the wiki. The problem with Karma not starting is that if you've modified the Karma settings from the Config page on v1.0.1 it would introduce ^M to the end of each line and thus preventing Karma from starting. The ^M isn't visible from the Config page's text areas or even when using cat to view the file via ssh, however editing the file in vi reveals their existence. It is trivial to remove them manually in vi, though a pain in the ass. All of that said, what the v1.0.2 update does is fix the config.php page so that before writing to the file it removes the superfluous linebreaks, represented as ^M. That's what $newdata = ereg_replace(13, \"\", $newdata); does, it replaces character 13 -- the linebreak -- with "" -- nothing. Of course if your karma config has already been corrupted simply applying the patch will not solve the problem, only keep it from coming up again in the future. To clean your karma settings go to the config page and click Update Karma underneath its text field. No changes need to be made, clicking update sends that textarea's values back to the config.php where the text will be processed, the ^M will be removed, and the file will be saved. At this point you can go back to the status page and start the service as normal. As for the errors you're seeing in red after applying the update: those aren't errors -- simply the page giving you feedback of what's being run. Since there is no standard output for each of those commands you won't see any white text beneath them. To verify that the update has been applied go to the About page and look for v1.0.2. Last but not least if this doesn't solve your problem we can continue troubleshooting by getting an output of your karma log. Once all of the above has been done begin by rebooting your pineapple, then clearing the pineapple cache from the Advanced page. Next go to the Status page and click Start next to MK3 Karma. Now navigate to the Advanced page and in the text area at the bottom enter "grep -v -e random /tmp/karma.log" (without the quotes) and click Execute Commands. The page will refresh displaying the output of the karma log file, sans the "random" bits (a lot of data we don't need). Go ahead and post your output here and we'll take a look.

I wish it could work on WPA encrypted networks but that's unlikely to happen. It's not like a WPA AP simple asks for the password, there's a complicated 4-way handshake process that can't be emulated. That said as long as your victim has at least one open network saved and set to auto connect (the default behavior on most devices today) then it's simply a matter of enabling Karma, waiting for them to send out a probe request, and Bob's your uncle.

This is very similar to the way the Mark 3 was built, mostly inspired by Echoblack's guide here: http://forums.hak5.org/index.php?showtopic=15200

There are helpful tips in the comments of the phishing article for setting up php...

If data isn't showing kn ghd status page. First attempt to clear the pineapple cache from the advanced menu, then second try using an incognito window of clearing your.browser cache. Let us know if that does the trick.

Allison, you flashed your mk3 with the mk2 firmware. Don't expect it to be on a 172.16, if anything it will be 192.168.1.1, and even still simply email shop@hak5.org and we'll get you out a replacement asap.

There us a pinned guide on this board called best jasager guide which implements ssl strip and could most likely be adapted to he mk3 script.

The attack works best against open APs, like those found in the public.at coffee shops (attwifi), Airports, etc. These networks are inherently insecure and yet by design they must be open. If you're having trouble finding a target take the pineapple to a taffy rich environment. For even greater succcess use airdrop-ng :)

I've been using it for over a month and getting nearly 3 Mbps from the Linksys router I accidentally left half a block away. ;)

Gah! I'm such a noob! Why didn't I escape 'em as \'\'.... Ugh. Well, thanks for catching that. I tested on my dev unit but I guess I missed that part. Yikes. Well, the double quotes work just as well and don't require escaping so I've updated the post and wifipineapple.com. Thanks :)

Sorry you're having trouble with the Mark III. It comes with a Quick Start Guide for Windows and Linux that will help you get Internet Connection Sharing sorted -- something that a lot of people without advanced networking skill had trouble with. The Quick Start Guide also has a brief overview of the included tools on the back. Since this product is targeted at penetration testers who already use these tools on a regular basis we only briefly go over their capabilities. If you're new to them we recommend playing with them on your Linux box as they run the same on the Pineapple as they do there. Karma is the bit that says yes to probes, acting as a honeypot and collecting clients. URL Snarf displays the web addresses that are being browsed. DNS Spoof allows you to redirect domains to an IP of your choosing -- great for hosting a phishing site on your pineapple or just rickrolling everyone. Ngrep filters packets and displays goodies. We've included some examples. It uses regular expressions to do deep packet inspection so if you're not familiar you're best to find a regex tutorial. Aircrack is included for deauthorizing clients. To address Allison's statement I will say that the one bug that has caused the most grief, the config page adding ^M to the ends of files upon update, was causing Karma to fail when updating the Karma config. That has been addressed by the 1.0.2 update which I highly advise applying. I would have caught this in development but it seems it doesn't affect the other tools -- just Karma -- and I had never attempted to change the karma config from the web menu since it was working just great out of the box. I'm sorry we didn't have a simple bin file to flash and restore Allison, but as I've said we of course honor our warranty and I'm sure once you get your 1.0.2 pineapple back in hand you'll be pleased with the results. Once the crazy workload that has found its way onto my desk subsides I plan to shoot several very long form video tutorials for basic usage of the device which of course will be posted here, wifipineapple.com, and possibly make its way onto a quick-start-dvd in the future. If you have further questions about specific aspects of the MK3, for instance how to configure DNS Spoof or such, please feel free to create a thread on the topic. We understand that while the Pineapple is specifically designed for advanced users it's open for everyone to experiment with and is a great learning tool for those who aren't as familiar with Linux or these tools. In actuality while I had dabbled with Slackware in the 90s, Suse and Redhat in the early 2000s and Ubuntu in the later 2000s I hadn't made any serious headway with Linux until helping in the development of the Pineapple Mark I. I have this little white router to thank for a lot of my bash skills today.

I actually use a purse organizer from Totes to carry a Pineapple Mark II, III, two pineapple-sized additional dev boards, 3G modem, serial to usb adapter, serial dev board, JTAG programmer, usb duckies, awus036h, spare android, retractable ethernet cables, usb power cables, usb AA battery pack, directional rp-sma antennas, 9dbi dipole antennas, leatherman and rubber bands. don't discount the hacking capabilities of rubber bands. seriously this thing is the work horse of my portable development rig.

It seems like this is where you're running into trouble: pineapplegw=`netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'` #Usually correct by default The comment at the end gives it away ;) Try running netstat -nr then play with awk. This line grabs the 2nd field that isn't 0.0.0.0, which should be your internet gateway. It isn't foolproof but I find it odd that we're both running the same OS (BT5) and having different results. I'd also check your pineapples routing table and if it doesn't list 172.16.42.42 as its gateway go ahead and manually add it in the route config on the advanced page by issuing: route add default gw 172.16.42.42 br-lan Of course this assumes you haven't changed the configuration to use a different network/

Agreed. This is why we purchase directly from ALFA. Let's just say I'm done with eBay and random vendors in Alibaba. Unfortunately that advice doesnt really translate to regular consumers because of the minimum order quantities. That said, the AP51 is an implementation of the Atheros AR2315 SoC. You may remember this chip from the Fon 2100 or Open Mesh Mini. The Fon was nearly identical to the reference design board published by Atheros. Unfortunately since the Qualcomm Atheros merger these boards have become somewhat elusive.

It works off 4 AA or USB.

Someone asked for the default configs so I've uploaded 'em to wifipineapple.com/defaults.tar.gz (these are for 1.0.1). Will update the wiki tonight with all the 1.0.2 files.

Like I said in an earlier post it isn't as simple as a firmware flash -- there's a lot involved and it isn't rolled into one bin file. That said if you're really looking to get your hands dirty the easiest way to get started is to grab the latest backfire build, flash it, create a keepalive.sh with the gpioctl commands to appease the watchdog and set a cron job to run it every 4 minutes. Then patch hostapd with digininja's karma, install php and start grabbing the packages for ngrep, dsniff, aircrack, etc. I'll clean up my build notes and post 'em as soon as I get on top of the crazy workload that just fell on my desk. Thanks for your patience.

Have you tried manually typing in the gateway?

I appreciate the support guys. Of course in the hacker spirit I also honor those who wish to build one themselves. We may soon offer an unflashed do-it-yourself pineapple at a reduced cost, but at the moment we're just trying to stay on top of current hakshop orders for the holidays. Will clean up and publish my build notes soon but basically the gist of it is flash the latest build of backfire, patch with digininja's karma, install php, oh and don't forget to add the gpioctl commands to cron every 4 minutes.