[Packet sniffing on mk4]

Try to have a look at tcpdump, it should be installed on the MKIV.

[Getting Infusions To Start Without the DIP Switches]

Try this one:

DATE=$(date +"%Y%m%d%H%M")
tcpdump -n -C 128 -W 100 -i br-lan -w /sd/log/packetlog-$DATE.pcap >/dev/null 2>&1 &

You can remove the -C and -W switches if you want just one big file

[Blacklist for wifi MAC addresses doesnt seem to work]

Do you mean in the rc.local file in /etc ? Just checking before I screw things up :-)

I guess that would work. I have put this in a script that is called from a specific bootmode (from the GUI: configuration -> Bootmodes) I don't want to start Karma all the time

Also, would the syntax to exclude a SSID be

hostapd_cli -p /var/run/hostapd-phy0 karma_add_black_ssid 01:SSID-NAME > /dev/null

No, that won't work. Just type 'hostapd_cli -h' in a SSH session to see the available options.

[WPA Handshake .cap file will not load]

This will only work when cracking WEP, for WPA all packets need to be captured in order to have a successfull 4-way-handshake.

You are right! My mistake, bad suggestion, don't use --ivs

[Blacklist for wifi MAC addresses doesnt seem to work]

I have the following in my bootscript which prevents my other devices to connect to the MKV:

# Start Karma
hostapd_cli -p /var/run/hostapd-phy0 karma_enable >/dev/null 2>&1 &
sleep 2
# Add own MAC addresses
hostapd_cli -p /var/run/hostapd-phy0 karma_add_black_mac 00:XX:XX:XX:XX:XX > /dev/null
hostapd_cli -p /var/run/hostapd-phy0 karma_add_black_mac 01:XX:XX:XX:XX:XX > /dev/null

(post from Developer)

WiFi Pineapple Developer

Posted 13 November 2013 - 11:41 PM

At the moment they are kept in RAM, not flash. Our next iteration of karma actually has a lot more when it comes to usability and versatility.

Stay tuned.

Looking forward to that!

[WPA Handshake .cap file will not load]

I'm sure I'm doing all the correct steps to capture the handshake, and I've used the wifite script as well as the site survey infusion. It always looks like a successful capture but when I try and convert it to a .hccap no dice. I've tried this on multiple networks and interfaces as well. Have you actually (Not just in theory) converted a captured handshake from the pineapple to a .hccap?

Nope, sorry. I never converted a capture file to hccap, I have just (succesfully) used the cap file in aircrack-ng.

Maybe it would help to try the --ivs option in airodump-ng? This would only capture the required packets for cracking.

[WPA Handshake .cap file will not load]

I've tested it out with the mark iv as well and I'm still unable to capture a valid handshake.

Has anyone actually captured and cracked a 4 way handshake with the wifi pineapple?

I cannot tell from the screenshots if you have followed the right steps to capture a handshake (the last step I see is a deauth, but that doesn't guarantee that there is a reconnect from this client).

And yes, sure this is possible. Try using the wifite python script (search on this forum). This automates the steps required to capture a handshake.

[Bully (reaver alternative) on the Mark V]

But why is bully faster?

Can someone tell me the main differences between Reaver and Bully that affects operatingspeed?

Hard to tell without studying the source (https://github.com/bdpurcell/bully) but the author says the main differences with Reaver are:

It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture.

[Few issues newbie]

What firmware are you on?

[tcpdump?]

when using tcpdump! which port is best to use along with the mkv? should I use wlan0 or wlan1? to scan the traffic going through?

You should take br-lan as the interface (not sure if you mean that with 'port')

for instance: tcpdump -n -C 10 -W 100 -i br-lan -w /sd/packetlog.pcap (this will create a maximum of 100 files, each 10MB big with all traffic from connected clients)

[Now what?]

Wifite works perfect on the MKV, just don't use the dictionary attack (WPA key cracking with pyrit/cowpatty), that would take too much time because of the limited processing power.

Just follow the installation steps on: https://code.google.com/p/wifite/

No further configuration needed.

[Expansion slots]

Great, will try that too!

[Expansion slots]

I do have a pi running kali connected to the ethernet port.

Do you share internet from the MKV to the Pi or the other way around? Does this work without difficult configuration?

[[Infusion Idea] Extremely Powerful Python Creds program - LANs.py]

Will require a bit of configuration but it is very likely that this will work since this is all Python based. Just need to install Scapy + nfqueue-bindings (BeEF will be a harder).

[Recommended 21 Mbps (HSPA+) 3G dongle?]

Can anyone recommend any 21 Mbps (HSPA+) 3G dongle that works out of the box with the WiFi Pineapple? Or with a readily available script? :)

Preferably one that allows an external antenna to be attached to it.

Thanks a bunch in advance,

ocn^

As I understood the modems mentioned in this URL are considered to be supported by the Pineapple:

http://www.draisberghof.de/usb_modeswitch/device_reference.txt

[Boot DIP options]

The wait command is not intended for that. Try using sleep.

In my script I use a couple of sleep commands, it adds up to about 180 seconds so you should be fine with that. I think it doesn't even matter for autossh since it will keep trying to make a connection.

[Boot DIP options]

You can add the following to your boot dip script:

/etc/init.d/autossh start >/dev/null &

[Battery Packs?]

No problem to use the MKV battery packs from the shop for the MKIV. Same voltage and connector.

[live ftp output of tcpdump and urlsnarf to a remote computer]

Nope, urlsnarf doesn't provide that option. You can schedule the following script to run for instance every 15 minutes:

#!/bin/sh
logger "Clean-up Script Executed"

# q = threshold in bytes
q=52428800
w=`ls -la /sd/urlsnarf.log | awk '{print $5}'`
if [ $w -ge $q ]; then
	logger "Log over threshold, zip and truncate"
	DATE=$(date +"%Y%m%d%H%M")
	gzip -f /sd/urlsnarf.log
	mv /sd/urlsnarf.log.gz /sd/$DATE.urlsnarf.log.gz
	echo "Log truncated" > /sd/urlsnarf.log
else
	logger "Log looking good"
fi

[live ftp output of tcpdump and urlsnarf to a remote computer]

I use the following which is at least more secure than the ftp solution:

tail -f file-on-pineapple.log | ssh username@remoteshell "cat >> file-on-ssh-server.log"

If you have setup your ssh connection right you will not be prompted for a password.

Other options to look at are rsync and nc (netcat). The latter has a nice tutorial in the Hak5 channel on Youtube.

[Karma Timestamps]

You could use the following:

tail -f /tmp/karma-phy0.log | grep 'pass\|AP-STA-DISCONNECTED\|Successful' | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; }' >> /sd/karma.log

Modify the grep query to fit your needs, this logs connects and disconnects. If you want to log probes you would probably pipe through uniq as well.

[[Support] SSLstrip]

Is there a reason that sslstrip version 0.6 is installed instead of version 0.9? Did anyone try to update this?

Already found out myself. Version 0.9 can be used:

opkg update
opkg install pyopenssl
wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz -O /sd/sslstrip-0.9.tar.gz
cd /sd
tar zxvf sslstrip-0.9.tar.gz
cd sslstrip-0.9
python ./setup.py install

Install the sslstrip infusion (1.4) after this. Sslstrip will then run with version 0.9 instead of 0.6 from the Web UI.

[[Release] 1.0.1 - Codename: The Real Deal]

Nobody responded to my post above.... Anyone else seeing these errors in their syslog? Is it normal?

13:30:30 Pineapple daemon.warn dnsmasq-dhcp[1798]: no address range available for DHCP request via wlan1

I have had this in my log on both the Mark IV en V but never found a solution. It doesn't affect the workings though (as I know of).

[Powering the Mark V via USB (method)]

Not sure how this is with the Mark V but my guess is that a laptop USB port has too little power (500 mA) where you probably going to need 1A+

[Powering the Mark V via USB (method)]

WARNING: Only do this if you really need to, it could easily harm your device, so try it at your own risk!

Hey guys, so here is a quick tutorial on how to power your pineapple via a laptop USB port!

1. Grab a USB cable (i used a usb to micro-usb)

2. Grap a DC cable (same size as the one that came with your pineapple)

3. Cut the USB cable at about halfway

4. Cut the DC cable at about halfway

5. On the USB cable, cut away the insulation until you have the smaller wires inside. Keep the red and black ones and cut the rest off.

6. Trim the insulation off the red and blacks, so you only have the wire

7. Cut the insulation away from your DC cable so you have two wires

8. Carefully twist the red wire from the USB cable around one of the wires from the DC cable

9. Repeat step 8 with the black wire

You should now have something that looks like this

<snip>

Now simply wrap the wires with insulation tape and you should be good to go. Always plug in to a USB port that is powerd, or has the USB+ sign.

Hope this helps!

I would add a step 10.

10. (Double) Check polarity of your new cable and check if this is identical to the original cable.

Switching polarity causes on instant fry of your device.