Jump to content

Jassager & Encryption


Recommended Posts

Hi, apologies for all the noob questions. Pineapple is working well now so one last one. Is this attack scenario possible? (couldn't find a definitive answer on the forum search)

hack WPA key of target network -> configure pineapple to use that network's WPA key -> launch MITM attacks



Link to comment
Share on other sites

No interceptor is not what you're looking for - the interceptor (and the markIV conversion to interceptor - which is not currently available but promised) is for wired MITM (ethernet). I'm not sure if the pineapple has wpa_supplicant, but it might be available in opkg. Do the following:

opkg update

opkg install wpa-supplicant

If that works, you're golden. Hack the WPA key with reaver, then connect to the AP, then run some arpspoof (it should be part of the dsniff package - opkg install dsniff).

I don't have my markIV handy, so I'm just guessing about all this stuff. Give it a try and report back here!


Link to comment
Share on other sites

I'm not really sure what you mean leapole. If you're saying that you can setup the ssid of the pineapple to be the same as the wpa-encrypted access point, then somehow "set the network key" the same as the wpa-encrypted access point, deauth said access point and replace it with the pineapples own wpa-encrypted with the same ssid? I'd love to know how to do this, because right now the pineapple is not setup to do anything with encryption as far as I know.

What I think the OP is after is this: some access point has wpa and he wants to leave his pineapple there so that it can crack the wpa (assuming via reaver), join the wpa network, then execute some MITM attacks (cap all the packets, use sslstrip, urlsnarf, what have you) on the still-working original wpa encrypted access point.


Link to comment
Share on other sites

Ok well here let me say it this way.

Get wpa key - you have to do this no matter what

setup pineapple use reaver to get wpa

Option 1 - client style attack

after getting key
Connect the target access point with network manager - be a client
run arpspoof to become the router
Start having fun with tools

Option Two

set the ssid, type of encryption, and wpa key to same as target - you are the Internet/AP provider
deauth target router to gain clients
start having fun with tools

I guess anyway you want to do it is up to you, I guess it depends on the target network setup and stuff your doing.

Personally I would use option 2 - Some of the place I hang out at you can not arpspoof the network and they use mac controls and stuff.

Also when using option 1 , All your traffic is on the network where an IDS, or other system and detect plus log all the stuff you have done.

For option 2, They will see the ap you are using but none of the tools or other stuff because you are taking them off the target network and putting them on yours.

Also its been a long time since I looked but isn't the intercepter a ethernet tap that would broadcast the traffic out to the wifi network so you can check it form afar?

so it was internet in(wan port), then internet out(lanport, also mirrored to the wifi interface for no touch snooping)

Edited by leapole
Link to comment
Share on other sites

set the ssid, type of encryption, and wpa key to same as target - you are the Internet/AP provider

deauth target router to gain clients

start having fun with tools

The above is what I am attempting. wpa_supplicant was already installed on my mk4, ill try and figure it out and report back. I've noticed the network manager module has an option to set WPA encryption, does anyone know if changing that would work? I'm hesitant to test it myself as last time I changed anything in that module I had to reflash.

Edited by metalayer
Link to comment
Share on other sites

Okay found this thread - http://forums.hak5.org/index.php?/topic/24590-using-wpa-on-the-wifi-pineapple-mk-3/

Suggests that wpa can be configured in the wireless config in /etc/config

Went here - http://wiki.openwrt.org/doc/uci/wireless to find the needed settings, here is what I've got -

config wifi-device radio0

option type mac80211

option channel 11

option macaddr 00:c0:ca:64:7c:d6

option hwmode 11ng

option htmode HT20

list ht_capab SHORT-GI-20

list ht_capab SHORT-GI-40

list ht_capab RX-STBC1

list ht_capab DSSS_CCK-40


config wifi-iface

option device radio0

option network lan

option mode ap

option ssid OpenWrt

option encryption psk-tkip

option key 1l22pcQY


No luck. The pineapple is definitely reading the config as its changed the BSSID to OpenWrt but the AP is still open. Any ideas?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...