No/few Clients Connected, Not Even Own Clients

[velkrosmaak]

So it feels as though I'm almost there! Got an AP51, got the Wifi Pineapple firmware on there and have the BBS style UI in front of me. When I disconnect, and reconnect to my own wifi, on my phone - say, I just connect to my own AP rather than through the pineapple. Does this mean that this attack only works if the actual AP you're imitating isn't there? That would explain why my testing hasn't been working.

I've renamed the built in pineapple SSID to Free Public Wifi (something like that) as a kind of honeypot, but even when I connect to that no traffic is captured (urlsnarf, driftnet, for example)

Incidentally, is there a way to disable the built in unprotected SSID?

Thanks in advance! :)

[Mr-Protocol]

So it feels as though I'm almost there! Got an AP51, got the Wifi Pineapple firmware on there and have the BBS style UI in front of me. When I disconnect, and reconnect to my own wifi, on my phone - say, I just connect to my own AP rather than through the pineapple. Does this mean that this attack only works if the actual AP you're imitating isn't there? That would explain why my testing hasn't been working.

Typically the device will pick the strongest signal. You can also de-auth and "guide" the clients to your device (Jasager).

I've renamed the built in pineapple SSID to Free Public Wifi (something like that) as a kind of honeypot, but even when I connect to that no traffic is captured (urlsnarf, driftnet, for example)

Probably because of https? If you have a MITM laptop then try sniffing there.

Incidentally, is there a way to disable the built in unprotected SSID?

Thanks in advance! :)

Yes, but I'm not sure why you would want to. It leaves more options to get targets. I'm not sure exactly what needs changed because I am at work, but maybe someone else can jump on and see what settings would need changed.

[velkrosmaak]

Aah ok, I think I'm misunderstanding something pretty fundamental here then. I thought Jasager was already installed as part of the Wifi Pineapple firmware... Karma!=Jasager?

If not, how do I go about getting Jasager to 'say Ja!'?

Have Googled but as ever am finding a lot of conflicting info which to a newb like myself is very confusing.

Thanks Mr. P, I surely owe you a beer now with all the help you've given me!

[Mr-Protocol]

Karma == Jasager

When you flash the firmware it is already there. Login to the Web UI, enable Karma, and on your computer make up a new network connection to auto connect with no authentication and see if it pops up. Name it something like "Mr-Protocol Was Here" for the SSID.

[velkrosmaak]

I will try that when I get home.

How can I force existing clients to deauth from their own AP's and reconnect to mine or is that automatic?

[Mr-Protocol]

deauth in the web gui or use a laptop with aircrack-ng suite to deauth them.

[barry99705]

Unless they are connecting to an unencrypted access point in the first place, or have one already configured, you can't. If they have encryption enabled and you deauth them from their own network, when the laptop tries to reconnect to your pineapple it won't have the key and their laptop won't connect.

[velkrosmaak]

I thought this was what Jasager was for? To 'say yes' even if the AP they are looking for is encrypted... no?

For de-authing from the web UI is it just a case of copying and pasting MAC's from the list or is there an easier way I'm missing? Thanks dudes!

[PineDominator]

I thought this was what Jasager was for? To 'say yes' even if the AP they are looking for is encrypted... no?

For de-authing from the web UI is it just a case of copying and pasting MAC's from the list or is there an easier way I'm missing? Thanks dudes!

Use a laptop with backtrack or something because deauthing via the markiii has never worked, waiting for it to be fixed or better improved.

how to get it to work:

ssh into pineapple, do a airodump-ng mon.wlan0, seems to only scan the channels the wlan0 card is set to ie 9, 10, 11.

then in the web ui enter the mac of the person you want to deauth, and if this person is connected to a wireless network that is not in the range 9, 10, 11 you will need to change the mon.wlan0 channel

just to complicated until there are some improvements.

[velkrosmaak]

That is pretty damn complicated. Is there a way to just send a mass deauth packet? Seem to remember there being one.

Or does this JasagerPWN script do everything I want?

Confusing!

Thanks

[Darren Kitchen]

There is a script for aircrack-ng called airdrop-ng which will deauth based on rules. For example, all devices with an Apple OUI, or all devices that aren't connected to, say, our pineapple :)

We're working on getting that to run but resources are tight on the MK3 and it requires Python, which is rather large. For now using Airdrop-ng from a laptop is a good alternative. Here's an episode on the tool: http://hak5.org/episodes/episode-626

Also Karma != Jasager. Jasager is the name we gave 'Karma on the Fon' which eventually evolved into the suite of tools we install on the portable device. The device can be a Fon, Open-Mesh or AP51 -- something we've pre-installed and marketed as the WiFi Pineapple MK1, 2 and 3. That's a bit of a nit pick really, the long and short of it is -- if you've flashed the Jasager firmware on your own or bought a WiFi Pineapple you have the tools, including Karma.