esa

If i get the issue, in your case using the web interface (GUI) will result in frequent shutdown of nano? Some options: 1) Verify that there is enough power for the nano. Try different ways to power your device and see if that improves the stability 2) Reset to factory default ==> you have tried that but it didnt work out 3) Recover the firmware to original then perform firmware upgrading. Another advise, treat the OS as fragile. For each module that you install, ensure that the key features of nano still works before installing another module. Do use the shutdown button if possible.

So you SSH into WiFi Pineapple, ran ifconfig and did not find any adapter matching wlan1 or wlan1mon? Can you post a screenshot of the results of ifconfig & iwconfig & iwlist.

Try to deauth for a longer duration. This will act as a DDOS and force the device to search for alternatives. My advise is to use the console mode to do it. Wifi Pineapple wlan0 is your default AP, you should use wlan1 to perform the deauth. After you ssh into Wifi Pineapple: run code (1) to check whether wlan1 or wlan1mon exist. If wlan1 exist, run (2) else run (3). Code (2) merely enables monitoring mode for wlan1, it also renames it to wlan1mon. Code (3) merely dumps out whatever wlan1mon can receive from WiFi, so you should see some APs and etc. Next run (4) to perform deauth. You will need to configure the command accordingly to which MAC you are going to deauth. Use aireplay-ng -h to list the help. parameter -a & -c might be wrong do verify. 1) ifconfig 2) airmon-ng start wlan1 3) airodump-ng wlan1mon 4) aireplay-ng -0 0 -a xxxxxx -c xxxxx wlan1mon https://www.aircrack-ng.org/doku.php?id=deauthentication

I do face occasional issues when using the GUI and it usually can be solve either by a power reset or factory reset. Sometimes Recon scan will hang at 100%, other times PineAP will not work as intended. Generally SSH into the device will offer a more reliable experience. Furthermore with the console mode you are able to debug what exactly is wrong. Also when you are facing too many issues it could be that the firmware wasnt updated properly, thus a firmware recovery might come handy.

https://vidlox.tv/003o08meqxds Looks safe to watch. Perform your own scan at virustotal or scanurl. http://www.urlvoid.com/scan/vidlox.tv/ https://www.virustotal.com/en/url/17e7e97152632ac94790fc58cec48efd52aa304c519c6411a69aba5e2c526c0b/analysis/1494506372/ https://scanurl.net/u/vidlox-tv-003o08meqxds

Added SSID tracking. Could just use this module. https://github.com/esa101/ReconPlus-nano/tree/version3.0

It is not a complete solution but it should work on a portion of your targets. Yes ssid probe request is based on previous connected ssid and it works even when the real AP is not nearby. You should get an iPhone and a cheap android phone to experiment with. Do share your script if you have it.

MAC address should change to a spoofed one as soon as it is disconnected from the real Wi-Fi network. On the timing of the change, it seems randomised, there is no fixed interval that i observed. More info. There are also some articles which suggest that iOS MAC randomization could be defeated. But the catch is that you need to know his real MAC to begin with. https://arxiv.org/pdf/1703.02874v1.pdf

Btw is the 2 x 7dBi Panel Antennas worth it ? Thinking of a upgrade too. How effective is it for you ?

I am using a default Nano setup. 1) Interference caused by external environment at time of scan is beyond our control. http://packetworks.net/blog/common-causes-of-wifi-interference 3) On iOS, tx probe changes very frequently within mins (no exact value). The only time it reveals it actual MAC is when it is connected to a AP. 4) Once again i do not have the stats, but you should expect to see this behaviour on most modern phones. Try it on Nexus or iPhone another i forgotten to mention, I am also not certain if phones tx at consistence power. Too many factors.

Please experiment, maybe you have better luck than me. My conclusion is that relying on WiFi probes from client device is not reliable and does not work for all cases. Some challenges would be: 1) interference in signal resulting is fluctuating signal strength 2) Wifi probe times differs between devices & OS, the target might be long gone before his/her device tx again 3) IOS mac address randomisation & some Android OS/Phones 4) Power saving mode which turns off Wifi tx when screen is off 5) We are assuming the Wifi module is turned on

#!/usr/bin/python import os import time import datetime import argparse import netaddr import sys import logging from scapy.all import * from pprint import pprint from logging.handlers import RotatingFileHandler from collections import OrderedDict NAME = 'probemon' DESCRIPTION = "a command line tool for logging 802.11 probe request frames" DEBUG = False myDict = {} def packet_callback(packet): if not packet.haslayer(Dot11): return # we are looking for management frames with a probe subtype # if neither match we are done here if packet.type != 0 or packet.subtype != 0x04: return # list of output fields fields = [] # append the mac address itself fields.append(packet.addr2) # parse mac address and look up the organization from the vendor octets #if mac_info: # try: # parsed_mac = netaddr.EUI(packet.addr2) # fields.append(parsed_mac.oui.registration().org) # except netaddr.core.NotRegisteredError, e: # fields.append('UNKNOWN') # include the SSID in the probe frame #if ssid: fields.append(packet.info) delimiter='\t' textkey = delimiter.join(fields) #if rssi: rssi_val = -(256-ord(packet.notdecoded[-2:-1])) fields.append(str(rssi_val)) # determine preferred time format log_time = str(int(time.time())) #if time_fmt == 'iso': log_time = datetime.datetime.now().isoformat() fields.append(log_time) # logger.info(delimiter.join(fields)) clear = lambda : os.system('tput reset') clear() myDict[textkey] = rssi_val, datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'), int(ord(packet[Dot11Elt:3].info)) mySortedDict = OrderedDict(sorted(myDict.items(), key=lambda t: t[0])) for i in mySortedDict: print myDict[i][0], myDict[i][1], myDict[i][2], i #sys.stdout.write('%s\n' % textkey) #sys.stdout.flush() def main(): parser = argparse.ArgumentParser(description=DESCRIPTION) parser.add_argument('-i', '--interface', help="capture interface") parser.add_argument('-t', '--time', default='iso', help="output time format (unix, iso)") parser.add_argument('-o', '--output', default='probemon.log', help="logging output location") parser.add_argument('-b', '--max-bytes', default=5000000, help="maximum log size in bytes before rotating") parser.add_argument('-c', '--max-backups', default=99999, help="maximum number of log files to keep") parser.add_argument('-d', '--delimiter', default='\t', help="output field delimiter") parser.add_argument('-f', '--mac-info', action='store_true', help="include MAC address manufacturer") parser.add_argument('-s', '--ssid', action='store_true', help="include probe SSID in output") parser.add_argument('-r', '--rssi', action='store_true', help="include rssi in output") parser.add_argument('-D', '--debug', action='store_true', help="enable debug output") parser.add_argument('-l', '--log', action='store_true', help="enable scrolling live view of the logfile") args = parser.parse_args() if not args.interface: print "error: capture interface not given, try --help" sys.exit(-1) DEBUG = args.debug # setup our rotating logger logger = logging.getLogger(NAME) logger.setLevel(logging.INFO) handler = RotatingFileHandler(args.output, maxBytes=args.max_bytes, backupCount=args.max_backups) logger.addHandler(handler) if args.log: logger.addHandler(logging.StreamHandler(sys.stdout)) #while True: # for channel in range(1, 14, 1): # os.system("iwconfig " + args.interface + " channel " + str(channel)) # print "[+] Sniffing on channel " + str(channel) sniff(iface=args.interface, prn=packet_callback, store=0) if __name__ == '__main__': main() might be useful.

Just a minor change between the base Recon module code on Tetra & Nano. Thus i believe this should work for Tetra users. As i do not have a Tetra, i gotta rely on those who have it to help try it. https://github.com/esa101/ReconPlus-Tetra Have also updated the first post to include separate links to modules for Nano & Tetra.

Thanks for helping to upload this and also helping to diff the network module in the other thread.

Hi i just assumed Tetra & Nano are sharing the same module. As i do not have a Tetra, is it possible to upload the Tetra's default Recon module. I will do a code comparison and would likely be able to "fix" it if the changes is not too significant.

Try wget http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/base/Packages.gz And report ur observations

Thanks will give sublime text a try after my Jetbrain trial expires this weekend.

I have been using a trial version of JetBrains WebStorm for development of some Nano/Tetra modules. Unfortunately the trial is expiring & it is a costly product @129USD for a year's license. Any modules developers can recommend something good that you are using? Requires support for html, angularjs, python, php.

Was looking for the same function. Couldnt find it so i just modded the networking module instead. Surprisingly straightforward mod < 5 lines of codes. Copy the files and replace the files in the original networking module. Do highlight if it works or there are any bugs. https://github.com/esa101/NetworkingPlus

my bad there is a missing folder in my git upload. Please create a folder called "log" in the module's directory. It should work after that. cd /pineapple/module/ReconPlus mkdir log For others who intend to install in their sd card. transfer ReconPlus to /sd/modules/ReconPlus and remember to create the softlink. ln -s /sd/modules/ReconPlus /pineapple/module/ReconPlus

1) I can easily power my Nano without both usb connection plugged in. I connect it straight to my laptop. 2) It is a pain in the arse to get internet on Windows, somehow it always forget my settings. a) Ensure that you have internet b) connect your pineapple to your pc and wait till the blue led are solid or the portal is up c) On your main internet interface->properties->sharing turn off internet sharing and wait 10 sec. d) On the same tab select your pineapple interface and turn on internet sharing, wait 10 sec. Close tab by clicking ok. e) On your pineapple interface -> properties -> networking select the IPv4 & enter the ip address 172.16.42.42/255.255.255.0. f) Now you pineapple should have internet. Else disable your pineapple interface, enable it again and repeat steps (c) to (e)

1 solution. Use your phone to connect to SBUX wifi then "accept and connect" thru the phone's browser. Now that the phone has internet, turn on usb tethering and connect your pineapple to the phone using usb connection. Dun forget to download the wifi pineapple apk for easy access to your pineapple's management console. **Dont think there is an easy solution to an offline captive portal. Good luck hf.

this is strange, doesnt sound like a faulty hardware since you can get it to work occasionally. try this and report any errors faced: 1) restart your pineapple 2) ssh to it 3) Start wlan1 as monitor mode using airmon-ng airmon-ng wlan1 start 4) Perform airodump using your wlan1mon interface. you should expect to see some MAC addresses in your vicinity airodump-ng wlan1mon 5) This performs the same command as running recon on 2.4ghz for 1min. The results will be stored in /tmp/re pinesniffer wlan1mon 60 1 /tmp/re 6) Read /tmp/re, you should expect some results cat /tmp/re

Can you elaborate why this setup is not ideal? If it is not working, try using 192.168.1.2 as the destination ip.

Depends on your needs. By default (using GUI) wlan0 is responsible for AP while wlan1 does sniffing and injection. If you want to create a free rogue AP, then connect to wlan0. If you want to monitor/sniff then connect to wlan1. If you want to deauth a device and force it to connect to your AP, then you will need both.