bytedeez Posted August 17, 2014 Posted August 17, 2014 found some scripts for it here. http://www.ukhoneynet.org/2008/06/03/p0f-208-on-openwrt/ Not really a developer or i would do this myself. Quote
overwraith Posted August 17, 2014 Posted August 17, 2014 Nmap can do OS fingerprinting. Basically does port scanning/ other sophisticated techniques to determine what OS the target is. Somebody could probably make an app that automatically Nmap's the connected clients. Quote
DrDinosaur Posted August 17, 2014 Posted August 17, 2014 I'm getting a 404 on this one. Sounds like an interesting idea though. Quote
fringes Posted August 17, 2014 Posted August 17, 2014 The above link should be: http://www.ukhoneynet.org/2008/06/03/p0f-208-on-openwrt/ Nmap is not a replacement for p0f. p0f (Passive OS Fingerprinting), doesn't generate network traffic and if used properly is undetectable. While nmap can also do OS fingerprinting, it's very "loud." p0f 2.0.8, the version referenced above, was released in 2006-2007. Then development apparently stopped for 5 years or so and restarted in 2012 with a complete rewrite. The current version is 3.0.7b. I would be very interested to know if someone has compiled the latest version for use on the pineapple. The web page and downloads are here. Quote
Whistle Master Posted August 17, 2014 Posted August 17, 2014 (edited) I have built a p0f_3.07b-1_ar71xx.ipk package and a working binary, just need to make an infusion for it Edited August 17, 2014 by Whistle Master Quote
fringes Posted August 17, 2014 Posted August 17, 2014 I have a p0f_3.07b-1_ar71xx.ipk package and a working binary, just need to make an infusion for it Do you ever get tired of high praise? Quote
THCMinister Posted August 17, 2014 Posted August 17, 2014 I think it is what keeps him going :) Quote
bytedeez Posted August 17, 2014 Author Posted August 17, 2014 My main concern for this infusion would be how it would interact or possibly conflict with the new features. Quote
fringes Posted August 17, 2014 Posted August 17, 2014 Obviously the option that sticks a device into promiscuous mode might mess things up a bit, but this tool has been successfully embedded in a number of other tools and appliances. I think it may have applications in the pineapple beyond just a single infusion. I would love to see automatic fingerprinting of every client or browser that connects? BTW, p0f can process PCAP captures, so it might also be useful for post-processing. I thought it was a great idea damavox, let's see what Whistle Master comes up with. Quote
Whistle Master Posted August 17, 2014 Posted August 17, 2014 (edited) Don't worry, listening on br-lan interface is the way to go and does not mess stuff up I did some testing, it works well: root@Pineapple:/sd# p0f -i br-lan --- p0f 3.07b by Michal Zalewski <lcamtuf@coredump.cx> --- [+] Closed 1 file descriptor. [+] Loaded 320 signatures from '/etc/p0f/p0f.fp'. [+] Intercepting traffic on interface 'br-lan'. [+] Default packet filtering configured [+VLAN]. [+] Entered main event loop. .-[ 172.16.42.159/52876 -> 23.51.247.91/80 (syn) ]- | | client = 172.16.42.159/52876 | os = MacOS X 10.9 or newer (sometimes iPhone or iPad) | dist = 0 | params = none | raw_sig = 4:64+0:0:1460:65535,4:mss,nop,ws,nop,nop,ts,sok,eol+1:df,id+:0 | `---- .-[ 172.16.42.159/52876 -> 23.51.247.91/80 (mtu) ]- | | client = 172.16.42.159/52876 | link = Ethernet or modem | raw_mtu = 1500 | `---- .-[ 172.16.42.159/52876 -> 23.51.247.91/80 (syn+ack) ]- | | server = 23.51.247.91/80 | os = Linux 3.x | dist = 10 | params = none | raw_sig = 4:54+10:0:1460:mss*10,1:mss,sok,ts,nop,ws:df:0 | `---- .-[ 172.16.42.159/52876 -> 23.51.247.91/80 (mtu) ]- | | server = 23.51.247.91/80 | link = Ethernet or modem | raw_mtu = 1500 | `---- .-[ 172.16.42.159/52876 -> 23.51.247.91/80 (http request) ]- | | client = 172.16.42.159/52876 | app = ??? | lang = none | params = none | raw_sig = 0:Host,Connection=[close],User-Agent:Accept,Accept-Encoding,Accept-Language,Accept-Charset,Keep-Alive:CaptiveNetworkSupport-277.10.5 wispr | `---- Edited August 17, 2014 by Whistle Master Quote
Whistle Master Posted August 18, 2014 Posted August 18, 2014 (edited) Coming soon v1.0 is out ! Edited August 18, 2014 by Whistle Master Quote
ARDETROYA Posted August 18, 2014 Posted August 18, 2014 Whistle Master you are the best ;)! thanx for the infusion Quote
fringes Posted August 18, 2014 Posted August 18, 2014 What took you so long? Seriously, don't you ever get tired of all the praise? Thanks, I can't wait to get home and check it out. Quote
Guest spazi Posted August 21, 2014 Posted August 21, 2014 (edited) Damn Whistle Master, You da man!Now I just need to pull my head out of my ass and start playing with the Wifi Pineapple.Thanks buddy! :D Edited August 21, 2014 by spazi Quote
Foxtrot Posted August 21, 2014 Posted August 21, 2014 (edited) You used your own binary in this? I'm pretty sure you're not allowed to do that Edited August 21, 2014 by Foxtrot Quote
Whistle Master Posted August 22, 2014 Posted August 22, 2014 (edited) Foxtrot is right. I removed from the repository the infusion. I will send Seb my Makefile to build the p0f binary and will publish the infusion then. I lock the topic in the meantime. Edited August 22, 2014 by Whistle Master Quote
fringes Posted August 31, 2014 Posted August 31, 2014 (edited) While Seb was on holiday (being dragged around by tractors?), damavox asked about creating a p0f infusion. p0f is a passive OS fingerprinting tool that sends no packets to the host being fingerprinted. It is especially well suited for use in devices with connected clients, such as the pineapple. In short order, Whistle Master created an infusion. However, because this required a custom p0f binary, he pulled the infusion and locked the support topic, pending Seb's return. Now that Seb's back, I was wondering about the status. Can we get this turned back on? Edited August 31, 2014 by fringes Quote
m40295 Posted August 31, 2014 Posted August 31, 2014 I agree i liked p0f and would love to install it again Quote
fringes Posted September 2, 2014 Posted September 2, 2014 p0f infusion is back Thank you again. Quote
Mit0s1s Posted May 13, 2015 Posted May 13, 2015 Ive been out of the loop for awhile but this looks interesting. I have tried both installation methods, sd card and internal, but no luck When I start, it just jumps to "not running" after a second or so. any advice as to where to start hunting? Quote
Mit0s1s Posted May 13, 2015 Posted May 13, 2015 Never mind. Got it running. Some reason had to reset Pineapple to factory and reinstall. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.