Jump to content

Defending against WiFi Pineapple on OS X


zxi
 Share

Recommended Posts

Hi,

I haven't see any solutions as to how to defend against the wifi pineapple, so I made a quick script to do so on os x. It uses a whitelist of networks that you trust (non-open networks) and will check os x preferred networks periodically (you must set a cron job to do so) and remove any non whitelisted entries.

#!/bin/bash
# prevent automatic ssid association to hotspot honeypots (wifi pineapple) by removing non whitelisted ssids from os x preferred networks (run as cron job)

whitelist=('ssidname1' 'ssidname2')

if [ ${#whitelist[@]} -eq 0 ]; then
	echo "you must define ssid names in the whitelist."
	exit 1
fi

IFS=$'\n';
num=0
wifi=`networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2`
ssids=( $(networksetup -listpreferredwirelessnetworks $wifi | sed -n '1!p' | sed 's/	//g') )

echo "-> starting wifi pineapple defense"
echo "-> checking for new preferred networks on $wifi.."
for i in "${ssids[@]}"; do
	if [[ "${whitelist[*]}" =~ $i ]]; then
		:
	else
		networksetup -removepreferredwirelessnetwork $wifi $i
		let num=num+1
	fi
done
echo "-> finished, removed ($num) entries"
Link to comment
Share on other sites

A good script. The problem comes when you are connecting to open networks so have to disable it, there is then a window of opportunity for an attacker to go in as an evil twin.

Does the listpreferredwirelessnetworks command return the type of network? If so then you could also automatically remove any open networks you'd accidentaly trusted, just make sure you give a warning if you do.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...