SSLstrip + DNS spoofing + URLsnaff + DEauth

[WallE]

Alright so I have been employed to do a job pretty simple. My client want to know if he is safe surfing at home with his wifi. Obviously he is not and here how I want to show him:

First of all I want to run URLsnaff for few day, to set the attack. Listening all the best he is surfing and all.

Then after this is done I would like to make phishing page for the website he is using that use HSTS (The new protection against SSLstrip) (Sorry this thread will not be about phishing page, I don't have any question about it actually just want to tell my attack in detail)

The client is using WPA-PSK wireless, so I wanted to just Deauth his wifi, or jamm it. Then put everybody on my favorite fruit with karma.

Once everybody is on my pineapple, I would like to run SSLstrip + DNS spoof for the page that are HSTS protected and deauth/jamm the wpa wifi every once in a while.

So I was wondering if you think that was the best solution AND if you think the wifi pineapple can handle this? I heard that if you use it for too much action it will just power off.

Thanks you communtiy!

[Foxtrot]

Alright so I have been employed to do a job pretty simple. My client want to know if he is safe surfing at home with his wifi. Obviously he is not and here how I want to show him:

First of all I want to run URLsnaff for few day, to set the attack. Listening all the best he is surfing and all.

Then after this is done I would like to make phishing page for the website he is using that use HSTS (The new protection against SSLstrip) (Sorry this thread will not be about phishing page, I don't have any question about it actually just want to tell my attack in detail)

The client is using WPA-PSK wireless, so I wanted to just Deauth his wifi, or jamm it. Then put everybody on my favorite fruit with karma.

Once everybody is on my pineapple, I would like to run SSLstrip + DNS spoof for the page that are HSTS protected and deauth/jamm the wpa wifi every once in a while.

So I was wondering if you think that was the best solution AND if you think the wifi pineapple can handle this? I heard that if you use it for too much action it will just power off.

Thanks you communtiy!

I would do it like this :

Grab two pineapples, sadly because the pineapple probly wont handle all these jobs, so run Karma and Deauth on pineapple1 and the URLSnarf and DNSpoof on pineapple2. Tango mode perhaps: ) I'm not sure if you can do such thing though...

Goodluck,

-Foxtrot

[WallE]

And what about the SSL strip? Do I have to use it at another moment than DNS spoofing enabled because they both redirect port 80?

By the way are you sure that I will have to purchase another pineapple ? Wouldn't like to buy another one for nothing!

[Foxtrot]

And what about the SSL strip? Do I have to use it at another moment than DNS spoofing enabled because they both redirect port 80?

By the way are you sure that I will have to purchase another pineapple ? Wouldn't like to buy another one for nothing!

Like I said, Im not advising you to buy another pineapple, im just wondering if it would work.

-Foxtrot

[WallE]

Hmmm should I or should I not for this task?

[boob00]

I would do it like this :

Grab two pineapples, sadly because the pineapple probly wont handle all these jobs, so run Karma and Deauth on pineapple1 and the URLSnarf and DNSpoof on pineapple2. Tango mode perhaps: ) I'm not sure if you can do such thing though...

Goodluck,

-Foxtrot

Foxtrot, unless he had a second wifi radio, would he be able to deauth while still allowing connections through karma? It would make sense that he ran say urlsnarf and deauth on pineapple 1 and karma and dnsspoof on pineapple 2. Heres a video by Darren Kitchen about tango mode.

http://hak5.org/videolog/wifi-pineapple-tango-mode-proof-of-concept-demo

funny i came accross this, i recently (5 days ago) ordered another pineapple to start playing around with tango mode.