wolfdale Posted August 11, 2014 Posted August 11, 2014 (edited) Hi guys, i'm struggling with this for the past few days. I want to supply internet to the wifi pineapple via an ethernet cord connected to my router. I'm using dhcp on my router with the standard addresses 192.168.0.X. Darren in one thread recommended setting proto dhcp for the lan interface on the pineapple. The bad news is that i'm no longer man in the middle with the pineapple, because the main router is now providing addresses and acting as DHCP server. I've no idea if this is possible, but I want to use the pineapple dhcp for the wireless interface (wlan0) and use the router dhcp for the ethernet interface to provide internet. I've tried looking at openwrt documentation, but I need help on this one. If anyone is doing something like this already, maybe can help me shed some light on this matter. Thanks in advance ! Edit should have posted the guide earlier, sorry here it is: So here is how I did it. First you have to unbridge wireless and ethernet interfaces. This is because the wireless interface (the one on wlan0, with the access point) must have its own DHCP server to be able to sniff packets, otherwise the DHCP server on the main router will do all the work and you won't be Man in the middle (which is what we want!) Edit /etc/config/wireless and modify only the config regarding radio0, only the line "option network lan" has to be changed. config wifi-iface option device radio0 option network wifi option mode ap option ssid Pineapple5_08B7 option encryption none Now to create that network you have to edit /etc/config/network add: config interface wifi option proto static option ipaddr 172.16.42.1 option netmask 255.255.255.0 and modify 'lan' interface as follows: config interface lan option ifname eth0 option proto dhcp This means that eth0 will get dhcp from the main router, but the wifi will use the usual pineapple static IP. Now to add DHCP to our wifi edit /etc/config/dhcp and add config 'dhcp' 'wifi' option 'interface' 'wifi' option 'start' '100' option 'limit' '150' option 'leasetime' '12h' to the file. Now the most important part, the firewall ! Edit /etc/config/firewall add: To allow traffic from the wireless interface to flow to the main router. config zone option name wifi list network 'wifi' option input ACCEPT option output ACCEPT option forward ACCEPT Now this part is not on the guide, but I did some research. I did not want clients on the pineapple to be able to access my main LAN. So I added the following rule: config rule option src wifi option dest lan option dest_ip 192.168.2.0/24 option target REJECT Now all traffic except ping is not allowed to my LAN (as you can see i'm using the following IP for the main router, 192.168.2.0, change it accordingly to the IP you are using). To block PING also you have to block ICMP traffic. I have not tested it, but this should work config rule option src wifi option dest lan option proto icmp option icmp_type echo-request option target REJECT Edited August 13, 2014 by wolfdale Quote
wolfdale Posted August 11, 2014 Author Posted August 11, 2014 Some more Google foo solved my problem ! I followed this guide http://wiki.openwrt.org/doc/recipes/routedap but if anyone needs some help I can help you now. Quote
NovaSam Posted August 12, 2014 Posted August 12, 2014 I see what your talking about. I'm trying to do something similar by connecting two Pineapple Routers together, with the new pineapple plug I got at Defcon. This guide is helpful, as it explains the default routing behavior a little more (very important when working with pineapples). I'm using the First pineapple to setup the internet client connection, as well as a WPA2 (a little more secure) access to manage both routers. Then I use the second pineapple to work the rest of the other attacks, although I can continue to use the first one for recon, and other stuff. Still toying with the whole idea of using multiple fruits to keep everyone on their feet ;) Quote
wolfdale Posted August 12, 2014 Author Posted August 12, 2014 Good idea! You could also use one Alfa awus036nh from the hackshop to get that fast wifi connection, and save yourself one pineapple for another deployment. At the moment i'm using a dd-wrt router in client mode to supply internet via ethernet cable to the pineapple, as I found out it was faster than client-mode with the pineapple alone (of course :P) Quote
barry99705 Posted August 12, 2014 Posted August 12, 2014 I see what your talking about. I'm trying to do something similar by connecting two Pineapple Routers together, with the new pineapple plug I got at Defcon. This guide is helpful, as it explains the default routing behavior a little more (very important when working with pineapples). I'm using the First pineapple to setup the internet client connection, as well as a WPA2 (a little more secure) access to manage both routers. Then I use the second pineapple to work the rest of the other attacks, although I can continue to use the first one for recon, and other stuff. Still toying with the whole idea of using multiple fruits to keep everyone on their feet ;) What's the plug look like? It's not in the store yet. Quote
dustbyter Posted August 13, 2014 Posted August 13, 2014 barry99705 - The pineapple plug is a device that allows you to physically "marry" two pineapples and then makes them act like 4 radios. Configuration is still required of the pineapples to set up the routing. Look at the video from wifi village at defcon. Darren and Seb discussed it there. Quote
danixdefcon5 Posted August 13, 2014 Posted August 13, 2014 I see what your talking about. I'm trying to do something similar by connecting two Pineapple Routers together, with the new pineapple plug I got at Defcon. This guide is helpful, as it explains the default routing behavior a little more (very important when working with pineapples). I'm using the First pineapple to setup the internet client connection, as well as a WPA2 (a little more secure) access to manage both routers. Then I use the second pineapple to work the rest of the other attacks, although I can continue to use the first one for recon, and other stuff. Still toying with the whole idea of using multiple fruits to keep everyone on their feet ;) Which plug? Do you mean the Alfa adapter? I got the OTG kit which included that one :) Quote
Darren Kitchen Posted August 13, 2014 Posted August 13, 2014 We haven't released it on the shop yet. Will be up next week. A DHCP configuration switch and Tango Mode detection will be included in a future firmware. Quote
danixdefcon5 Posted August 13, 2014 Posted August 13, 2014 barry99705 - The pineapple plug is a device that allows you to physically "marry" two pineapples and then makes them act like 4 radios. Configuration is still required of the pineapples to set up the routing. Look at the video from wifi village at defcon. Darren and Seb discussed it there. Doh! Post came out too late, you already answered the question. Oh well, I only got one Pineapple, but it sounds quite interesting. As it is, I'm using the ALFA radio plug so that I can have 3 radios available … Quote
wolfdale Posted August 13, 2014 Author Posted August 13, 2014 I edited my main post with the steps I did to get my setup working. Hope it helps. Quote
sUbZeRo Posted August 16, 2014 Posted August 16, 2014 I followed the steps outlined above and the pineapple can access the internet but the wireless clients can't. My router has the same IP as the original post 192.168.0.1. In the details i see the line "option dest_ip 192.168.2.0/24". How does that work with the router at 192.168.0.1? Any ideas why this isnt working? Quote
renegade117 Posted August 18, 2014 Posted August 18, 2014 I am having the same results as sUbZeRo following these steps, even after a factory reset and rebooting the device after making the changes. The Pineapple itself has an internet connection, showing a proper IP address in the network tile and I am able to download infusions and such, but wireless clients are not able to connect to the net. Running firmware 2.0.3. Quote
mpr0317 Posted August 23, 2014 Posted August 23, 2014 I followed the steps outlined above and the pineapple can access the internet but the wireless clients can't. My router has the same IP as the original post 192.168.0.1. In the details i see the line "option dest_ip 192.168.2.0/24". How does that work with the router at 192.168.0.1? Any ideas why this isnt working? Well, the /24 is denoting the subnet. That just means the dest_ip will be in the same subnet represented by the 254 IPs in the 192.168.2.x subnet. I am also having the issue with the internet, however. I can access internet through the pineapple itself to download infusions, but the ICS is not working, and if it does, it is only for a few seconds. I don't know why, but I have had very little success with much of what the MKV has to offer thus far. Quote
wolfdale Posted November 9, 2014 Author Posted November 9, 2014 Ops, sorry for the late reply. Apparently my configurations don't work with 2.0.4 (I was testing with 2.0.2). I solved it by adding the option masq 1 for the lan zone. You have to edit /etc/config firewall and add masquerading: config zone option name lan option network 'lan' option input ACCEPT option output ACCEPT option forward ACCEPT option masq '1' You also have to add forwarding from wifi to wan (append it in /etc/config firewall) config forwarding option src wifi option dest wan This works again for me. If you have any problem post your issue here, I'll check this thread more often, I promise :P Quote
fringes Posted November 10, 2014 Posted November 10, 2014 This seems like a candidate page for the wiki. Quote
Sebkinne Posted November 10, 2014 Posted November 10, 2014 This seems like a candidate page for the wiki. We finally built this into the next firmware, which will go into beta today. Best regards, Sebkinne Quote
DataHead Posted November 13, 2014 Posted November 13, 2014 (edited) would a simple crossover cable work for this reason? or is it too dependant on the fw and config of the users router and pineapple. havent tried it yet, but if someone else has, feel free to chirp in :) and seb, where can we find this beta FW? Edited November 13, 2014 by datahead Quote
pla12 Posted November 23, 2014 Posted November 23, 2014 We finally built this into the next firmware, which will go into beta today. Best regards, Sebkinne Did this new Beta come yet? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.