madhak Posted January 31, 2013 Share Posted January 31, 2013 Hi Guys, I should receive my pineapple tomorrow and I been reading the entire forum , wiki, and manual but besides some similarity with WM and Digininja interceptor project, I think this one is a bit different. I want to put Coovachilli or Chillispot on the pineapple, since its already supported on open-wrt, I assume Its should be an easy task... Unless some of you already tried and can share their success? I know how to configure it and install it on centos and ubuntu but the limited resource on the pineapple may bring some challenge. I also want to put tinyproxy and privoxy in order to inject content into passing traffic. I have limited experience with those and I'm currently getting it to work on centos. but that's just for a proof of concept, my main goal is the captive portal. I consider myself as experienced with captive portal and I want to see how deep down the hole I can go on such a limited device. The goal of this experience is to simulate the following scenario that I think is happening in an Hotel where I manage the network... -Hacker power on his pineapple in Jasager + NAT mode -Hacker copy the splash page and store it in pineapple web server for future use -Client roam close to the Hacker and autojoin the pineapple -Client is presented the legit splash page to enter his credential -Client authorise the pineapple not his device (because of NAT) to use internet on the network -Hacker have free internet now, but that doesn’t stop there alto it could in theory... that's where I want to dig deeper -Hacker turn on his own captive portal and redirect the splash to the pineapple web server where a copy of the legit splash page is stored. -An other client roam close the the Hacker and autojoin. -Client2 enter his credential and the pineapple captive portal is set to accept any. -On top of that hacker insert key logger in client 1 and 2 traffic while they were in range and you know... -Client get online, but his credential were not used and can be resold to client 3 under the table at discount by hacker (maybe) -Client 1 and 2 roam away from hacker and can't connect as the legit captive portal say already connected (then I get complain) -Client 3 is satisfied, he bought the credential at discount and can roam until client 2 complain and the credential get reset. As you can see, that make a lot of unhappy client they think my network suck, most complain of similar incident were reported by iphone users so far. That doesn’t happened all the time, its been 6 month since the last time one of the hotel network I manage was hacked seriously and we are very serious about security, I can tell on the map where he is spoofing but don't have enough proof to perform physical body inspection, hopefully he's leaving this weekend. We are using Meraki AP and custom centos Layer3/7 gateway/firewall/captive portal with IDS. By documenting and proving that this is possible, I will be able to reach to my client and explain the situation regarding sporadically unsatisfied user as well as putting in place contingency plan to make my public network a safe place. Tell me what do you think and any suggestion comment are welcome. maybe a captive portal and captive frame module could emerge from that. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.