WallE Posted March 30, 2013 Share Posted March 30, 2013 Alright so I have been employed to do a job pretty simple. My client want to know if he is safe surfing at home with his wifi. Obviously he is not and here how I want to show him: First of all I want to run URLsnaff for few day, to set the attack. Listening all the best he is surfing and all. Then after this is done I would like to make phishing page for the website he is using that use HSTS (The new protection against SSLstrip) (Sorry this thread will not be about phishing page, I don't have any question about it actually just want to tell my attack in detail) The client is using WPA-PSK wireless, so I wanted to just Deauth his wifi, or jamm it. Then put everybody on my favorite fruit with karma. Once everybody is on my pineapple, I would like to run SSLstrip + DNS spoof for the page that are HSTS protected and deauth/jamm the wpa wifi every once in a while. So I was wondering if you think that was the best solution AND if you think the wifi pineapple can handle this? I heard that if you use it for too much action it will just power off. Thanks you communtiy! Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted March 30, 2013 Share Posted March 30, 2013 Alright so I have been employed to do a job pretty simple. My client want to know if he is safe surfing at home with his wifi. Obviously he is not and here how I want to show him: First of all I want to run URLsnaff for few day, to set the attack. Listening all the best he is surfing and all. Then after this is done I would like to make phishing page for the website he is using that use HSTS (The new protection against SSLstrip) (Sorry this thread will not be about phishing page, I don't have any question about it actually just want to tell my attack in detail) The client is using WPA-PSK wireless, so I wanted to just Deauth his wifi, or jamm it. Then put everybody on my favorite fruit with karma. Once everybody is on my pineapple, I would like to run SSLstrip + DNS spoof for the page that are HSTS protected and deauth/jamm the wpa wifi every once in a while. So I was wondering if you think that was the best solution AND if you think the wifi pineapple can handle this? I heard that if you use it for too much action it will just power off. Thanks you communtiy! I would do it like this : Grab two pineapples, sadly because the pineapple probly wont handle all these jobs, so run Karma and Deauth on pineapple1 and the URLSnarf and DNSpoof on pineapple2. Tango mode perhaps: ) I'm not sure if you can do such thing though... Goodluck, -Foxtrot Quote Link to comment Share on other sites More sharing options...
WallE Posted March 31, 2013 Author Share Posted March 31, 2013 And what about the SSL strip? Do I have to use it at another moment than DNS spoofing enabled because they both redirect port 80? By the way are you sure that I will have to purchase another pineapple ? Wouldn't like to buy another one for nothing! Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted March 31, 2013 Share Posted March 31, 2013 And what about the SSL strip? Do I have to use it at another moment than DNS spoofing enabled because they both redirect port 80? By the way are you sure that I will have to purchase another pineapple ? Wouldn't like to buy another one for nothing! Like I said, Im not advising you to buy another pineapple, im just wondering if it would work. -Foxtrot Quote Link to comment Share on other sites More sharing options...
WallE Posted March 31, 2013 Author Share Posted March 31, 2013 Hmmm should I or should I not for this task? Quote Link to comment Share on other sites More sharing options...
boob00 Posted July 11, 2013 Share Posted July 11, 2013 I would do it like this : Grab two pineapples, sadly because the pineapple probly wont handle all these jobs, so run Karma and Deauth on pineapple1 and the URLSnarf and DNSpoof on pineapple2. Tango mode perhaps: ) I'm not sure if you can do such thing though... Goodluck, -Foxtrot Foxtrot, unless he had a second wifi radio, would he be able to deauth while still allowing connections through karma? It would make sense that he ran say urlsnarf and deauth on pineapple 1 and karma and dnsspoof on pineapple 2. Heres a video by Darren Kitchen about tango mode. http://hak5.org/videolog/wifi-pineapple-tango-mode-proof-of-concept-demo funny i came accross this, i recently (5 days ago) ordered another pineapple to start playing around with tango mode. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.