velkrosmaak Posted February 8, 2012 Share Posted February 8, 2012 So it feels as though I'm almost there! Got an AP51, got the Wifi Pineapple firmware on there and have the BBS style UI in front of me. When I disconnect, and reconnect to my own wifi, on my phone - say, I just connect to my own AP rather than through the pineapple. Does this mean that this attack only works if the actual AP you're imitating isn't there? That would explain why my testing hasn't been working. I've renamed the built in pineapple SSID to Free Public Wifi (something like that) as a kind of honeypot, but even when I connect to that no traffic is captured (urlsnarf, driftnet, for example) Incidentally, is there a way to disable the built in unprotected SSID? Thanks in advance! :) Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 8, 2012 Share Posted February 8, 2012 So it feels as though I'm almost there! Got an AP51, got the Wifi Pineapple firmware on there and have the BBS style UI in front of me. When I disconnect, and reconnect to my own wifi, on my phone - say, I just connect to my own AP rather than through the pineapple. Does this mean that this attack only works if the actual AP you're imitating isn't there? That would explain why my testing hasn't been working. Typically the device will pick the strongest signal. You can also de-auth and "guide" the clients to your device (Jasager). I've renamed the built in pineapple SSID to Free Public Wifi (something like that) as a kind of honeypot, but even when I connect to that no traffic is captured (urlsnarf, driftnet, for example) Probably because of https? If you have a MITM laptop then try sniffing there. Incidentally, is there a way to disable the built in unprotected SSID? Thanks in advance! :) Yes, but I'm not sure why you would want to. It leaves more options to get targets. I'm not sure exactly what needs changed because I am at work, but maybe someone else can jump on and see what settings would need changed. Quote Link to comment Share on other sites More sharing options...
velkrosmaak Posted February 8, 2012 Author Share Posted February 8, 2012 Aah ok, I think I'm misunderstanding something pretty fundamental here then. I thought Jasager was already installed as part of the Wifi Pineapple firmware... Karma!=Jasager? If not, how do I go about getting Jasager to 'say Ja!'? Have Googled but as ever am finding a lot of conflicting info which to a newb like myself is very confusing. Thanks Mr. P, I surely owe you a beer now with all the help you've given me! Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 8, 2012 Share Posted February 8, 2012 Karma == Jasager When you flash the firmware it is already there. Login to the Web UI, enable Karma, and on your computer make up a new network connection to auto connect with no authentication and see if it pops up. Name it something like "Mr-Protocol Was Here" for the SSID. Quote Link to comment Share on other sites More sharing options...
velkrosmaak Posted February 8, 2012 Author Share Posted February 8, 2012 I will try that when I get home. How can I force existing clients to deauth from their own AP's and reconnect to mine or is that automatic? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 8, 2012 Share Posted February 8, 2012 deauth in the web gui or use a laptop with aircrack-ng suite to deauth them. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted February 8, 2012 Share Posted February 8, 2012 Unless they are connecting to an unencrypted access point in the first place, or have one already configured, you can't. If they have encryption enabled and you deauth them from their own network, when the laptop tries to reconnect to your pineapple it won't have the key and their laptop won't connect. Quote Link to comment Share on other sites More sharing options...
velkrosmaak Posted February 9, 2012 Author Share Posted February 9, 2012 I thought this was what Jasager was for? To 'say yes' even if the AP they are looking for is encrypted... no? For de-authing from the web UI is it just a case of copying and pasting MAC's from the list or is there an easier way I'm missing? Thanks dudes! Quote Link to comment Share on other sites More sharing options...
PineDominator Posted February 9, 2012 Share Posted February 9, 2012 I thought this was what Jasager was for? To 'say yes' even if the AP they are looking for is encrypted... no? For de-authing from the web UI is it just a case of copying and pasting MAC's from the list or is there an easier way I'm missing? Thanks dudes! Use a laptop with backtrack or something because deauthing via the markiii has never worked, waiting for it to be fixed or better improved. how to get it to work: ssh into pineapple, do a airodump-ng mon.wlan0, seems to only scan the channels the wlan0 card is set to ie 9, 10, 11. then in the web ui enter the mac of the person you want to deauth, and if this person is connected to a wireless network that is not in the range 9, 10, 11 you will need to change the mon.wlan0 channel just to complicated until there are some improvements. Quote Link to comment Share on other sites More sharing options...
velkrosmaak Posted February 9, 2012 Author Share Posted February 9, 2012 That is pretty damn complicated. Is there a way to just send a mass deauth packet? Seem to remember there being one. Or does this JasagerPWN script do everything I want? Confusing! Thanks Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted February 9, 2012 Share Posted February 9, 2012 There is a script for aircrack-ng called airdrop-ng which will deauth based on rules. For example, all devices with an Apple OUI, or all devices that aren't connected to, say, our pineapple :) We're working on getting that to run but resources are tight on the MK3 and it requires Python, which is rather large. For now using Airdrop-ng from a laptop is a good alternative. Here's an episode on the tool: http://hak5.org/episodes/episode-626 Also Karma != Jasager. Jasager is the name we gave 'Karma on the Fon' which eventually evolved into the suite of tools we install on the portable device. The device can be a Fon, Open-Mesh or AP51 -- something we've pre-installed and marketed as the WiFi Pineapple MK1, 2 and 3. That's a bit of a nit pick really, the long and short of it is -- if you've flashed the Jasager firmware on your own or bought a WiFi Pineapple you have the tools, including Karma. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.