koolkarnt

So is there really any regular daily practical uses for this Tor? and in simple words what is the actual purpose of using tor - yes i know its keep you secret etc - but to what ends? what can yu achive with tor you could not with achive with other browsers etc? all I turn up is what you have already said.

iphone (anything) ..... not worth the trouble - trust me. look to android

I always wack in the command line manually -vv so i can see all messages. otherwise I start to think its not doing anything and stop it.. lol. (this option is under advance, display non-critical) @Zarabyte - Are you confiming the AP is wps is enabled? use your nexus to scan with wifite. @anyone - has anyone managed to get any result from "wash -i mon0" in ssh?

Noted: The router Im working on is my technicolor tg587n v3 - 2011. this is proberly where they started the above security increase but this guy is still crackable alledgedly - i have found 1 post out there on the nets that say he took 5-7 days. Currently trying to get head around these 0x01 --> 0x04 codes and they really mean. This document here http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf explains very nicely the m1--> m7 messages and its meaning and some detailed info about wps and its flaws.

I got wpscan.py and wpspy.py from source sec - essentually the same tools bigpwned uses to scan the routers for serial, etc. I also had to wack on scapy to make these work.. - which required a quick edit of both scripts for the line "from scapy import" to "from scapy.all import*" which resolved a little error I got on first run. currently its erroring out on ipv6 and somthing else but still does the scan - havent had much look at wpspy and what it actually does.. I think its just does the same function as wash. i dont know if they have any benifit as yet over wifite & bigpwned scripts. Does anyone have bigpwned version 1.0? from xiaopan - i havent been able to find the update yet...

Yes... this looks like a possible solution.. will try n let ya know. Cheers

Not really.... what I have seen out there is more "showing" what it does rather than how to do it. I would strongly suggest you master the basics of linux OS systems. Moving, making, deleting files/folders, compiling code, runnning scripts, pythons, bash, networking, Command line navigation, how to mount drives, ssh, and all that sort of stuff. why? well once you have a good understanding of linux and how it runs, your adventures with a pineapple will be VERY enjoyable, you will KNOW what to do. All the tutorials out there show you little bits of puzzels on the above knowalge. so when you encounter a new script on this site for example, you will just download it and smash out a quick chmod whatever and you will be awesome!

Thanks Zarabyte -will have a look via ssh and have a chat to the WPS infusion code - see if I can have a win with moving that little irratation to another place.

Ill give you an idea of how I started. My AP at home - connects all my little devices and computers. Taking my Kali VM, i plug in my TP-LINK WN 722N (USB) which becomes a wireless card inside kali only (mac doesnt recognise it) The VM is not in bridged mode or anything. it has no network connection to my AP, has no IP address. Now - using my TPLink card - I connect kali to my AP - i now have a IP address - at this point your now able to start seeing traffic on the network. at this stage you could use wireshark, or ettercap or a host of other apps that review the traffic. ...... what Im astonished is there is a course for this? now someone tells me. lol

I use the TP-LINK WN 722N (USB) - Run on linux/kali like a charm - out of the box, plug n sniff. this device is also compatible with my pwnie pad & apprently the wifi pineapple? yet to try it as i already have two wlans on it.. but three might be nice..

Two nights ago I installed Wifite on the Wifi pineapple via SSH. works a treat.

Personally I looked at making a iphone pentester... and found the exceptional amount of effort working on a 4inch screen is just prohibitive. As a couple of folks said - the performace of the iphone goes down the drain, and the wifi card doesnt support what you really need for true pentesting.. and I cant stand a ios keyboard for working in terminal. i miss my tab key. A Andriod device on the other hand has been developed - working - stable and some what alot more user freindly. Just purchased a nexus 7 which Ill be running the community edition of pwnie pad on - for those of you with a LG Nexus 5 will be able to flash the pwnie phone image with a linux system. Kudos on the ios version but gunna go with the one with flash support :)

idea for 1.4.2 1st time update check on firmware update tile to check if update is around when netwokr wlan1 is enabled... *i manually checked out of curiosity and found this was up. DCHP editor? is there one already or am I over looking a setting? there is some cases where I can see a different dchp setup required.. move the "disable Wlan0" option to say.. somewhere else. other than over the "disable wlan1" option in wifi manager and wps. I dont know how many times Ive killed my link on the ipad this way.. frustrating. other than that.. so far so good. keep up the good works.

have asked for in other thread. i tried wash and it wouldnt show. managed toget wifite installed, bigpwned and a few others. ssh seems to be the better option at the moment until infusions dev is alot easier.

bvtw - Hating the "Disable Wlan0" option so close to the others.. since im accessing via wlan0 on wifi.. its a rather annoying to accidently disable your access to PA - how do I code this line to be on the far right ... waaaay away from directly above "diable wlan1" option????

exciting update: have managed to installed Wpspy.py, wpscan.py & scapy which has assisted with nothing..... but hey.. nice to know they work. was toying with the idea of accessing PA via eth0 and seeing wlan0 to do somework (ath card rather than realtek). the above posts suggest nah.. waste of time. thought the different cards may make difference on my tg587n v3... If anyone has had any... and I mean more than 20% wps pin success rate with a technicolour tg587n v3 .. let me know. best i have gotten so far is like 0.03% with a 320 timeout on lockouts.

Actually I started digging into the ssh side of the PA, and wouldnt ya know it? wash is already installed. - doesnt seem to work at this moment - just sits there. So looking further found wifite can be installed and ran on Mrk 5 - tested /# wget -O wifite.py http://wifite.googlecode.com/svn/trunk/wifite.py /# chmod +x wifite.py /# python wifite.py anyways this is how I am now able to determine if a AP is WPS pin protected. ...

Edit~ Much later on.. I have managed to successfully create a rouge AP Honeypot... 1: connected to PA via broadcasted ssid - login to port 1471 2: start wlan1 - client mode - connect to hotspot on phone (used my iphone - yay) 3: installed infusions wifi manger,ettercap & sslstrip 4: enabled ISC from wlan1 to wlan0 in wifi manager 5: tested networking, can access sites and such. - next step 6: ettercap - set to scan br-lan with arp poisions enabled for all hosts -unified sniffing started 7: sslstrip started 8: TESTING! Tested with ipad and mac air. Regualr social media and mail sites such as yahoo, wordpress, google, facebook, etc captured 100% all manually entered authentication --- no success with app's like FB or skype or any other app that auto logs in on the ipad - andriod testing pending --- could not connect to app store, OWA webmail host, gmail host, or authenticate windows LDAP connections nor capture those attempts **UPDATE: Having some minor success with Ettercap/ssl on a connected as a client on target network and see probe requests and such - but no rock solid success as you get with honey pot mode. **Email Creds Stripped from IDevices** Discovered on ipad, when connecting to the honey pot, a warning box appears regarding the mail providers, saying "cant determine if http://XXXX.XX.X is real or not" contine, cancel or view. if the user presses "continue" it is at this point the devices will happily provide the PA the packets containing the ever elusive email passwords etc. Seems Certificate spoofing could be something worth looking at.

- to Charge... the Switch needs to be ON to charge. - not sure if its assumed that people know this, but I assumed it needed to be off to charge, two days later I read that little gem. Can this be added to the booklet that comes with the Pineapple & battery? - Very good information that. really.

omg.. where is your sense of adventure.... ? maybe we can do a cummunity effort. Im handy but no idea how to help with something like this.

Hello everyone. - This captive portal issue prevents me from getting internet access to my pineapple, as it requires a username and password. I cant seem to find any way to provide this via the pineapple. I also cant join the "Hidden" networks around... is there a way to join hidden networks with the pineapple? - manually enter SSID, encryption type and password?

Hi all. Is there a way for the Site Survey to reveal is the AP has WPS enabled please? I see some networks that I know dont support WPS pins or have them disabled. I have looked and looked and either I missing something or there is no clear indication of the supported WPS feature..