-
Posts
360 -
Joined
-
Last visited
-
Days Won
7
Posts posted by dustbyter
-
-
Thanks for sharing tis. It looks like a nice resource to have in the toolbox!
-
This looks interesting. Actually it can even be ported to a pineapple by replacing the need for MySQL with SQLite3.
The other tools required I believe are already on the pineapple.
-
If your interested in seeing if an application is vulnerable to SSLStrip, fire up an HTTP proxy (like burp) and check the HTTP Response headers. If the respond contains a Strict-Transport-Security header, then the application is not going to work with SSLStrip.
As mentioned above, most applications are now setting the HSTS header and thus this attack is not a viable one anymore.
-
Yeah I'm pretty sure that most A/V will detect shikata-ga-nai. This method has been around for some time. You can try to run the payload through several encoders to evade A/V, but that is not guaranteed either.
Good luck with it!
-
This sounds as an illegal activity. The forum does not condone this type of activities and I doubt that this type of infusion would ever appear.
-
Correct.
-
This is not something that has been done thus far. You can visit the infusions section of the forum to see what infusions exist thus far.
-
Last I checked, this is not possible. We can't get the passcode used to connect to the access point.
-
This would be a useful setting to have through a UI!
-
What would be very interesting is to understand what the TV "API" is. This may enable you to get a screenshot from an embedded web cam, or even stream audio.
-
If i remember, Mk4's firmware went up to FW3.0.0. That firmware version had a wifi connectivity manager infusion that could allow you to set up a USB NIC in client mode.
Additionally, search the forums for wificonnect. It was a shell script that did the same.
-
I'd say IP tables is your best bet. This way you can forward the traffic to any device that is running burp or another http proxy.
-
Exactly. I did search and spend about 3 or 4 hours looking, but either they want a lot of money for a device that costs 20 bucks, or they stray you along to questionable sites. Figured I can ask here incase anyone has worked with in the past.
-
Hey Seb,
Can you purchase just the charging adapter? I got a battery from the trading shop, but it didn't have a charger with it.
Thanks!
-
Hi All,
Does anyone know if a reliable unlock exists for the T-Mobile Jet 2.0 4G USB modems? From some research it shows that the device is Huwaei UMG366.
Thanks,
Jim
-
I'll work on fixing this during the holiday break. I already converted one infusion to the API for the web interface.
-
I ended up finding the infusion. it was only for version 3.0.0 of mk4.
-
The pineapple can maintain various connections to devices that "think" they are connected to different access points.
I don't believe that you will be able to have various channels set up unless you set up a card with a NIC for each channel. Each NIC is configured to work on a specific channel. Lastly, regarding the legality, you have to check the laws in your locale to confirm. In most cases this will not be legal unless everyone is made a ware that this is going on and they can opt out.
-
Did a wifi manager with client mode infusion ever exist for MK4?
-
Part of the reason that you are not seeing data in the output is because some of the major sites you are listing like facebook, twitter, etc have all implemented a defense to SSLSTRIP.
Search the forum and you will see more discussions for this.
-
Seb, will it still be based on the same 6800 that came so far?
-
The battery from Hak5 does not have the USB port present in the battery. Removing that QC sticker would result in just a hole.
-
Did you confirm that no proxy is set up in the browser?
-
If I remember correctly, you can your MKV as a client through the interface.
When a user then tries to connect, through your MKV, to the connected network, they will see the confirmation page.
[Support] Get
in Mark V Infusions
Posted
The purpose of this infusion is to get information about the client connecting to the pineapple. Specifically, the information gathered is about the browser plugins installed.
You will need to set up the get database and install the iframe. Then when ever someone connects and tries to navigate through the browser, you will get the info described above.