Basic Pineapple Question

[jamesd3rd]

From what I understand, the pineapple impersonates SSIDs a wifi user is used to seeing so if someone was interested in doing some sniffing, an unknowing user would connect to it. Now what if someone is in a coffee shop, airport or hotel and they have been there before so their laptop theoretically would already be aware of the network. If there is a man in the middle doing some sniffing, would there be two instances of the sameSSID when a user is looking for a wireless network? If so, how would one distinguish one from the other? Some venues like airports use an SSID related to their name but there is no real sign on. You are taken to a portal before you get to any other site.

How would one know if they were going through a man in the middle or not?

[Mr-Protocol]

Jasager works by responding to the SSID probe the computer sends out looking for the wireless networks it 'remembers'.

As to being able to tell if you are being MITM, I don't really think there is a way to tell. UNLESS it is something where you visit an HTTPS site and the HTTPS is stripped out using SSL Strip.

Cause you could just run a normal wifi router, hook it up to a linux machine and bridge the interface the router is on to the internet. Will not show up as a hop and you can packet sniff.

Also high end switches have a "Monitor" port on them for things like IDS/IPS systems.

Also switches are known to turn into a hub (broadcast all packets) if the number of MAC addresses it needs to keep track of gets too high.

[jamesd3rd]

Jasager works by responding to the SSID probe the computer sends out looking for the wireless networks it 'remembers'.

As to being able to tell if you are being MITM, I don't really think there is a way to tell. UNLESS it is something where you visit an HTTPS site and the HTTPS is stripped out using SSL Strip.

Cause you could just run a normal wifi router, hook it up to a linux machine and bridge the interface the router is on to the internet. Will not show up as a hop and you can packet sniff.

Also high end switches have a "Monitor" port on them for things like IDS/IPS systems.

Also switches are known to turn into a hub (broadcast all packets) if the number of MAC addresses it needs to keep track of gets too high.

It's precisely this SSID I'm talking about. In Windows for example, I would search for wireless networks. If I were in a place that just happened to have an SSID my computer remembered, would I see two instances of the network; the legit one and the Jasager impersonating when it responds to the probe?

[Mr-Protocol]

It depends on the OS. When I was showing Jasager to my co-worker his Win7 laptop showed 2 different networks.

SSID

-and-

SSID2

WinXP will just auto connect.

Not sure about linux.

I could be wrong about the windows 7 due to his PC wasn't using built in windows wireless agent. Anyone else care to verify?

Things to consider:

-Win7 you have to actively check the box to auto connect to unencrypted networks, if that is on it will connect to the first open one it finds.

-The computer may just auto connect to whatever is probed out first that it is supposed to auto connect to.

-There is a script out there that was out there to kind of more-so guide people to your jasager.

airdrop-ng Season 6 Ep. 626

Side note: Numbering scheme for seasons? I don't get it... First digit is the season # then it goes 19-26... Anyone care to inform me of why lol.

Edited July 11, 2010 by Mr-Protocol

[digininja]

The TV industry do shows in batches of 26 so Darren copies that. It will go from 0601 to 0626 then reset to 0701 and up again to 0726.