DrDinosaur Posted January 8, 2014 Posted January 8, 2014 Hi, I'm testing some attacks with the pineapple. How would I perform a "Evil Twin" attack? Just copy the BSSID and SSID of the target network? Could you provide the exact commands or instructions because I've had some issues with the pineapple. I was having issues testing Karma. Does it not work on most devices now, or is there some technical glitch or misconfiguration in my testing? I turned on Karma on the pineapple. I forgot all networks on the devices except one open previously connected network. I turned Wi-Fi on the devices and many of them did not automatically connect to the pineapple (though a couple devices may have automatically). I only saw the probe requests on my Nexus 7. What's the correct way to test this? Say there is a network with WPA2 encryption. I know the key of that network. How can I set everything up so that I can deauth the AP or a client on that AP and have all or just that one client(s) connect to my evil AP? I couldn't get wlan0 to have an encrypted network so that the devices that just got deauthed could connect automatically with the same key. Again, specific instructions would be great because I don't want to say it doesn't work when it actually does. Lastly, what's a simple way to showcase code injection on HTTP? I know there is a module for that, so what's a good, simple script to showcase the injection? SSLstrip has issues on the web interface, so doing this with Kali or through SSH on the pineapple would be fine. Any details would be highly appreciated. Thank you! Quote
Kyle_xy Posted January 8, 2014 Posted January 8, 2014 For Karma, in my case, when you look at the device that looks for an AP, it sees the previously connected AP (even though they are not there) and it is not encrypted. so the user connects manually. it does not auto connect in my case. maybe because the "ask before connecting" option in most devices are always ON Quote
DrDinosaur Posted January 11, 2014 Author Posted January 11, 2014 For Karma, in my case, when you look at the device that looks for an AP, it sees the previously connected AP (even though they are not there) and it is not encrypted. so the user connects manually. it does not auto connect in my case. maybe because the "ask before connecting" option in most devices are always ON Not quite sure what you mean at the end of the first part. If anyone could help soon, that would really be great. Not sure why no one else has responded... Quote
yabasoya Posted January 11, 2014 Posted January 11, 2014 How would I perform a "Evil Twin" attack? Just copy the BSSID and SSID of the target network? Could you provide the exact commands or instructions because I've had some issues with the pineapple.You could use WinSCP and edit your /etc/config/wireless file. Add the encryption lines. Example: config 'wifi-iface' option 'device' 'wl0' option 'network' 'lan' option 'mode' 'ap' option 'ssid' 'MyWifiAP' option 'encryption' 'psk2' <----add this option 'key' 'secret passphrase' <----add this Good link http://wiki.openwrt.org/doc/uci/wireless Your wlan0 is far weaker than wlan1 and would have a relatively hard time overpowering your 'good twin'. You would have to be in better proximity to your victim client. You would then deauth the 'good twin' using wlan1. You would need to provide internet to your victim through a usb wifi (alfa), Ethernet, or a usb 3g modem. I was having issues testing Karma. Does it not work on most devices now, or is there some technical glitch or misconfiguration in my testing? I turned on Karma on the pineapple. I forgot all networks on the devices except one open previously connected network. I turned Wi-Fi on the devices and many of them did not automatically connect to the pineapple (though a couple devices may have automatically). I only saw the probe requests on my Nexus 7. What's the correct way to test this?Newer devices have a way of not falling into this trap. I name my wlan0 ssid 'attwifi' and I get a whole lot of connections. I'm not sure if it is with the way karma works but I'll get a connection through my wlan0 ssid 'attwifi' but not the karma version of 'attwifi' a lot of the time. You can probably recreate this by naming a router to attwifi, connect to it so it stores in your device. Shut off the router. Turn on the pineapple with karma. You may not automatically connect to it. Name your wlan0 to attwifi. You will probably autoconnect to that. At least that's my experience. Say there is a network with WPA2 encryption. I know the key of that network. How can I set everything up so that I can deauth the AP or a client on that AP and have all or just that one client(s) connect to my evil AP? I couldn't get wlan0 to have an encrypted network so that the devices that just got deauthed could connect automatically with the same key. Again, specific instructions would be great because I don't want to say it doesn't work when it actually does.1st answer Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.