P@c_M@n Posted May 6, 2011 Share Posted May 6, 2011 So, i saw the most recent episode and thought i would make a small script to show if you are connected to a pineapple instead of a real wireless network. its not a large script so here's the code: #!/usr/local/bin/python ########################### #Pineapple Preventer.py # #a small script to protect# #from an offline pineapple# #attack. # ########################### import socket def ping(IP="74.125.227.19",port=80): #IP is the address of google s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) try: s.connect((IP,port)) print "request accepted. No pineapples here :)" except: print "The request failed. Are you sure there aren't any pineapples lurking around?" s.close() It basically uses a socket to connect to google and then if it works, it gives the all clear. Now, i dont have a pineapple myself so I am just assuming this will work for an offline pineapple attack like the one that was shown in the last episode. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 7, 2011 Share Posted May 7, 2011 Not sure if that's gonna work, but what if the pineapple is only passively monitoring the traffic. Quote Link to comment Share on other sites More sharing options...
P@c_M@n Posted May 7, 2011 Author Share Posted May 7, 2011 I actually meant with just an offline attack like the one shown on the latest episode. Because the pineapple wasn't actually connected to the internet was it? Or am i mistaken? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 7, 2011 Share Posted May 7, 2011 (edited) I actually meant with just an offline attack like the one shown on the latest episode. Because the pineapple wasn't actually connected to the internet was it? Or am i mistaken? No, it wasn't connected to the internet. It was only redirecting the users to a fake facebook and twitter logon page and harvesting their credentials. Plus your script should work, as its trying to ping Google.com and since there is no internet connectivity, the end user should receive the warning message. "The request failed. Are you sure there aren't any pineapples lurking around" Edited May 7, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
digip Posted May 7, 2011 Share Posted May 7, 2011 This is fine for the offline attack and something to keep in your aresenal, but like mentioned, if someone was passively monitoring the traffic, you wouldn't be the wiser. Session hijacking liek Hamster and Ferret would be easy to implement without people being the wiser. Using tools like IronGeeks mac address monitor would also be a good idea. In any case, if you were using ANY kind of wireless that wasn't your own, it should be considered hostile and untrusted. Always tunnel your traffic where possible, or use a VPN when on someone else's wireless. Quote Link to comment Share on other sites More sharing options...
P@c_M@n Posted May 7, 2011 Author Share Posted May 7, 2011 This is fine for the offline attack and something to keep in your aresenal, but like mentioned, if someone was passively monitoring the traffic, you wouldn't be the wiser. Session hijacking liek Hamster and Ferret would be easy to implement without people being the wiser. Using tools like IronGeeks mac address monitor would also be a good idea. In any case, if you were using ANY kind of wireless that wasn't your own, it should be considered hostile and untrusted. Always tunnel your traffic where possible, or use a VPN when on someone else's wireless. Yeah i was just trying to write this crappy little script more as practice than anything else lol. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted May 8, 2011 Share Posted May 8, 2011 My pineapple's acting up and needs to be reflashed, but there's probably an IPTables command to counter this :P Quote Link to comment Share on other sites More sharing options...
cgront Posted May 8, 2011 Share Posted May 8, 2011 one thing to keep in mind is that (unless I am mistaken) the original Pineapple made you connect to it as if it was a network that you knew, like your home wireless network. so that would be the ssid, I may be wrong on that. but if that is true you could make a script that would check for stuff like that, that if you where not at home and you where getting an outer ip address that is not your home outer ip address then you flag the network and get off. if that make sense. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 8, 2011 Share Posted May 8, 2011 one thing to keep in mind is that (unless I am mistaken) the original Pineapple made you connect to it as if it was a network that you knew, like your home wireless network. so that would be the ssid, I may be wrong on that. but if that is true you could make a script that would check for stuff like that, that if you where not at home and you where getting an outer ip address that is not your home outer ip address then you flag the network and get off. if that make sense. Yeap, there's a video in the Securitytube website that demonstrates just that. That's something to be aware of and cautious about. If you see a wireless network with the same SSID as yours, that's a good indication that someone is trying to attack you. DO NOT connect to the wireless, report if you can and leave. Quote Link to comment Share on other sites More sharing options...
digip Posted May 8, 2011 Share Posted May 8, 2011 The easiest way to stop attacks of the pineapple are to change your wireless settings. Most windows users use the default, which means, whenever it sees an access point its been on before, it will automatically connect to it. You can change this per stored access point, in XP, Vista and 7. You just have to go into the wireless connections stored on your system and uncheck "automatically connect" or something similar. I don't have wireless on this machine in front of me, so I can't pull up the screen for he exact phrase, but its in there as an option for stored connections and access points you have already visited. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.