Jump to content

PineappleSurprise


barry99705

Recommended Posts

Darren tweeted this the other day, thought I'd post it up here since not everyone follows him on twitter(though you really should).

https://github.com/troyhunt/PineappleSurprise

I got it working on my pineapple, but can't quite figure out the logging. It keeps dumping the logs into the www folder, no matter what I put in the index.php file.

Troy's page on it here.

http://www.troyhunt.com/2013/04/the-beginners-guide-to-breaking-website.html

Got logging to work.

$logFileName = "/sd/logs/myrandomname.log";

Edited by barry99705
Link to comment
Share on other sites

Got logging to work.

$logFileName = "/sd/logs/myrandomname.log";

Yes, the script has a small oddity, it has:

$logFileName = "yournamehere.log"; and allows you to configure furthermore:

$logFilePath = "/sd/logs/";

... yet the actual write uses only the first variable:

$handle = fopen($logFileName, 'a') or die("Can't open file");

So... a declaration of the full path and logname in $logFileName will work.

I like the iOS7 workaround in this script to convince iOS devices to connect without popups. RickRolers, are you paying attention?

// This is iOS' Wi-Fi connectivity test request: http://erratasec.blogspot.com.au/2010/09/apples-secret-wispr-request.html

// iOS 7 added some new domains to the wispr request:

// Seems the iOS 7 may have a heap of domains so also check for the "CaptiveNetworkSupport" header http://forum.daviddarts.com

if($requestedUri == "www.apple.com/library/test/success.html"

or $requestedHost == "www.appleiphonecell.com"

or $requestedHost == "captive.apple.com"

or $requestedHost == "www.ibook.info"

or $requestedHost == "www.itools.info"

or strpos($userAgent, "CaptiveNetworkSupport") !== false)

{

print_r("<HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML>");

exit();

}

Rather elegant.

Link to comment
Share on other sites

Nope, I've been having issues with dnsspoof on the mark 5 since I got it. Was pleasantly surprised this worked. I still can't redirect to an external ip address though. SSH in and check the conf file with vi or nano. It seems that any edits from the gui add character returns to the lines.

Link to comment
Share on other sites

So I've got dnsspoofing working. First off a little hint for using the Pineapple Surprise... Whatever directory you choose at the very beginning for the logfile actuallly needs to exist already along with an empty myrandomname.log file

$logFileName = "/sd/logs/myrandomname.log"; In other words for this line to work the /sd/logs/ directory needs to exist and to create the empty file I used

nano myrandomname.log then cntrl o then cntrl x

What lead me to this was the error I kept getting when turning on dnsspoof "can't get file"... After that it works like a charm but of course only for non https sites. I guess I was expecting the log file and directory to be created if it doesn't exist but that's just not in the code.

Finally for dnsspoofing an outside IP, well that just worked. I didn't change the stock redirect.php but I added

204.79.197.200 *

to the hosts file. Which of course routes every website it can to Bing.com.

Also of note: Using the Configuration Tile's DNS Spoof tab to edit the Hosts or the Index.php will result in extra characters ^M after each line that make them invalid BUT the dnsspoof infusion does not add the extra bogus ^M characters. But it only edits the Hosts. So for now make sure you SSH in and change the index.php file. Or go in and clean up the one you edited via the gui.

Link to comment
Share on other sites

Well maybe creating the empty file was overkill and only the folder needs to exist....

I've rechecked this evening after plugging my Mk5 back in, and dnsspoofing is still working internally and externally.

Edited by thesugarat
Link to comment
Share on other sites

An interesting feature of the Mark 5 and leaving the Pineapple Surprise in place… Even if I have DNSspoofing turned off, the Pineapple Surprise page comes up when I go to the IP address assigned to the Client Mode of the Pineapple from within the client network. In fact nmap show that the ssh port is open along with 80. You can ssh into the Pineapple from the client IP which isn't exactly surprising but the port 80 thing seems a little strange. The funny thing is nmap didn't catch port 1471 but it works as well.

I was also able to use the nmap infusion, connected to the pineapples AP with a 172 ip, to scan the client mode address range 192. But, I wasn't able to use nmap internally on my 192 network to scan the 172 range. Is that normal? I suspect it is and has everything to do with the pineapples routes that are setup that aren't set that way in my network but the Bacardi 151 rum in my brain is making things fuzzy tonight.

Link to comment
Share on other sites

  • 3 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...