Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling
  • Location
    Washington DC
  • Interests
    Soup. Nonlethal blender maintenance, self-baking pizza

Recent Profile Visitors

1,149 profile views

farfel's Achievements


Newbie (1/14)

  1. Look if this thing goes any further the FCC will be called to a Congressional hearing as to why they have authorized these products for sale. And to respond they may withdraw the authorization and send a van over to Darren's garage to collect the stock. This is not dissimilar to what happened to Bob Grove, who sold wideband scanners until he was grilled over an open flame before a Congressional committee. I was there. (His merchandise -- made by reputable manufacturers (aka Bearcat) were authorized under the rules at that time.) I expect a fine fire sale before that happens. It is not unlawful to manufacture or sell products that have FCC authorization, but all it takes is a cease-and-desist letter to Darren to satisfy Congressional offices. Meanwhile 'pro' pen-test gear will continue on the market.
  2. Cybersecurity center opens doors "Senior Deputy Majority Whip Dennis Ross brought USF and its cybersecurity program to the U.S. House of Representative’s attention in Washington, D.C. on Wednesday. "Cybersecurity reaches every facet of modern life, from national security to personal communication, from data storage to banking security, from health care privacy to transportation safety,” he said on the House floor. "With the opening of the Florida Center for Cybersecurity on the campus of the University of South Florida in Tampa this Friday, our state marshals the strength of all of Florida’s public universities to respond to our nation’s cyber workforce needs." "At the ribbon cutting Friday morning at USF, the Tampa community and university staff and faculty gathered for the unveiling of the new Florida Center for Cybersecurity, housed on the seventh floor of the Interdisciplinary Sciences building. ... "After the speeches, members from USF's Whitehatters computer security club demonstrated a hacking device commonly referred to as a pineapple. The pineapple allows hackers to steal information shared over public Wi-Fi, such as at businesses like Starbucks and Panera Bread."
  3. Department Of Homeland Security Appropriations Act, 2015 - Motion To Proceed 25 February 2015 Sen. Bill Nelson (D-FL): "What about the device called the Pineapple? I had no idea this device existed. Here is what it does: If I go into a Starbucks and use their wireless Internet, someone could be sitting outside of that Starbucks in their car, or at one of the outside tables, with this device called a Pineapple, and instead of my wireless device using Starbucks' Internet system, it is on that Pineapple device and all of my communications are going directly to that person, and that person is able to steal all of my private information. That is a major theft. This is scary. Yet that device has been around for several years. "We have major privacy questions. The Presiding Officer, who is a member of the commerce committee, knows that we are going to be grappling with these issues, along with other committees, such as judiciary, on the right to privacy. "In the meantime, we have raised these issues with the FCC on this most recent detailed expose about this device called the stingray. If it is employed for our national security and our personal safety, which is the job of the government, then it is a good thing; however, if it is employed for other reasons, such as invading our constitutional right of privacy, that is another thing. "It is time for us to stand up for the individual citizens in this country and their right to privacy. I yield the floor. I suggest the absence of a quorum."
  4. Yes and No. Pre-iOS7 devices had captive portal detection, but the procedure changed in 7. Now, devices attempt to randomly contact one of the new Apple sites such as www.itools.info, www.ibook.info, captive.apple.com and others. Although what the devices get from these sites is success.html, what they request is a long, unpredictable path and file. Here's an example: /XveE8i5pkCz32/rKuhShYhLzQcv/vBKZv396kB3JB/8y1GR9IApZQnt.html
  5. The recently released Apple iOS7 changes the device's Wi-Fi behavior. It requires the device to contact an Apple website in order to use Wi-Fi at all, unless the user knows the steps to get around this feature. One such site is captive.apple.com, another is airport.us, but there are as many as 200 others according to reports. Before, the device could contact one site: http://www.apple.com/library/test/success.html, or just /library/test/success.html on the LAN, and it would allow the user full use of the Safari browser even if just pulling down local content not on the Internet. Now with iOS7, if you connect to Wi-FI, but not actually on the Internet, your device will not get success.html from whatever site it picked. You are frozen out of Safari and shown a handicapped Log-In browser instead. Unless - you follow these steps: Tap "Cancel" Tap "Use Without Internet" IF it appears. It seems that this option doesn't always show up. You will be sent to Settings, but you have to back out of that, stay connected to Wi-Fi and go back to your browser. Now you can use your local Wi-Fi without Internet. The above is as I understand it as of this point. I hope that a solution can be found.
  6. Some technical info on this is in the thread titled Iphone - Open Wifi Help http://forums.hak5.o...open-wifi-help/
  7. The success.html file contains very little content. You could type its HTML into a text editor like nano and save it into /library/test/ oh, it looks like petertfm already suggested that.
  8. I hope it works - I don't have an iOS device here to try it out. However, I did put /library/test/success.html on my Pineapple, and recently demo'd it for a friend who connected to it with an iPod Touch. (Pineapple was setup to redirect to an internal splash page and was not connected to the Internet.) I believe he got a normal browser on his iPod (and my redirected page) instead of the iPod open Wi-Fi login screen but I am not absolutely certain. By the time he showed me what he was seeing, it looked normal...
  9. If I understand your problem correctly, it is a known issue with iOS devices connecting to open Wi-Fi. They look for a specific file on the Apple website and behave differently depending on if they see that file or not. Try this solution and please post in this thread whether it works for you: 1. Go to: http://www.apple.com...st/success.html 2. You will see a web page "Success". Save the page success.html. Examine success.html and be sure that no extra code was added to it. For some reason the first time I saved it, my browser or something added a timestamp line to the HTML in that file. 3. At the web root of your Pineapple, make the path /library/test/ and put success.html in it 4. Operate dnsspoof and open wifi as normal The iOS device should look for that path and file and give the user a normal browser and not the partial-browser Log In thing. My Kindle Fire does a very similar thing as the iOS with open Wi-Fi. I do not know what it is looking for on the Amazon website and need to find out.
  10. ln -s /usb/htdocs/* /www/[/CODE] worked, thank you.
  11. Amoeba, I found that your code only works if all the pages are in /www I need the pages to be in /usb/htdocs/ When I use /usb/htdocs/pageN.html in redirect.php, the redirect does not work. Instead it returns a URL like: www.anything.com/usb/htdocs/redirect.php (...and the browser hangs) instead of: www.anything.com/usb/htdocs/pageN.html .
  12. Thanks for your help Amoeba. I see you are in Sverige so I will say Tack Sa Mycket. OK, why is that? REQUEST_URI is supposed to contain the URI, not the page title.
  13. If I'm using dnsspoof to redirect all clients to the Pineapple's web server ... that will run index.php (and in default configuration, redirect.php). But what if my destination page contains links to other pages? Clicking those links will run index.php again instead of loading the page the user requested. For example, index.php refreshes to /usb/htdocs/page1.html, or redirect.php sends them to that page. page1.html has a link to page2.html, but that link won't work. Clicking the link sends them back to index.php and they end up on page1.html again. How to make these internal links work?
  14. The Pineapple is to be located at conferences, seminar rooms etc. All Wi-Fi connections to the Pineapple are directed to its internal webserver. The web content is attendee materials such as speakers' papers and event schedules. We've done this with other hardware but are checking out whether Pineapple is good for this purpose.
  15. Our use of Pineapple is not for pen testing, troubleshooting networks or hacking; we'd just as soon see those features able to be hidden. I'm glad to see that some of the suggestions made will be in the next release.
  • Create New...