MITM with Dual Wifi Cards Help

[1337]

On previous setups I have done the following to perform a mitm:

1. Attached phone and turned usb tethering on

2. Placed wlan0 into monitor mode (mon0)

3. Started airbase-ng with an essid of Testnetwork to create the at0 interface

4. Ran ifconfig usb0 0.0.0.0 up; ifconfig at0 0.0.0.0 up.

5. Ran brctl addbr mitmbridge; brctl addif mitmbridge at0; brctl addif mitmbridge usb0

6. Brought up the mitmbridge interface with the ifconfig mitmbridge up command

7. Used dhcpcd mitmbridge command to get an ip from dhcp via phone

I'm having an issue trying to use one wireless card to connect to an open network an the other wireless card host an access point. I'm sure 100% sure how to use Karma. I've set an SSID and started the service, but my wireless devices aren't showing the access point. Here are the steps I have tried:

1. Identified which network card is in which mode...

wlan1 - Managed

wlan0 - Master

2. airmon-ng start wlan0 (created mon0)

3. airbase-ng --essid "testnetwork" -c 6 mon0 (created at0)

4. ifconfig at0 0.0.0.0 up

5. brctl addbr mitmbridge

6. brctl addif mitmbridge at0

7. brctl addif mitmbridge wlan1 (error operation not supported)

Some ubuntu forum user said to try "sudo iw dev wlan1 set 4addr on" so here I go again...

8. sudo iw dev wlan1 set 4addr on

9. brctl addif mitmbridge wlan1 (now it works and I can verify it with btctl show)

10. ifconfig mitmbridge up

11. dhcpcd mitm (it times out)

Anyone know why this isn't working?

[thesugarat]

You're doing all that on a pineapple Mk5? The default br-lan doesn't work for whatever MITM you're doing?

[Mit0s1s]

I just set wlan1 to connect to my phone then start karma. Viola mitm

[1337]

You're doing all that on a pineapple Mk5? The default br-lan doesn't work for whatever MITM you're doing?

The default br-lan interface bridges the eth0 and wlan0 interfaces. Wanting to bridge the two wireless interfaces. I'm going to be using the eth0 port only to manage the device via ssh.

I just set wlan1 to connect to my phone then start karma. Viola mitm

So you are using wlan1 to connect to your phone's access point? I apologize in advance, but I'm not understanding how the pineapple is the mitm?

[Mit0s1s]

i see what your saying, I wasn't using the eth0. so I am using wlan1 as the connection to my phone's hotspot access point which conects to the internet. then wlan0 is what my "test user" is gong to be connecting to through karma.

[1337]

i see what your saying, I wasn't using the eth0. so I am using wlan1 as the connection to my phone's hotspot access point which conects to the internet. then wlan0 is what my "test user" is gong to be connecting to through karma.

Thank you for your quick response. How are you routing the traffic from the wlan0 interface that the "test user" is connected to over to the wlan1 interface which is connected to your smartphone hotspot? Please feel free to provide step by step directions to see if I can duplicate it on my side. I've always had the impression before you can route traffic from one interface to the other, you have to create a bridge.

[thesugarat]

1337,

There is nothing to set. Wlan1 is setup on the wan side while eth0 and wlan0 are on the LAN side. When you connect wlan1 via client mode to your AP with Internet your default gateway updates to the gateway of the wlan1 provided network. So go back to default settings on your pineapple and connect your laptop or tablet to the pineapples wlan0 AP. Via the management page have the pineapples wlan1 connect to your AP. Then just open another tab in your browser and surf.

[1337]

1337,

There is nothing to set. Wlan1 is setup on the wan side while eth0 and wlan0 are on the LAN side. When you connect wlan1 via client mode to your AP with Internet your default gateway updates to the gateway of the wlan1 provided network. So go back to default settings on your pineapple and connect your laptop or tablet to the pineapples wlan0 AP. Via the management page have the pineapples wlan1 connect to your AP. Then just open another tab in your browser and surf.

Thank you thesugarat. This is what I've done:

1. Set the Pineapple device to the factory reset dip switches

2. Connected to the Pineapple Access Point with an iPad

3. Navigated over to http://172.16.42.1:1471

4. Configured a new password and accepted the license/reboot (flipping the dip switched back to factory settings which is all on)

5. Navigated back to http://172.16.42.1:1471

6. Enabled Wlan1 from the Network infusion (refreshed page to verify it says enabled)

7. Opened the Network infusion (again it shows wlan1 enabled)

8. Navigated to the Client Mode tab

-Here I'm asked to join a network (it doesn't tell me which wireless interface I'll be using)

9. I choose the SSID access point that my phone is broadcasting and connect to it.

As soon as I connect to my smarphone access point, my iPad loses connection to the pineapple and the Pineapple network is now unavailable. This is what I do next:

1. Attach the pineapple to my laptop Ethernet port and optain ip

2. I navigate to the http://172.16.42.1:1471 (it shows wlan1 disabled)

3. Click the Configuration infusion then go into Advanced tab

4. Running the command iwconfig shows both wlan1 and wlan0 are in managed mode.

The problem here is that wlan0 started out being in master mode (broadcasting Pineapple's SSID), then when you go into the Network infusion, it doesn't give you the option to connect to another access point using the wlan1 interface. Instead it just uses wlan0. How can I change this? Only temporary fix I know of at the moment (and haven't tested it because its 2:30am and need rest) is manually running iwconfig wlan1 essid <smartphonessid>; dhcpcd wlan1. What do you guys think?

[thesugarat]

Most likely what you are experiencing is the wifi info swap issue after a factory reset. It's covered under several posts. Try the command listed by Sebkinne here. https://forums.hak5.org/index.php?/topic/30787-card-switching/?p=231799

Also, since you did the factory reset you lost the update (if you did it) that provides a fix for the other issue with encryption. After you sort out the swap issue, log on to an open wifi with the Client mode tab, which is always going to use wlan1 as that is all that works on that card, and download the updates from the pineapple bar.

Every time you factory reset you're going to need to do this until new firmware is released.

[1337]

Most likely what you are experiencing is the wifi info swap issue after a factory reset. It's covered under several posts. Try the command listed by Sebkinne here. https://forums.hak5.org/index.php?/topic/30787-card-switching/?p=231799

Also, since you did the factory reset you lost the update (if you did it) that provides a fix for the other issue with encryption. After you sort out the swap issue, log on to an open wifi with the Client mode tab, which is always going to use wlan1 as that is all that works on that card, and download the updates from the pineapple bar.

Every time you factory reset you're going to need to do this until new firmware is released.

Thank you thesugarat. Everything appears to be working now. Here are the steps I had done:

1. Set the Pineapple device to the factory reset dip switches

2. Connected to the Pineapple Access Point with an iPad

3. Navigated over to http://172.16.42.1:1471

4. Configured a new password and accepted the license/reboot (flipping the dip switched back to factory settings which is all on)

5. Navigated back to http://172.16.42.1:1471

6. Enabled Wlan1 from the Network infusion (refreshed page to verify it says enabled)

7. Navigated to the Configuration infusion then Advanced tab to run the wifi detect > /etc/config/wireless && reboot command

8. When the pineapple restarted, I navigated back to http://172.16.42.1:1471

9. Enabled Wlan1 from the Network infusion (refreshed page to verify it says enabled)

10. Navigated to the Network infustion then Client Mode

-Here I'm asked to join a network

11. I choose the SSID access point that my phone is broadcasting and connect to it.

Now I have internet access on my tablet. Traceroute confirms that the traffic is flowing through the pineapple -> phone -> internet. Thank you guys very much.

[Boosted240]

Being new to the Pineapple, this thread was very helpful. I started out ICS over the LAN port via my laptop, now I'm doing it with the 2nd radio. Working perfectly.

[1337]

I apologize, but now I have a new issue.....sorry, just trying to work this out so I would have my documentation. With the exact same steps as mentioned before, I'm only able to connect to an open network. This is what I've tried:

1. Create WPA access point on my smartphone

2. Connect my iPad to the Pineapple access point

3. In the Client tab of the Network Infusion, I try to connect to the WPA network of my phone.

What happens is the iPad disconnects from the Pineapple and is no longer shown as a network I can connect to. I have to reboot the pineapple to get it to broadcast its network again.

[1337]

Also another note.....on my android tablet, it does the exact same thing, but instead of it not showing the Pineapple, it connects right back to the pineapple. So it disconnects then connects back up. Pineapple still not connected to my WPA phone access point.

[thesugarat]

When you connected without it being WPA protected did you run the updates from the Pineapple bar?

[1337]

I feel really dumb right now. I saw those updates which they had fixed all those issues I have mentioned. So from now on if I reset this to factory defaults I need to run wifi detect > /etc/config/wireless && reboot and do the updates.