telot

I didn't see this on the wiki, so I added it. Anyone figure out how to append this command to the autossh script that is autorun? I tried the standard "&&" to no avail (ssh relay works, http no worky). Heres the command I'm using: autossh -p 2222 -M 20000 -N -R 4255:localhost:22 user@myvps.com -i /etc/dropbear/id_rsa && ssh -p 2222 -f -N -R 4266:localhost:27015 user@myvps.com -i /etc/dropbear/ Note: I hate using standard ports, so I'm using 2222 as my ssh port for my vps, and 27015 as my pineapple's http interface port. CS/TFC represent! telot

Can you verify sslstrip works on some apps? I've not had any luck with it. Moxie has an awesome right up on his site about how the prevalence of apps is a huge boon for ssl-related security due to the fact the apps don't have to conform to browsers. Any info would be appreciated kyhwana! telot

Holy hannah. Monster post came to clobber us all haha! First and foremost welcome to the community! It's always great to have another programmer-by-trade member among our ranks. I'll just start at the top and do my best, and I'm sure others will comment in and add stuff too. This is all totally possible, but not "off the shelf". Removing the laptop/ICS out of the equation can be done via the network manager module or scripts quite easily. Foxtrot is working on a module that will automate this kind of thing, but right now if you want ICS through wifi or 3G, you'll have to script it yourself (and hopefully share with us!) or do it manually each time. Remember that to use most aircards and external wifi modules (e.g. alfa's) you'll need a <b>powered</b> usb hub. As for the semi-formatted report, I have a very poorly formatted report emailed to me automatically from my pineapple (and by very poorly, I mean its just a list of the logs). cat /tmp/dhcp.leases; echo '\n'; cat /proc/net/arp; echo '\n'; grep KARMA /tmp/karma.log | grep -v -e enabled | grep -v -e malloc | grep -v -e CTRL_IFACE | grep -v -e KARMA_STATE | grep -v -e Request >> /usb/emailreport.log Above you'll see a snippet of how I see "who is connected". This snippet is taken directly from the pineapple index.php and put in my emaillog.sh. I'd guess you can find similar bash-fu for the probe request details in the source of index.php. Not sure on the star. Maybe cat'ing the arp table? A disconnect frame is a disconnect frame. You might be able to hack something together to see if you received a disconnect frame from a client who is no longer connected or not, but currently it is not possible. Not sure on this one. I use sslstrip and tcpdump via ssh and/or scripts only. I'm sure someone else knows though! I don't ever run urlsnarf and tcpdump at the same time, and I think it might not work (both are redirecting port 80 I believe?). I always run tcpdump and sslstrip at the same time though. You need to read up on your tools. sslstrip is by no means a packet capturing tool - its a pure man in the middle sslstripper. It will only output stripped ssl info. tcpdump is what you want for the full picture of whats going on, and sslstrip to remove their ability to hide from that "full picture". Both must be used in conjunction. Your next questions about sslstrip and tcpdump, please see my posts/wiki pages on it. If you still have questions, by all means ask them. For timestamps, google or search the forums. The answer is, yes you can correct the date on your pineapple (I've just forgotten how lol). Memory: I'm not sure about the infusion, but what all do you have running when you take those readings? With sslstrip and tcpdump running, I'm at 1088 free on a "free -m" check. Mac Address: Thats because it is made by alfa. Run macchanger as part of your scripts. Order of usb things plugged in at bootup don't matter as far as I know. I recall a post about this though...something about an external alfa becoming wlan0 instead of the internal? I may be imagining things though. Search the forums. Default Channel: We here at the Wifi Pineapple Community take things to 11. Thats why its at 11. You can tether with android via usb. Search forums. Ssh on lan: Connect your local lan to the lan port and have at it. Autossh is totally different, but also may be applicable for you. Its for reverse-ssh tunneling awesomeness. The pineapple connects to a server (vps or whatever) and you dial into that server to access the pineapple. See hak5's series on ssh for a full (and amazing) explanation. Autossh is just a keep alive for that ssh connection. I'm exhausted. I'll continue editing this post, but man, you really went all out! I applaud your enthusiasm! I'm sure all my efforts here will be rewarded when you whip up some sick new module right? Haha, again, welcome to the community shutin! telot

Well if you don't have internet, you're best bet would surely be randomrolls. Perhaps do some tests before hand with androids and iphones, as I recall one of the rolls (could be rick?) doesn't work very well on iphone - no sound. If you're trying to have an impact on these people, it would be ideal to bring a 3G/4G dongle with you. I mean, Rick Rolling someone does prove to the educated person the power of the pineapple, but to laymen, its just a party trick. To really drive your point about security, showing them their tcp traffic is a powerful message. Filter out POSTs in wireshark, run sslstrip and create a wall of sheep, thats the stuff that turns heads. If you really want to freak them out, show them the injection stuff (evil java, keylogger) thats being worked on. Good luck WatskeBart - let us know how you do! telot

Just had a thought - I'm not sure what I proposed would work afterall, at least for printing. Now that I think it through, the host computer would be assigning you an IP (acting as a dhcp server) - its not going to reach out to its real dhcp server and give you one of those IP's - not in windows at least. Anyone know if I'm wrong? telot

Theres a more elegant solution: Portable Printer. If you're driving back and forth just to print something, this could easily be cost-justified with your boss. IF you want to do this as a POC or just a fun hack-tastic project, hells yeah, but just know that its far from the best solution for your particular problem. The biggest issue with your proposed plan is, theres no way for the wr703n to get internet just by being plugged in via usb. It just doesn't work that way. The wr703n is designed to get power from the usb, and I think thats it. One option would be to buy a usb-to-ethernet adapter (a la hakshop) and plug that into the host computer, turn on internet connection sharing to the adapter, then plug in your laptop to the adapter. Another option: If you need it to do wifi, plug in a wifi adapter to the host computer. Then plug in a rubberducky with Darren's "Make a AP" script for windows7. You might have to add some lines to the script that setup ICS between the wired and the wireless. Either way, you'll need a machine that is not locked, and permission from the owner to do this - as without permission it would be TOTALLY illegal. telot

I just did it. I'm looking at my credentials for my gmail and twitter in my sslstrip.log, so thats pretty 100% in my book :) telot

I think we should tackle this. Enough of us pineapple owners are also osx-friendly now, that we need a comprehensive solution. Thankfully, OSX is based off of unix, so I'm thinking a little cli-fu is in order. A quick google found this: http://hints.macworld.com/article.php?story=20050331194834746 I'm about to hop on a plane, so I was only able to give it a quick glance, but it appears as though this script can be modified to address our needs. Thoughts? telot

I think Mr. P means dmesg? telot

Facebook works. Gmail works. Twitter works. What really irks me is that apps don't work. With the proliferation of mobile apps and less and less reliance on proper websites, sslstrip will continue to become less and less useful as time goes on. UNLESS someone (Moxie?) comes up with a way to strip apps of their custom ssl implementations. Moxie has already commented on this a bit, and if he can't crack it, god help us all. telot

How I do it is use tcpdump to cap every packet (as outlined in my tcpdump guide on the wiki). From there you can open the pcap file in wireshark and filter for POST. Not only do you get any and all plain-text passwords, but you can also see everything else. A full picture, instead of just the username/password. http.request.method == "POST" telot

This man speaks the truth. http://www.aircrack-ng.org/doku.php?id=airodump-ng telot

Most of the time I dread it when people dredge up old threads - but in this case its awesome! Very interesting discovery there skimpniff! Is there an upper limit to how many ssid's you can add in /etc/config/wireless? As you said, its a great opportunity to increase your chances of landing someone "on purpose", as opposed to karma'ing them. Very cool telot

You can do it with tcpdump. Tcpdump is one of the most powerful packet capture tools available and it can do timestamps as well. Check it out and share your results please! telot

Are you using a powered USB hub? telot

Haha "working"... :::glance at IDS dashboard ::: "Ok, my jobs done for today!" Onto the forums for a little Continuing Education! telot

This should do the trick scp root@172.16.42.1:/usb/cap.pcap . telot

Is the existing AP wep, open, or wpa? If its WPA protected, you'll need to use wpa_supplicant and dhclient, otherwise just iwconfig (and maybe some dhclient as well) will work. Those are the tools to use to connect your alfa to the existing AP, then you can use the network manager to tell your pineapple that you want to get your ICS from the alfa. After that you should be all set. telot

Also, if you don't mind sshuttling instead of VPN, you can get a TinyVZ vps for $15 per YEAR. Thats right, per year. I've been using one for a couple weeks now and I've yet to be disappointed. Great service, and 100% uptime thus far. Check them out

Just let it be known that you will need a powered usb hub to use a proper usb wifi adapter. Supposedly theres some low power ones out there that you can use, but they will have very poor RX/TX power. telot

I use my home server vpn if I just want a secured connection (for example, if I'm on public open wifi) and use Vypr VPN services when I want to "be" somewhere else. They've got servers all over the world, and sometimes its nice to appear like I'm in the UK (bbc player) or elsewhere. Also, the connection is very fast. telot

Checkout Vivek's wifi megaprimers 29-35 as well: http://www.securitytube.net/groups?operation=view&groupId=9 EAP-ttls, peap, and md5 all have various degrees of vulnerability. You might also want to take a look at chapcrack from Moxie: https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ telot

You'll have better luck if you pose the question more like this: "I'm testing some of the functionality with backtrack, specifically cloning webpages with SET, and am running into issues at this step. I've researched X and Y and found Z, but I'm still encountering the problem." or whatever it is you're actually trying to do. Also, linking the video you reference would also be a big help. Good luck telot

I would read up on those tools a lot more if you're unsure. I just gave you the most basic idea of what you should be doing, you'll have to learn the specifics for your situations yourself. Checkout Vivek's WiFi MegaPrimer on securitytube.net if you're into learning by example. telot

It appears to be more of a publicity stunt by CloudFare et al. http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie telot