[Passive HTML Injection?]

I've been looking at something like this my self. Koto's fork of sslstrip has been modified so you can change the response, i.e. inject HTML. It also makes use of HTML5s AppCache thus attacks will continue to work even if the user has disconnected from your network. I've not got around to getting a PoC setup on the pineapple yet but I would recommend checking it out and having a play with it.

[Fruit-Fi Scan - Scan and parse iw scan]

Nice, have you tested that on the pineapple? I figured there would be an easier way but I was having enough headache at the time haha.

Works pretty well. Thanks for sharing. I'm not sure how you would edit out the quotes around the SSID, but I will play around with it.

No worries. I left the quotes in so it's easier to programmatically parse the SSIDs that have spaces in them. You could gsub them out or pipe to tr, like so (un-tested):

| tr -d '"'

p.s. Sorry for hijacking your thread! :)

[Fruit-Fi Scan - Scan and parse iw scan]

Here's a one liner:

iwlist wlan0 scan | awk '/ESSID/ {gsub("ESSID:","",$1); print $1} /Address/ {printf "%s ", $5} /Frequency/ {gsub("\)","",$4); printf "%s ", $4}'

Which will output in the format of:

MAC CHANNEL SSID