Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by comatose603

  1. Understood. Figured I'd ask. Was wondering if I should, perhaps, set my PineAP to have the same MAC as a target AP. And/or if there was a way to stetup PineAP with a blank WPS or WPA key that a user might just click through. ...? For instance, "Please enter WPA," <DERP>, <clicks OK with blank key>, Associated to PineAP.
  2. Do clients have to be associated with open/non-encrypted APs in order for PineAP to grab the association? And is there a way to circumvent this limitation?
  3. Ya, rc.local is what I've done. But didnt it use to stick across reboots?! I don't recall having this issue prior to upgrading to the latest firmware. I'm not sure if the UI is working. Someone should verify it is. Also, is there a way to query karma for the mac's its been given for black or white listing?!?
  4. I'm having this issue as well. Specifically across reboots. I do a hostapd_cli add_black_mac <mac> and things are fine. But after reboot I have to run the command again.
  5. I seem to be having an issue with the Karma blacklist. I've added my mac but karma just keeps on accepting probe requests from my machine. I've also tried manually adding it with hostapd_cli. Just keeps on associating me. Very frustrating of course :P Any ideas?
  6. just setup sendmail in rc.local to email you an output if ifconfig
  7. "Occupineapple :) (Sounds familiar, isn't it :P) This is indeed based on Darren’s idea" You should probably state what that idea is right up front ;P
  8. I've been trying out Tenergy's batteries. Dunno if anyone here has seen these, but they are pretty good and charge quickly. http://www.tenergy.com/Site/LiFe-Prismatic
  9. Figured it out: If URLsnarf is running Keylogger does not work. Any thoughts on why this is and what we can do about it? (also my URLsnarf is configured for wlan0 since if its on br-lan, which it is by default, it conflicts with SSLstrip) Two other things: 1) the logs should go into /usb/data/ 2) needs the autostart feature
  10. Yup. And I hit the manual refresh button. Nada.
  11. Typical setup using a laptop to route traffic through. Laptop wlan0 is furthest upstream, to eth0 then to br-lan on the pineapple and it's wlan0. Everything else is working ok, e.g., sslstrip and urlsnarf. Do I need to have those off for the keylogger to work?
  12. Ok, well, I've associated my client with the Pineapple, opened that URL and the keylogger module is reporting "no data captured." Any ideas what is going wrong?
  13. I seem to be having issue as well. And I'm probably doing something stupid. Is there a site, say doing a search on Slashdot, that we can use as a testing reference so that we're all on the same page (no pun intended)?
  14. I'm on 2.7.5 And the button infusion doesnt work either. I guess I'll try 2.7.7
  15. I've setup the script and enabled it. But it just wont launch the script for some reason. How is wpsScript.sh launched? My resetButton.sh : oot@Pineapple:/pineapple/config# cat resetButton.sh #!/bin/sh #Script to add / remove reset button #Reset is marked as WPS (incorrect) if [ $1 == "enable" ] then uci add system button uci set system.@button[3].button=wps uci set system.@button[3].action=released uci set system.@button[3].handler='cp /etc/config/backup/* /etc/config/ && reboot' uci set system.@button[3].min=5 uci set system.@button[3].max=10 uci commit system fi if [ $1 == "disable" ] then uci delete system.@button[3] uci commit system fi root@Pineapple:/pineapple/config#
  16. Whistle Master, what did you do to force the internal nic to wlan0? I'm still having this issue with my Alpha grabbing wlan0 :(
  17. Version 0.9 is giving me issue. If I dont run the typical port 80 POSTROUTING iptables command I dont snag any SSL traffic. And if I DO then I get: sslstrip 0.9 by Moxie Marlinspike running... Traceback (most recent call last): File "/usb/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/usb/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/usb/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/usb/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext return func(*args,**kw) --- <exception caught here> --- File "/usb/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite why = getattr(selectable, method)() File "/usb/usr/lib/python2.7/site-packages/twisted/internet/tcp.py", line 362, in doRead return self.protocol.dataReceived(data) File "/usb/usr/lib/python2.7/site-packages/twisted/protocols/basic.py", line 232, in dataReceived why = self.lineReceived(line) File "/usb/usr/lib/python2.7/site-packages/twisted/web/http.py", line 388, in lineReceived self.handleHeader(key, val) File "/usb/usr/lib/python2.7/site-packages/sslstrip/ServerConnection.py", line 98, in handleHeader self.client.responseHeaders.addRawHeader(key, value) exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders'
  18. Some sites now use something called HSTS so that SSLstrip cannot monitor that traffic.
  19. Great! ... I'm not sure why Telot wanted port 443, he doesnt seem to say in that thread...no? If I have it in the PREROUTING table, as it is by default in the module, all https just grinds to a halt for clients. So something should be done. Also, SSLstrip logs should state the source/client IP address. It's super confusing as to what POST is coming from what client. Another issue I noticed is that not all SSL POSTs (say to Facebook) get logged. The intial logon attempt works, but for some reason it's not picking up retries. Any thoughts?
  20. I think I got this working. Running URLsnort against wlan0 instead of br-lan is keeping both SSLstrip and URLsnort happy so far.
  21. Is the Facebook iphone app using HSTS? I never see any data from it in SSLstrip.
  22. I suppose a workaround is to just DNS spoof and phish HSTS domains...no? Would be nice if there was a modue to 1) detect HSTS, 2) auto DNS spoof it, 3) and on the fly mirror the portal html locally for phishing. Or, do site such as Gmail have non-HSTS versions of the portals traffic could be redirected to with DNS spoof?
  23. Anything out there to deal with HSTS traffic? E.g., some sort of way to force clients to opt-out of it?
  24. Well, I got it working. Just comment out the stuff for port 443 in autostart.sh and sslstrip_actions.php Now there's the issue of it playing nice with URLsnort. And is there an exploit for HSTS?
  • Create New...