Lockon

I agree with jjd, this situation, it doesn't seem to make much sense in terms of the budget and goal. What is your company concerned over? Sensitive information being leaked out to the public or unauthorized parties? You don't have to use a laptop, I use an old Nexus tablet to perform simple monitoring functions but key loggers are something that should be implemented at the IT-level, in other words it should've been on the company laptops in the first place. I'm not comfortable sharing how you could inject malware remotely because if you don't know how, there's a risk involved in sharing it here. Besides, I'm under the assumption that those laptops are using some kind of antimalware and it may alarm the user of such attempt. What you can't easily monitor remotely in your situation is when users take any data off the machine physically, like saving it to a disc or flash drive, but they don't have to be in a cafeteria to do it. It would help if you knew what the exact policies are. Are users allowed to check their personal emails from work? Do they have a limited user account or administrative access? What is their AUP (acceptable use policies) outside of the common "no porn sites, no P2P file sharing, no installation of any 3rd party software, etc.) If the AUP allows for employees to check their personal emails for example and you sslstrip and save the data, you are also violating privacy rights of the users if caught.

I wish we could get Fios here...

Interesting approach towards cooling, it's not unusual as I've seen people put cooling fans on smartphones before. Gray, if it's working for you then props to you!

I can't believe the level of support for a $100 device. Bravo Seb!

Noticed that when you select "Remove All Rolls", the checkboxes for each roll remains visually checked, even though they are no longer functioning.

Thx Seb, I was too lazy to look it up on my phone (super slow connection). BTW, do you ever sleep?

I'd like to keep my Alfa (on wlan2) connected full time but every time Pineapple boots up, my Alfa ends up broadcasting a SSID as an AP. I know I can SSH into it and bring wlan2 down manually but I'd like to know what I need to do in the wireless config file to prevent this. I only want to use the Alfa for monitoring/injecting, not as an AP.

The NHA does indeed work as I have it on my rig with no special tweaking or changes to anything other than the defaults. The easiest thing you can do is have the adapter plugged in prior to boot up. SSH into it then type: ifconfig The NHA on my rig shows up as WLAN2.

I've had some odd issues with Karma as well but like you I haven't taken the time to duplicate it and explain it well enough to post about it here.

Yes, SSLstrip is very old and all the dependencies are not current. You could manually rebuild them yourself or simply wait for an update.

You could manually format it in another machine using FAT16/32 or EXT.

I subscribe to the idea that there's a difference between being concerned for security versus fear mongering.

New article but old topic, free unsecure wifi has always come with big risks and it's not exclusive to using a Pineapple. The article fails to mention that you could do the same thing with just about any ol' computer running free software off the internet with a much less than $50. When I see articles like that, it's no different than saying "watch out, people can buy fruit knives at the stores and they could stab you if you don't watch out".

This isn't a big deal but I noticed that the pbjtroll doesn't have any sound. When I looked at the PHP file, I noticed it points to a mp3 file that doesn't seem to exist either in the SD card or the Pineapple infusion folders. Is this intentional?

You can't change the network adapter's actual hardware MAC address but you can spoof it temporarily, however spoofing a MAC address for a wireless setup isn't going to protect you from someone even semi-decent in tracing a signal. As long as you're broadcasting something, the signal can be traced back to your physical location with enough time. If you spoof your ethernet connection's MAC address, your ISP "could" trace back your connection to your DSL or cable modem since your firewall offers you no protection in that situation.

I go by the name Ken since my real first name is hard to pronounce. Favorite game: No favorite, but currently play Diablo 3 to waste my free time Favorite OS: OS X, Debian, Win7 Favorite console: Atari 2600 Nationality: Asian Accent: unique to my location Age: 39 Sex: Male Race: Short asian with untraditional big eyes Height: 5'7 Build: Small Favorite band: Anything live Favorite book: The Little Engine That Could Favorite author: none Favorite movie: Transformers Animated (1986) Favorite director: none Favorite TV Show: Hak5 Favorite actor: none Favorite actress: Gemma Arterton Favorite Pinup: Darren Kitchen Favorite Comedian: Sinbad Other hobbies: Computers, cars, hiking, surfing and farting Favorite Car: Anything that doesn't burn more oil than gas Occupation: Engineer

Come on Seb, you know that RandomRoll is kind of a big deal. :D

Thank you Seb!

Issue: Refreshing the WiFi Pineapple MK5 tile indicates "Update found. Please open the large upgrade" even though the Mark V is already on 1.0.1

I'm finding that with the new 1.0.1 firmware, using RandomRoll sends the browser to the pineapple's login page. Possible that it's firmware related.

Let's use this this thread to identify any issues relating to the Mark V 1.0.1 firmware release.

Thanks for the super quick reply! Factory reset time...

Ok, discovered something after updating to the latest 1.0.1 firmware. urlsnarf is not working. No other infusions are installed yet at the moment other than the defaults. urlsnarf was installed from the P-bar, the tile indicates that it's not installed.

1. Make sure the correct interface is chosen. 2. Make sure Auto Refresh is showing On. 3. ? 4. Profit.

The scenario's very irresponsible. You shouldn't be at a public WiFi doing pen testing on any level, so if you get in trouble, then it's on you. That been said... Google got into trouble because they gathered (and stored) data using their equipment. It's not much different than setting up a MITM and allowed people to connect through you and you stored their data, cookies and passwords for later use, which you have no authorization to do. I've set something up in the past and merely watched where most people connect to without storing anything on my equipment. Most were boring, mostly Facebook, Instagram, Youtube, *.edu sites and webmail but that's about it, got boring really fast. I'm not entirely familiar with what the laws/policies are regarding the use of the Pineapple, I know some are fine with it, others believe it's like having a terrible weapon and are very much against it. I believe in the concept of ethical hacking for educational purposes, to understand and learn how things work for your personal use only. Anyone can go to a store and buy a kitchen knife but it becomes illegal as soon as you intend on using it in a malicious manner, other than its intended purpose. One can argue that public WiFi's are "use at your own risk" thus having your data captured using an un-secure connection is not much different than having your password written on a napkin for people to see. I believe that users have a responsibility to learn how to reduce their risks from "snoopers" when at public places with their mobile devices, can't expect the law/governments to bottle feed you 100% risk free internet use.