JohnnyBoy

.... The pineapple can do much more then just jasager/karma. The pineapple clearly can do much more then just jasager (modified karma). You can do every wifi pen test you need to do from it, and much more then that. It has a far smaller form factor then your laptop, and will perform a lot better then your android phone with a usb dongle or modified wifi driver. Karma/Jasager is one thing you can do with it very well. But you can also run Karma on your phone. Or take ten seconds to download and run DSploit, if you can't figure out hacked up wifi drivers or getting backtrack on there. You should know that karma/jasager is detectable. You do not even need to spoof legacy SSID's to it. You can just look at your wifi device and see that all of your legacy SSID's are there are on the network. Gee whiz, my work AP is here in the neighborhood? How did that happen. That is, though an useful test system. I have, as well, the pineapple running for a good ten hours on a single battery that is very small. It has some cool UI features, though you should secure that.

You are right, in a sense... Why use the pineapple for anything else wifi related when I could just plug in a wifi usb card to my android phone and use it for everything? Then it would be why do that when I could modify the wifi driver (because I am a programmer ) to accept monitor mode? Laptop, no, that is ten times the size. I bought the pineapple to do before any of that because it is popular and I wanted to see how it was done right before experimenting. But, it has a nice form factor, does a lot of things right, and it is fun to play with openwrt. Airodump only takes one command, btw. If started in monitor mode. You can run reaver, airodump, everything right there from the box and do all the mitm stuff my phone can do, but more reliably, and in my case with a much bigger antenna.

Yep. And more, it is a nice little openwrt box.

I am able to get that to work: iwconfig wlan0 key 'xxxxx' mode managed essid 'nameofap' ap 11:11:11:11:11:11 channel 1 For instance. Take down the interface before the above command, bring it up afterwards, then let airodump-ng go: airodump-ng -w /usb/filename wlan0 When you connect to an encrypted AP you are going to need to get the four way handshake for decrypting it afterwards. It will be encrypted in your pcap file. Use wireshark on your android/pc/etc and google wireshark decryption for explicit instructions. There is good documentation for it. One tip: enable the wifi bar so you don't have to search the options interface everytime. On capturing traffic: I am experimenting with this myself. I am finding with a basic 5db or 10db omnidirectional antenna the results are "meh". My theory is that this is because the APs have much more txpower then the clients (gaming systems, computers, wifi phones, etc). I am a little lost as to why doesn't everyone just use the system in monitor mode, why even have jasager/karma, but the results I have heard from karma are excellent(for instance, in malls, see ars techica article on mobile bugs good article pimping the pineapple from Dan Kukyendall of NTO Objectives).... versus the results I see from monitor mode are "meh". Theoretically, you should be able to get enough bad traffic, if it is not SSL encrypted, if you keep it on open networks for awhile to say "this network should not be open". In practice, I am finding that not to be the case, myself, but I am a noob at this. (I am an ancient and professional sec guy, just have not worked with wifi before much.)

Hey, I am unable to get monitor mode going in 2.8 unless I change etc config wireless to have wlan0 start in monitor mode. All of the old ways to do this does not seem to work anyway. Pre-2.8 I was able to get it going, where wlan0 would stay in Master mode while mon0 would channel skip and get all traffic. To keep this post brief, i tried about every "what should work method", and tried them all prefacing with killall hostapd before them, rebooting after every try just to make sure. for instance, the below methods do not work, they channel skip correctly, but nothing comes up. And the card is working, as I test this against it in monitor mode at start up.But I tried many other possibilities as well. 1.killall hostapd ifconfig wlan0 down ifconfig wlan0 up airmon-ng start wlan0 airodump-ng mon0 NO... does not work... 2.killall hostapd ifconfig wlan0 down airmon-ng start wlan0 airodump-ng mon0 basically keep wlan0 down NO... now try: [stop the wireless service in the GUI before continuing for 2.7.0+] airmon-ng start wlan0 airodump-ng mon0 NO catches nothing.... 5. killall hostapd ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up airodump-ng wlan0 nothing.... I also tried iterations of all of the above without killall hostapd. On 2.7 I did not have this written down, but think it was simply ifconfig wlan0 down airmon-ng start wlan0 ifconfig wlan0 up airodump-ng wlan0 Or something like that. Any advice or what works for you would be appreciated. Even if "this works for me"..... I do have some custom setups... nothing that should effect this, but some which possibly could. (Karma is off, ap is running encryption and not broadcasting, web folder is in usb... ) (Basically, my goal is to have this going, plugged into battery pack with my android wireless going into it and no command ethernet port being used so I can better walk around and get readings and perform tests for my company's network security.)