Connectivity Tip with SSH forwarding

[pseud0]

I'm sure this has been covered somewhere before but after helping out several folks at DefCon (soooooo many people buying pineapples) I thought I'd post it here in case someone else finds it useful.

There are lots of ways to get internet connectivity to the pineapple so that you can get your MitM juices flowing, but every now and then your best option is to use an access point (AP) that isn't so simple. Many locations will now offer free wifi but you need to visit a page and accept the terms and conditions (and/or pay). This presents an obvious issue for the pineapple and can force you into hauling out your laptop, connecting to the AP, accepting the terms, and then tethering to your pineapple via eth0. This obviously makes the rig less portable as you're now hardwired and not able to stow your kit away in that sweet concealable kit you've worked so hard on. (at some point I will build a teddy-borg) If you have a small form factor computer such as a Raspberry Pi available you do have other options. In my case I will attach my external antenna (alfa) to the RPi and then use eth0 to connect the RPi to the pineapple. I have my interfaces files setup to automagically bring up eth0 as 172.16.42.42 so I can then connect to the pineapple with my laptop over it's wireless interface and ssh into the RPi. I use command line to bring up wlan0 and attach to the target access point. I then use ssh forwarding to open the browser on the RPi, visit the terms and conditions page, accept, and get my connectivity. You can then run the wp4.sh script to setup the internet pass-through to your pineapple. For those that have never used it before doing ssh forwarding allows you to access applications on a remote computer in a secure manner. As an example, "ssh -X root@172.16.42.42 iceweasel" in this example causes the iceweasel browser to launch on the RPi but it is then tunneled across the network where it appears on my laptop screen. Every action I take in the browser actually takes place on the remote system including visiting pages, download files, etc. Another option is to kick open a full vnc session but that eats up a lot of resources to do the same thing. Anyway, hope this is useful and gives someone a new tool in their toolbox.

[SKG]

Great idea! Another method I like to use is swapping MAC addresses to get past those annoying browser landing pages. I set my pineapple to a MAC address of my liking and clone it to my phone as well. Using the phones browser I can accept the AP terms and put it away and fire up the pineapple. Most of these APs only record sessions by MAC so this is an easy solution if you are in a hurry. You could also grab a MAC from another active client on the network and use it.

[pseud0]

SKG, great tip and I've done it a few times myself. Lately I've been running into sites that place a cookie and this technique doesn't work. Already having the RPi in my kit lead me to do the ssh forwarding trick. If I didn't have that available I'd flip back to yours.