Automated phishing script/infusion.

[techasist]

Hi all.

I've had my pineapple since it came out and have used it sparsely, mainly for WPS crack or DNSspoof.

Now, I understand that Karma is not the best feature of the pineapple anymore, therefore I would like to use my device to it's full potential.

Please help me to create a script or an infusion to achieve the following:

1. Use karma to broadcast a known SSID (like Starbucks Free or Free WiFi, etc...), I could use Karma autostart, I know, but let's say that I want to be able to also start the pineapple without Karma.

2. Once client is connected to pineapple, log their mac address to a file on SD card, and give them limited bandwidth (QoS?) to access web.

3. Spoof a login webpage such as Facebook or Gmail or a corporate login only if this page is requested; for any other requests, clients has normal access to web (can DNSSpoof spoof more than one webpage at a time?).

4. If client enters credentials such as Facebook or Gmail, credential are recorded together with mac address in a file on SD card.

5. Once credentials have been logged by pineapple, disconnect client from device and ban them from reconnecting for a certain amount of time so that they are forced to manually connect to real SSID.

6. Get all this to happen by using one of the DIP switches on the pineapple on power-up.

The final solution would be great, but I would like if possible to gain the necessary knowledge to do it myself and learn in the process.

By the way I'm on mac, use terminal for SSH and Fugu for SCP; if that has any importance.

Thanks for any input.

[iluvethreeway]

The concept is great, but this seems to be like you want to use this for blackhat activities. I dont trust in automated things, there are always something goes wrong. Good luck, I hope somebody creates this !

[DrDinosaur]

"Spoof a login webpage such as Facebook or Gmail" I think I've had issues with these well encrypted sites in the past with regards to DNS spoofing.

[ZaraByte]

I haven't figured how to setup phisher pages just yet on the new Mark 5 if it requires the same way as the Mark 4 forget that would be nice to have a phisher script that you can edit and save on the SD card for the pineapple.

So the long story is...

since hak5 doesn't support phishing pages atleast make a infusion where you can copy and paste or code a phisher page and then save it on the SD card.

I made my own phisher pages for facebook and twitter on my website all people had to do was place them in the /var/www folder and then turn on the apache service and redirect all the victims to the attacker machine where they would see the phisher page. Would be cool to have something like this for mark 5.

I wouldn't say this would be blackhat because think of some people are their that wouldn't believe you if you told them i could steal their logins using a fake facebook page.

Without phisher pages how could you show them how it can happen.

Yes it could be used for blackhat but what people choice to do with the information you make public is out of your hands.

Makking it public is how you make people aware.