majajobee

Just to elaborate, when it comes to triangulating wifi devices there are traditional passive methods but also active methods which are more like ping. I'd like to hear thoughts on messing with any of it.

Not to rain on your parade, but you are missing some key steps between 2 and the rest of it. The victim will notice that they are being repeatedly disconnected from their wifi and if they are competent enough to check the list of available networks they will notice there are 2 networks with their home ssid name and one of them is listed as being an open network. If they connect, you are counting on them not to be intimidated by a router screen and you assume they know their wpa password. This technique requires the victim has the right mix of competence and incompetence, and it has a high degree of detection.

I want the pineapple to mess with 2.4 band signal triangulation.

Additional features? Please, do share.

I totally disagree, check the video again at 30mins you see a map with all devices. Your device will be there just like the rest, the map will show an anomaly which looks like random people poping in and out of existence as you walk down the street. Anyone with a clue will know what you're doing and a simple filter could make the system alert someone about a trouble maker like you and they would know your exact position. That's not even close to a working solution, and you compromised yourself.

There should be a browser feature that cross checks links you click on to those in your history and if a domain is too similar it will at least give you a popup warning before loading the page.

I believe this is the information you are looking for http://www.securitytube.net/video/1921 I have a dip switch set to call a script that, off the top of my head, looks like airmon-ng start wlan1 airbase-ng wlan1mon -Z 4 -P -C 10 -F /sd/basecaps/mybasecap This turns the pineapple into a wpa2 handshake harvester so you won't need to specify your ssid The next step is to take the file to oclhashcat to crack the keys

I want to turn Mac addresses into profiles. When I see my friend's iphone mac, I want to be able to save it, and add notes like his name, the time I saw the mac, the name of the network it was connected to (if any), macs of other devices that he was close to, and gps data would be sweet. Then I want the pineapple to alert me in the future when it detects my target device again, and log the stats I want. I also want to profile APs. I want the pineapple to alert me in the future when it detects devices probing for an AP that I have a profile for. It would also be pretty sweet to take the ssids that a device is probing for and create a html link to the wiggle website to lookup where that AP is located.

You guys have the wrong idea about how their tracking technology works. It's like creepy dol on steroids. It's location tracking without being connected to a network. Triangulation based off your probes I assume. If you haven't seen the defcon talk regarding creepy dol: I don't think Newbi3's solution will work. To someone monitoring the system I think it would be obvious that one person is walking around with a device that is randomly changing macs. One of my assumptions is that the main reason this would be obvious is because 99% of devices use omni-directional antennas, which would make it much easier to triangulate a signal. My theory is that I can project digital doppelgangers of other people's devices, making the entire system more difficult to get accurate information out of. I'm just using walmart as an example, a better one would be a public area under a facist government, or Brendan O'Connor stalking a city for his how motives. The other thing to note is that these systems also use other signals like gsm to track you as well, and that will take extra steps to thwart. It's a cat and mouse game, does the pineapple have what it take to beat the creepy dol ?

It's a wifi pineapple you should be able to do better than that. "They can see where you’ve been in the store with a resolution of a couple of feet (much better than GPS)" I'm talking about being able to walk into walmart with a pineapple and a few directional antennas, logging the macs of your fellow shoppers and replaying them around the store, maybe even with different power levels? That's got a better chance of messing up what it is they are trying to do.

http://networkingnerd.net/2014/06/10/dont-track-my-mac/ Many people have responded to NSA tracking by troling them, one example: http://trollthensa.com/ Can the pineapple do something similar for the way we are being tracked with our mac addresseses? If it were flooding the airwaves with random macs or, even better repeating the macs of random people in the area, it may render their information useless or at least very difficult to use. Thoughts?

The beef framework has a fake flash update but it serves the payload straight to the victim without sending them to to an adobe site. He is talking about using the pineapple and doesn't mention beef in the talk. I think he likely took the same functionality of the beef injection and ported it to the pineapple then set up the the fake site on the pineapple to make it look legit.

I would like to see you make that video for sure, but are you sure that is what he is doing? It looks to me like the the adobe site is fake, and the .dmg was premade.

I was hoping someone would take a shot at breaking down the attack he does at 41mins with a mark 5.

I would like functionality to check on a file/log from within the gui similar to.the.tail command. Its implementes in infusions like karma, but i want to choose.the file to display.

Hello, thank you for your reply, What I really meant to ask is, Has anyone had success performing brute force attacks with the pineapple, and if so what steps they had taken to get there. I was surprised to not find any infusion capable of brute forcing a router login page. For example, this page: http://codereview.stackexchange.com/questions/12659/brute-force-http-with-python has a method. I just wanted to ask if there was a way the community has found to perform such an attack?

Has anyone been able to get nmap scripts to work on MKV? In particular I'm interested in the http brute force script. Also is there any other way to perform brute force attacks with the pineapple?