Sterbehilfe Posted December 28, 2011 Share Posted December 28, 2011 I'm curious. instead of attempting to crack WPA, couldn't you set up wifi pineapple, then deauthenticate the user, then when they attempt to reconnect to their router they connect to your pineapple instead. need to somehow get them to connect your pineapple instead of the router, which i'm not sure how you would go about this bit. I haven't got a pineapple, so i can't test it, but whats are your thoughts? its my first post, be nice if this was a stupid question. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted December 28, 2011 Share Posted December 28, 2011 That could only work if 1) The device connecting to the WPA network will "dumb-down" it's connection to unsecured. And 2) If your pineapple has a stronger signal to the device. I have only heard of devices that would lower the security to connect to a network. I do not actually know of any devices that do this, so chances are what you would like to attempt is not possible. Quote Link to comment Share on other sites More sharing options...
digip Posted December 28, 2011 Share Posted December 28, 2011 By default the Pineapple will respond to any device "probing" to connect and answer as the probed device. However, you need to be damn close to the target to really get them on the pineapple, as the real router will also see the probe and answer for the 4 way handshake. You would probably have to overpower the other routers signal. On top of that, it will more than likely fail to connect, since most peoples connection settings will be stored for their WPA keys, depending on what they were using, and more than likely it will ignore the pineapple since it will default to WPA and not receive the handshake from the pineapple. Only way to know for sure, is try it yourself and check the results. Report back what you find though. I'd like to know what happens when you MITM a WPA handshake and if Windows or whatever OS is at the other end, will "dumb down" as Mr-Protocol puts it and try to default back to no authentication. It shouldn't, but I have no way of testing it from here to confirm that and I wouldn't be surprised that Windows XP vs Vista, vs 7 all do something different in the process. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted December 28, 2011 Share Posted December 28, 2011 I dont think you can MITM a WPA handshake due to checksum. Basically if you don't know the key, you don't get a full handshake. Quote Link to comment Share on other sites More sharing options...
digip Posted December 29, 2011 Share Posted December 29, 2011 (edited) I dont think you can MITM a WPA handshake due to checksum. Basically if you don't know the key, you don't get a full handshake. Yeah, I wasn't saying MITM to get WPA handshake or anything like that. I meant stepping in between the client and the intended router and intercepting the connection, and if it would "dumb-down" like you said, which I don't think it will do automatically. Once you save the WPA key, its going to want to do the handshake, and if that process doesn't happen, I think it will just drop the connection and ignore the pineapple. Testing this though would be the only way to say one way or the other though and every OS might handle it differently. Edited December 29, 2011 by digip Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted December 29, 2011 Share Posted December 29, 2011 There is a tool in aircrack to do a MITM style attack against WPA-TKIP. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted December 29, 2011 Share Posted December 29, 2011 There is a tool in aircrack to do a MITM style attack against WPA-TKIP. Don't think so. If you don't know the key it simply will not talk to you other than trying to establish that 4 way handshake. Quote Link to comment Share on other sites More sharing options...
petersmejia Posted December 29, 2011 Share Posted December 29, 2011 Actually I've noticed that when I have my pineapple running near my home router it does "dumb down" my WPA protected AP. It shows my home AP which is protected with WPA Encryption and the same ssid with no encryption. However It still auto connects to the encrypted AP. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted December 29, 2011 Share Posted December 29, 2011 Don't think so. If you don't know the key it simply will not talk to you other than trying to establish that 4 way handshake. No, I think so, it's just a little known tool that executes a MITM style attack against WPA TKIP. http://www.aircrack-ng.org/doku.php?id=tkiptun-ng Quote Link to comment Share on other sites More sharing options...
Sterbehilfe Posted December 30, 2011 Author Share Posted December 30, 2011 thanks for the replies, perhaps i didn't have a clear understanding of the pineapple, am i right in saying its ideal for the network they usually connect to, isn't there at all and when the target first turns on their pc/laptop. I still think it's a neat idea, just be better if it were possible Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted December 30, 2011 Share Posted December 30, 2011 No, I think so, it's just a little known tool that executes a MITM style attack against WPA TKIP. http://www.aircrack-ng.org/doku.php?id=tkiptun-ng To my understanding, that only will work if QoS is enabled. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.