Jump to content

Owned My Neighborhood & android app ?...

JackChitt

By JackChitt
in WiFi Pineapple Mark V

 Share

Recommended Posts

thesugarat Newbie

thesugarat

Posted
Posted

How do u do that? Opening only sorters ports? DNS spoofing? Or phishing ?

That is DNSspoofing with a redirect to a phishing page... But the problem with spoofing all traffic to the pineapple (172.16.42.1 *) is that a lot of those apps use https. Wouldn't those still get through?

Link to comment
Share on other sites
NullNull Newbie

NullNull

Posted
Posted

That is DNSspoofing with a redirect to a phishing page... But the problem with spoofing all traffic to the pineapple (172.16.42.1 *) is that a lot of those apps use https. Wouldn't those still get through?

Yes, you are correct! Many apps (eg Facebook app) are using https. I never use this method with my pineapple connected to the internet and none of the traffic pases through those apps so i forgot this detail.

Link to comment
Share on other sites
tom564 Newbie

tom564

Posted
Posted

That is DNSspoofing with a redirect to a phishing page... But the problem with spoofing all traffic to the pineapple (172.16.42.1 *) is that a lot of those apps use https. Wouldn't those still get through?

The DNS querys are still done unencrypted with HTTPS so i think DNSspoof should still work. the problem i think you would have is the browser moaning about the cert not matching etc.

Link to comment
Share on other sites
NullNull Newbie

NullNull

Posted
Posted

The DNS querys are still done unencrypted with HTTPS so i think DNSspoof should still work. the problem i think you would have is the browser moaning about the cert not matching etc.

The app will get a successful connection and nothing will change. Just tested!!

Link to comment
Share on other sites
JackChitt Newbie

JackChitt

Posted
  • Author
Posted

@JackChitt Could you please share your Androrat setup with everyone?

I will make a short video tutorial when I get my replacement Pineapple in the mail. Seeing as how I will have to set it up again myself. And as far as your antenna question goes, I see no reason why it shouldn't work as long as you have the correct adapters to connect it to your pineapple.

Link to comment
Share on other sites
cptprice Newbie

cptprice

Posted
Posted

I will make a short video tutorial when I get my replacement Pineapple in the mail. Seeing as how I will have to set it up again myself. And as far as your antenna question goes, I see no reason why it shouldn't work as long as you have the correct adapters to connect it to your pineapple.

Thanx, i will be waiting for your video tutorial. Also have you ever tried Yagi Antenna with alfa AWUS036H? I think that alfa supports max of 9dbi antenna, will yagi work being 16-18dbi?

Link to comment
Share on other sites
ElfDevDK Newbie

ElfDevDK

Posted
Posted

Correct me if I'm wrong but isn't it just a matter of finding out how the app and the server speeches to each other like using wireshark to spy on your phones mac and then first try to logout after doing that I think you will need to decrypt the username and password by first entering the whole alphabet both as username and password then check in wireshark what's going on and after that enter A 8 times in both fields read from wireshark what's going on then B, C, D and so on last do the same thing with numbers when your done you should be able to send the logout request to the server and when the user tries to logon you can read and decrypt it again this is just an idea and I haven't tested it before I'm not responsible for what you do please check your local laws before doing this

PS please share the decryption table

Peace

Link to comment
Share on other sites
tom564 Newbie

tom564

Posted
Posted

Correct me if I'm wrong but isn't it just a matter of finding out how the app and the server speeches to each other like using wireshark to spy on your phones mac and then first try to logout after doing that I think you will need to decrypt the username and password by first entering the whole alphabet both as username and password then check in wireshark what's going on and after that enter A 8 times in both fields read from wireshark what's going on then B, C, D and so on last do the same thing with numbers when your done you should be able to send the logout request to the server and when the user tries to logon you can read and decrypt it again this is just an idea and I haven't tested it before I'm not responsible for what you do please check your local laws before doing this

PS please share the decryption table

Peace

HTTPS is not that simple to decrypt, you can't just share a decryption table as a new symmetric key is derived for each session AFAIK. You need to either attack an application that does not check the validity of the SSL cert and use one that you sign or somehow obtain a trusted certificate signed by a CA for the site you wish to impersonate.

Link to comment
Share on other sites
JackChitt Newbie

JackChitt

Posted
  • Author
Posted

Thanx, i will be waiting for your video tutorial. Also have you ever tried Yagi Antenna with alfa AWUS036H? I think that alfa supports max of 9dbi antenna, will yagi work being 16-18dbi?

Umm.. Who told you there was a limitation? Your yagi will work fine. I had one myself for a while. A yagi in an unidirectional antenna. It will pick up a wide spread of signals. The 24dbi grid I have is a directional antenna. It is used to holm in on an exact location from a distance. I have the 036H and 036NHA alfas and there is no limit on the antenna you connect it to as long as its a 2.4 band.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...