Got PineAP(not pineapple) questions? Let me answer them!

[BeNe]

I think in the future we'll make the red LED light up while PineAP is enabled as a further indicator.

Allright! Please think about some warnings and information.

Case1 -> If i want to use wlan1 as client mode -> display a warning like "If you use wlan1 here you will be unable to use PineAP."

Case2 -> if you want to enable PineAP and wlan1 up -> "PineAP uses wlan1 which is in use from another process! Continue anyway?"

Add an Information to the PineAP site that the suite is running on wlan1 to avaid problems

[p28312]

Im trying to make a client (I control) use PineAP. I start PineAP and Dogma, I use the target's MAC address and leave the source default (br-lan). The client does not connect - do I have to force a deauth to the real AP? I tried on the client to disconnect and reconnect - no luck. When I run Karma, I pick up a lot of other devices, but not my target. Im positive I have the target MAC address correct.

Thanks in advance

[pabo2uk]

Hi Seb,

Got a few questions for you.........

So, im starting to get my head round the new PineAP suite - Would I be right in saying that........

Harvester = When enabled, this collects Probes from WiFi devices and lists them in the SSID management list.

Dogma = When enabled, uses the SSID list that was created by Harvester, and assists Karma in replying to the probes? If so, how does this help Karma?

Beacons = Similar to Dogma, helps in assisting Karma?? Maybe??

What is the PineAP Configuration tab used for? The 'General' section has a source and target MAC address fields. The source field is clearly itself (The Pineapple [so, why can you change the MAC?]). The target field is obvious! When this is set, what is happening? Not sure what the Beacon Responses are.

Thanks

[lunokhod]

Hi Seb,

Why do I see "successful associations" in the Karma Log, but then nothing associated appearing at the top of the log window, nor in the Intelligence Report.

My thinking (possibly) is that the device that has associated with the honeypot wlan0 access point has not stayed around long enough to be given an IP address by the DHCP server in the Mk V.

Any thoughts?

Lunokhod

[p28312]

my understanding is you do not need to enable karma to use dogma. I see it as karma and dogma may achieve the same goal, but they do it differently. Another difference is that dogma can be targeted, karma cannot. Beacon response assists both karma and dogma by reinforcing the association to the pineapple.

I still don't understand a few things

1. do I have to force deauth after I enable dogma or karma? or will my targets be convinced to associate to my pineapple?

2. if the target is associated with a secure AP (like wpa2) - does this change how we use these tools?

3. I still cant get my target to associate (see my above post).

thanks

Jeffrey

[johnjdoe]

Harvester = When enabled, this collects Probes from WiFi devices and lists them in the SSID management list.

Dogma = When enabled, uses the SSID list that was created by Harvester, and assists Karma in replying to the probes? If so, how does this help Karma?

Beacons = Similar to Dogma, helps in assisting Karma?? Maybe??

I received this answer who could help you perhaps:

KARMA: Karma Attacks Radioed Machines Automatically

KARMA's job is to trick WiFi-enabled devices (i.e. computers, smartphones, etc.) into connecting to the Pineapple. Here's how it works:

Most devices are continuously searching for networks that they've previously connected to so they can automatically reestablish a connection. To do this, the devices send out probe requests. KARMA listens for those probe requests. When KARMA sees a probe request, it clones the network that the device is searching for and responds to the device. In other words, KARMA tricks the device into believing that the Pineapple is the network that it's looking for. This causes the device to connect to the Pineapple.

Beacon response is basically the new probe response. It's needed to exploit devices that are no longer susceptible to the traditional KARMA probe request/ response method.

Harvester is used to harvest information from probe requests. Probe requests contain information about the access point that the device is searching for.

Dogma gives you the ability to respond to a single probe request or respond to all probe requests. Before, KARMA would automatically respond to all probe requests. Dogma helps you to be more target-oriented.

[pabo2uk]

I've noticed that the Harvester feature doesn't pick up all probes. For example I have at least 5 AP's my iPhone has connected to on a regular basis, but Harvester only picks up one.

[pabo2uk]

Excellent stuff thanks JD

[p28312]

Here is my setup - I have the Pineapple with the external USB antenna (wlan2)

br-lan: 172.16.42.1 00:13:37:A5:3E:9D

Wlan0: 00:13:37:A5:3E:9D

Wlan0-1: 02:13:37:A5:3E:9D

Wlan1: 00:13:37:97:0F:6B

Wlan2: 192.168.1.61 00:C0:CA:85:25:A5

destination Gateway Mask IFace

Default - 192.168.1.254 0.0.0.0 wlan2

172.16.42.0 * 255.255.255.0 br-lan

192.168.1.0 * 255.255.255.0 wlan2

Wlan0: enabled

Wlan1: enabled (I started this, it was disabled)

I start PineAP, wait for it to start

I start Beacon Response

I start Dogma - go to the infusion, click on PineAP

Source is 00:13:37:A5:3E:9D

Target is ff:ff:ff:ff:ff:ff - I replace this with my target's MAC - F4:B7:E2:67:F2:69, then I click 'Save Settings'

and wait.. (Karma is NOT started, no other infusions are running)

I do not see my target associating with the pineapple.

Am I missing a step or doing something incorrectly? I have wireshark loaded on the target, and I do not see any traffic coming from my pineapple AP (I was assuming it would be either the 192.168.1.61 or 172.16.42.1..probably the latter).

Thanks in advance, I really appreciate anybody's assistance.

[Sebkinne]

Here is my setup - I have the Pineapple with the external USB antenna (wlan2)

br-lan: 172.16.42.1 00:13:37:A5:3E:9D

Wlan0: 00:13:37:A5:3E:9D

Wlan0-1: 02:13:37:A5:3E:9D

Wlan1: 00:13:37:97:0F:6B

Wlan2: 192.168.1.61 00:C0:CA:85:25:A5

destination Gateway Mask IFace

Default - 192.168.1.254 0.0.0.0 wlan2

172.16.42.0 * 255.255.255.0 br-lan

192.168.1.0 * 255.255.255.0 wlan2

Wlan0: enabled

Wlan1: enabled (I started this, it was disabled)

I start PineAP, wait for it to start

I start Beacon Response

I start Dogma - go to the infusion, click on PineAP

Source is 00:13:37:A5:3E:9D

Target is ff:ff:ff:ff:ff:ff - I replace this with my target's MAC - F4:B7:E2:67:F2:69, then I click 'Save Settings'

and wait.. (Karma is NOT started, no other infusions are running)

I do not see my target associating with the pineapple.

Am I missing a step or doing something incorrectly? I have wireshark loaded on the target, and I do not see any traffic coming from my pineapple AP (I was assuming it would be either the 192.168.1.61 or 172.16.42.1..probably the latter).

Thanks in advance, I really appreciate anybody's assistance.

Karma needs to be enabled. We are revamping the suite soon to be a bit more intuitive.

Best regards,

Sebkinne

[p28312]

Thanks for such a quick response. In this case, I assume I will need to whitelist the MAC address, otherwise Karma will try to associate all targets?

[medudder]

Hi fellas,

My apologies if this question has been covered but I honestly can't find a clear answer.

My doubt is what's the benefit of PineAP+Karma+Dogma+Harvester etc.?

Let's say a victim is connected to my MKV. Well, where can I go from there? Sslstrip isn't too effective anymore. DNS redirecting has it's issues as well.

Again, I'm sorry if im missing something here. (I'm sure I probably am)

Thanks!!

[cheeto]

Hi folks,

I'm trying to run PineAP along with Dogma,Karma,Harvester, Beacon response PLUS DEAUTH.

Unfortunately every time i fire up PineAP (with Dogma,Karma,Harvester, Beacon response) my WLAN1 is disabled thus stopping my Deauth attack.

Is there anyway to run both Deauth and Dogma,Karma,Harvester, Beacon response at the same time through WLAN1?

thanks

[Sebkinne]

Hi folks,

I'm trying to run PineAP along with Dogma,Karma,Harvester, Beacon response PLUS DEAUTH.

Unfortunately every time i fire up PineAP (with Dogma,Karma,Harvester, Beacon response) my WLAN1 is disabled thus stopping my Deauth attack.

Is there anyway to run both Deauth and Dogma,Karma,Harvester, Beacon response at the same time through WLAN1?

thanks

Works for me. You should be using mon0 for deauth and wlan1 should be down. If you can't use the infusions, use the cli - it definitely works.

Best regards,

Sebkinne

[cheeto]

Hi Seb, Thanks for jumping in.

I can assure you that this combo does not Deauth pc's> WLAN1 is down + mon0

It does however deauth Smartphones. (IOS and Android)

When Wlan1 is up and mon0 it will deauth everything including pcs. The drawback is that the PineAP infusions require WLAN1 down.

By the way, I'm using the following configuration: Method MDK3. Blacklisting only 1 AP (mine) . Number of deauths to send: 0, Sleeping time in seconds: 10, Mode: Whitlist

[Sebkinne]

Cheeto, I can deauth every device I own while running pineap and having wlan1 down.

The reason wlan1 needs to be down is due to channel hopping not working otherwise.

Best regards,

Sebkinne

[cheeto]

Seb, I made a video of what i'm doing.

Given that this thread is for "PineAp" I'm going to move this topic to: [support] WiFi Deauth

Please take a look, I can assure that there is something wrong.

Many thanks!

[Whistle Master]

Number of deauths and sleeping time, as noted in the configuration tab of the infusion, is ONLY for aireplay-ng, not mdk3.

By the way, I'm using the following configuration: Method MDK3. Blacklisting only 1 AP (mine) . Number of deauths to send: 0, Sleeping time in seconds: 10, Mode: Whitlist

[cheeto]

Ok, I think im making some progress, but you won't believe what going on. Something is defiantly wrong. I'll be posting in the Deauth thread.

[StefanLueders]

This is really appreciated. Here I go:

I am collecting since a while for SSIDs. Oftern, those are similar and I would like to remove a few false-positives. I do per "PineAP Configuration" / Remove. However, this is not persistent. Once a removed SSID recurs it is listed again... How can I blacklist them forever?

Thanks! S>>L

P.S. The Karma lists are still empty??!

[Digitalic]

If I know the password of a specific Wireless network, can PineAP automatically spoof/clone this network and deauth clients on the real network to force them to join the honeypot network?

If the answer is yes, can this be done if the password for this network is not known as well?

Thanks in advance.

[Armaal]

If I know the password of a specific Wireless network, can PineAP automatically spoof/clone this network and deauth clients on the real network to force them to join the honeypot network?

If the answer is yes, can this be done if the password for this network is not known as well?

Thanks in advance.

PineAP cannot craft special beacons from a secured network (like WPA2) even if you have the password

Karma method for 10 years now is working ONLY with open network

In your case you can create the same ESSID / Channel and on other hand perfom a deauth packets

Edited January 14, 2015 by Armaal

[Digitalic]

PineAP cannot craft special beacons from a secured network (like WPA2) even if you have the password

Karma method for 10 years now is working ONLY with open network

In your case you can create the same ESSID / Channel and on other hand perfom a deauth packets

Is that automated in any way on PineAP? Because I can currently do that just fine with a regular TP Link nano router but the setup takes too much time.

[SixKids]

Can the DeAuth tool in the Recon mode DeAuth clients that are associated with a WPA2 AP? (I cannot seem to do this, therefore I am asking).

[SixKids]

Second question, I have multiple APs (all WPA2), while my neighbors don't (yet)..

The issues is that I selected one of the APs in the Recon Mode, and added it to the PineAP SSID Management List.

I am Running Karma. I cleared the PineAP SSID Management List, restarted Karma, and noticed the following in the Karma Log:

Jan 18 20:43:15 KARMA: ESSID found in black list mode so not accepting the probe
Jan 18 20:43:15 KARMA: Match found, leaving loop
Jan 18 20:43:15 KARMA: Checking ESSID WhaleFamily against WhaleFamily
Jan 18 20:43:15 KARMA: ESSID found in black list mode so not accepting the probe
Jan 18 20:43:15 KARMA: Match found, leaving loop
Jan 18 20:43:15 KARMA: Checking ESSID WhaleFamily against WhaleFamily
Jan 18 20:42:53 KARMA: ESSID found in black list mode so not accepting the probe
Jan 18 20:42:53 KARMA: Match found, leaving loop
Jan 18 20:42:53 KARMA: Checking ESSID WhaleFamily against WhaleFamily
Jan 18 20:42:53 KARMA: ESSID found in black list mode so not accepting the probe
Jan 18 20:42:53 KARMA: Match found, leaving loop
Jan 18 20:42:53 KARMA: Checking ESSID WhaleFamily against WhaleFamily

Why?

If I add the AP from Recon Mode, is is supposed to be added to a 'Black List' as well?

Thanks.