Jump to content

Working on tools for pi/pineapple

airman_dopey

By airman_dopey
in WiFi Pineapple Mark IV

 Share

Recommended Posts

airman_dopey Newbie

airman_dopey

Posted
Posted (edited)

Hey guys,

So Shadowblade72 and I have been working on push-button scripts to be used on a computer/rPi to offload a lot of the work the pineapple normally does. We are also working on expanding said tools to attack wired/wireless networks among other things. We fully plan on finalizing these tools and releasing them here on the Hak5 forums for everyone to use when we are done.

One of the problems we are having ATM is attempting to modify/sniff traffic using Ettercap between eth0 (connected to the pineapple) and wlan0 (connected to the AP). Does anyone know of a way of doing this? We have researched and attempted bridged mode in Ettercap and creating a new interface with the bridge mode already enabled to sniff that. Both will not work.

As far as Ettercap goes we are successfully Arp Poisoning and applying filters, we have modified etter.conf accordingly, but still cannot find out how to do the bridged mode properly. For the bridged interface, apparently you cannot connect a wired to a wireless. So bubcus there.

If anyone can simply point us in the right direction it would be greatly appreciated. Not looking to be spoonfed as we are trying to learn as we go.

Edited by airman_dopey
Link to comment
Share on other sites
ShadowBlade72 Newbie

ShadowBlade72

Posted
Posted (edited)

To clarify our setup:

Pineapple eth0<->eth0 PwnPi wlan0<->AP

So we don't need to do any ARP spoofing (I wouldn't think we would....) since the traffic is already being passed through the Pi. At this point we just need to pull that information off the wire and modify it in real time.

/proc/sys/net/ipv4/ip_forward = 1

Running bridged mode in ettercap stops the traffic as it disabled ip forwarding. In fact, running any ettercap stops ip forwarding. Using the -u to keep it from disabling ip_forwarding makes us unable to run filters against the traffic, which defeats the purpose.

Edited by ShadowBlade72
Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

I don't know about using ettercap, as I agree, you don't need it as you are already in the middle, but you can use either iptables or, hopefully, ebtables, to intercept all the traffic and send it through your own app.

If you have eth0 and wlan0 bridged in your setup then ebtables is required as the bridge traffic doesn't get high enough up the network stack for iptables to kick in. If you are routing then iptables will be able to do the job.

Check out sslstrip for an example iptables rule, and if I finally manage to get ebtables working I'll be posting about it somewhere soon so watch out for that.

Link to comment
Share on other sites
ShadowBlade72 Newbie

ShadowBlade72

Posted
Posted
I don't know about using ettercap, as I agree, you don't need it as you are already in the middle, but you can use either iptables or, hopefully, ebtables, to intercept all the traffic and send it through your own app.

If you have eth0 and wlan0 bridged in your setup then ebtables is required as the bridge traffic doesn't get high enough up the network stack for iptables to kick in. If you are routing then iptables will be able to do the job.

Check out sslstrip for an example iptables rule, and if I finally manage to get ebtables working I'll be posting about it somewhere soon so watch out for that.

The reason we want to use ettercap is for its ability to do on the fly packet manipulation. Are you aware of any other solutions which let you create filters and do real time manipulation?

Link to comment
Share on other sites
Sebkinne Grand Master

Sebkinne

Posted
Posted
The reason we want to use ettercap is for its ability to do on the fly packet manipulation. Are you aware of any other solutions which let you create filters and do real time manipulation?

You could use a ruby proxy (Maybe the one Digininja is working on, once it is modular) to handle packets in real time. That is probably better than ettercap in terms of the Pineapple.

Link to comment
Share on other sites
airman_dopey Newbie

airman_dopey

Posted
  • Author
Posted

Looking forward to seeing the work you guys are doing. I cannot speak for shadowblade, but I am putting that portion of our project on hold until I see how you guys did it.

Also, the tools we're working on are cli versions of what is already on the pineapple. Under the applications and coding section it states that script kiddie code will be removed. Would this type of stuff qualify? What exactly is "script kiddie code"?

Link to comment
Share on other sites
Sebkinne Grand Master

Sebkinne

Posted
Posted
Looking forward to seeing the work you guys are doing. I cannot speak for shadowblade, but I am putting that portion of our project on hold until I see how you guys did it.

Also, the tools we're working on are cli versions of what is already on the pineapple. Under the applications and coding section it states that script kiddie code will be removed. Would this type of stuff qualify? What exactly is "script kiddie code"?

Before you go and do all that work, the Pineapple MK4 v3.0 will have most things accessible through a CLI anyway. That is because of how the new UI will be built. It will supply an API for other tools / people to hook into. Now, there is NO ETA on the release of 3.0 but I figured it should be mentioned.

I don't think this is what I would call script kiddie code, so don't worry about it.

Link to comment
Share on other sites
ShadowBlade72 Newbie

ShadowBlade72

Posted
Posted

I'm with you Dopey. I'll put the packet injection on hold for now.

As far as the tools were writing, they're not specific to the Pineapple. Our goal is to have them be able to be used in conjunction with the pineapple to be more effective.

The pineapple is an amazing platform for capturing clients, but it's a bit slow once you start trying to run all of your attacks from it. Our goal is to offload those attacks to an external source, in my case the Pi.

At least that's what I perceive our goal is. Correct me if I'm wrong Dopey :).

I'll have to read up on Ebtables. By the way, have you guys ever heard of or used netsed?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...