badscr Posted October 24, 2013 Posted October 24, 2013 (edited) Can it pull the tweets, Facebook, emails, web surffing , from smart phones and laptops in the area with a flip of a switch? I am working with someone and wants to break some false perceptions that the general public has. Like people thank that the only why that spying can work is if there is a warrant like without it there is Noway to get this info like the warrant has magical powers. We want to pull everyone's tweets, emails, Facebook posts, show web pages they are looking at, and anything else we can, for anyone connected to the pineapple. (Will have to mask passwords maybe names). And display it onto a big screen. We want to demonstrate a little of what the ns@ is doing. Near real-time. Thanks, Edited October 24, 2013 by badscr Quote
dustbyter Posted October 24, 2013 Posted October 24, 2013 I would imagine that the SSLStrip infusion may get some of the information you are looking for. But let me be clear that on this forum we do not condone this type of activities. If you are to do this type of assessment, ensure that you have express written consent from the network owner and that the network users are informed that their data may be sniffed. Quote
badscr Posted October 24, 2013 Author Posted October 24, 2013 Oh yes I want to stay on the legal side of things I love my freedom. This is suppose to Be a political statement and raise awareness about the massive invasion on privice the government is doing. Naturally written consent from the owners and signs that hopfuly say "all your communications will be monitored for your safety" and some other signs to keep it legal. I am not going to break the law. Infact sowing a double standard would be a good thing to. I have to do all these things to be ligal and the gov can ignore these things and do what they want. Quote
ScottHelme Posted October 24, 2013 Posted October 24, 2013 Sounds like SSLstrip coupled with either TCPdump or Wireshark is what you're looking for. Yes it can be done :-) Quote
catohagen Posted October 25, 2013 Posted October 25, 2013 In theory, yes......in the real world, unlikely unless people spesificly selects to connect to your open wifi....as current Karma doesnt work with newish devices, so you can do the same with a normal router and laptop with sslstrip Quote
hfam Posted October 25, 2013 Posted October 25, 2013 Can it pull the tweets, Facebook, emails, web surffing , from smart phones and laptops in the area with a flip of a switch? I am working with someone and wants to break some false perceptions that the general public has. Like people thank that the only why that spying can work is if there is a warrant like without it there is Noway to get this info like the warrant has magical powers. We want to pull everyone's tweets, emails, Facebook posts, show web pages they are looking at, and anything else we can, for anyone connected to the pineapple. (Will have to mask passwords maybe names). And display it onto a big screen. We want to demonstrate a little of what the ns@ is doing. Near real-time. Thanks, I'm not sure how a MKV is going to "mimic" what the NSA does with regard to personal privacy, or how you position a demonstration based on those parameters to relate in any way to what the NSA is doing. A couple of salient points: - I would have to hunt far and wide to find anyone who still actually believes that a warrant is a crucial requirement for data spying and acquisition, your mileage may vary. - The "warrant" is a legal issue and has nothing to do with technical capabilities. The definition of "spying" belies any sort of notion that a "warrant" is required. - The NSA is able to achieve their warrantless spying because they not only have the ability to capture packets on the internet backbones, but the other crucial issue is that they have padded the bank accounts of private sector tech giants millions and millions of OUR taxpayer dollars, in secret, so they will provide the ability to violate your privacy through back doors, and unmitigated access to decrypted data. Microsoft, Apple, Skype, YouTube, Box, Twitter, Google...you name it, the NSA has paid them off with OUR money, in secret...and these companies took the money, in secret...and let them in the back door, giving the NSA complete, unmitigated access to the data AND the identifying data, in secret...so they can save it all and pin whatever the witch hunt du jour is at the FedGov on you, your friends, neighbors, and loved ones at their leisure. Every one of these corporations happily obliged the NSA in their quest to violate your 4th amendment rights. I suppose at an almost unrelated level you can attempt to show...something...regarding the issue of eavesdropping on what most assume is a private data stream, but I assure you that PRISM doesn't incorporate SSLStrip, pineapples, or warrants, to achieve their goal of making sure they can prove everyone is a criminal. It would be very hard to equate the two aside from the base issue of obtaining data in secret. Good luck on your presentation though :) Quote
badscr Posted November 28, 2013 Author Posted November 28, 2013 (edited) Ok, how? I am a total noob here. An artist and I want to pull everyone's tweets, emails, Facebook posts, show web pages they are looking at, and anything else we can, and display it (human readable) with a projector for everyone to see. All automatically. It'll all be kept legal. The first showing of this art piece will be in DC most likely. My first thought was to use the pineapple and a Ubuntu desktop with a lamp server to process the data from the pineapple. And when the computer boots it would lunch a web browser at localhost/index.php that would display it all to a projector with the passwords masked out except the first two digits of the password. And it would be in real time. Was thinking the webpage would be split left side shows text based stuff like emails, SMS, tweets ext. And the right side would be a iframe that would load the latest webpages that people are looking at. I want be able to be there and I'm not going to ssh, so it needs to be as easy as flipping a switch. How can I do this, would Bluetooth be better? I don't think I can do this alone I need help with this project. Edited November 28, 2013 by badscr Quote
Mr-Protocol Posted November 28, 2013 Posted November 28, 2013 I think what you are trying to do would fall under illegal. Unless you own the network and proper notification to the users is given that their traffic is being monitored. From there it would be breaking people's privacy to show the posts of people who set their information to friends only for example and you plaster it up on a projector somewhere. And just my initial thoughts to the "easy as flipping a swtich", this isn't Hollywood lol. Quote
badscr Posted November 28, 2013 Author Posted November 28, 2013 I've got the writen permission of the network owner, and was thinking of lots of signs disclosing that there data is being monitored and publicly displayed and maybe every visitor signs a waver. The switch thing yah I know but I mean supper easy. Zoom zoom enhance. Should I just scrap this project then, the gallery owner and the arrest wants to do this. Quote
King Crimson Posted November 29, 2013 Posted November 29, 2013 http://www.youtube.com/watch?v=URVS4H7vrdU I think what you are trying to do would fall under illegal. Unless you own the network and proper notification to the users is given that their traffic is being monitored. From there it would be breaking people's privacy to show the posts of people who set their information to friends only for example and you plaster it up on a projector somewhere. And just my initial thoughts to the "easy as flipping a swtich", this isn't Hollywood lol. Quote
yabasoya Posted November 29, 2013 Posted November 29, 2013 badscr.. Do you watch magic shows? We wouldn't be perceived as amazing anymore when you reveal how easy this is done. King Krimson.. For days I thought that was you in your avatar trying to look sexy. It just hit me that is David Hasselhoff when he fell off the wagon.. LOL Quote
King Crimson Posted November 29, 2013 Posted November 29, 2013 ROFLMFAO After a typical Thanksgiving with my wife's relatives, you sir, made my day lol badscr.. Do you watch magic shows? We wouldn't be perceived as amazing anymore when you reveal how easy this is done.King Krimson.. For days I thought that was you in your avatar trying to look sexy. It just hit me that is David Hasselhoff when he fell off the wagon.. LOL Quote
Lockon Posted November 29, 2013 Posted November 29, 2013 Can it pull the tweets, Facebook, emails, web surffing , from smart phones and laptops in the area with a flip of a switch? I am working with someone and wants to break some false perceptions that the general public has. Like people thank that the only why that spying can work is if there is a warrant like without it there is Noway to get this info like the warrant has magical powers. We want to pull everyone's tweets, emails, Facebook posts, show web pages they are looking at, and anything else we can, for anyone connected to the pineapple. (Will have to mask passwords maybe names). And display it onto a big screen. We want to demonstrate a little of what the ns@ is doing. Near real-time. Thanks, Not from a legal perspective. The N** is different because as a government agency, they're allowed to monitor all traffic which passes through the USA. For you to do it, even with the "green light" from the management, unless they can produce signed documents stating that all of their users fully understand and agree to the terms that all of their activities to include personal content (i.e. online banking, shopping, etc.) may be monitored, the company to include yourself may face serious legal issues. I think what you are trying to do would fall under illegal. Unless you own the network and proper notification to the users is given that their traffic is being monitored. From there it would be breaking people's privacy to show the posts of people who set their information to friends only for example and you plaster it up on a projector somewhere. And just my initial thoughts to the "easy as flipping a swtich", this isn't Hollywood lol. Well said Mr. Protocol, couldn't have said it better myself. Quote
bASketCaSE Posted November 29, 2013 Posted November 29, 2013 I'm not sure how a MKV is going to "mimic" what the NSA does with regard to personal privacy, or how you position a demonstration based on those parameters to relate in any way to what the NSA is doing. A couple of salient points: - I would have to hunt far and wide to find anyone who still actually believes that a warrant is a crucial requirement for data spying and acquisition, your mileage may vary. - The "warrant" is a legal issue and has nothing to do with technical capabilities. The definition of "spying" belies any sort of notion that a "warrant" is required. - The NSA is able to achieve their warrantless spying because they not only have the ability to capture packets on the internet backbones, but the other crucial issue is that they have padded the bank accounts of private sector tech giants millions and millions of OUR taxpayer dollars, in secret, so they will provide the ability to violate your privacy through back doors, and unmitigated access to decrypted data. Microsoft, Apple, Skype, YouTube, Box, Twitter, Google...you name it, the NSA has paid them off with OUR money, in secret...and these companies took the money, in secret...and let them in the back door, giving the NSA complete, unmitigated access to the data AND the identifying data, in secret...so they can save it all and pin whatever the witch hunt du jour is at the FedGov on you, your friends, neighbors, and loved ones at their leisure. Every one of these corporations happily obliged the NSA in their quest to violate your 4th amendment rights. I suppose at an almost unrelated level you can attempt to show...something...regarding the issue of eavesdropping on what most assume is a private data stream, but I assure you that PRISM doesn't incorporate SSLStrip, pineapples, or warrants, to achieve their goal of making sure they can prove everyone is a criminal. It would be very hard to equate the two aside from the base issue of obtaining data in secret. Good luck on your presentation though :) Brilliant.. :D Quote
badscr Posted November 29, 2013 Author Posted November 29, 2013 Alright I'm pulling the plug on it, :). Well, I've now got a pineapple to play with at home. Thanks for all the input. Quote
badscr Posted November 30, 2013 Author Posted November 30, 2013 (edited) badscr.. Do you watch magic shows? We wouldn't be perceived as amazing anymore when you reveal how easy this is done. I don't want to show people how to do it or what is being used to do it. Its not some hole in the wall place. I talked to them today and tried to talk them out of it, they said they have layers and they got the legal side of it handeled. Edited November 30, 2013 by badscr Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.