THCMinister Posted February 21, 2015 Share Posted February 21, 2015 There are more uses of the Wi-Fi pineapple than stripping secure traffic... Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted February 21, 2015 Share Posted February 21, 2015 The only thing i know of and i don't believe it works on the pineapple but their is a script called sslstrip2 and you need dns2proxy that is supposed to be the new way to defeat HSTS Quote Link to comment Share on other sites More sharing options...
DataHead Posted February 21, 2015 Share Posted February 21, 2015 while I don't know the feature set of the project, Seb has mentioned a few times about the MITM proxy he's been working on for the pineapple. So lets see what's in store with that feature wise before we start canceling out ability to strip secure traffic :-) Quote Link to comment Share on other sites More sharing options...
cheeto Posted February 22, 2015 Share Posted February 22, 2015 correct me if im wrong, but even if there happens to be a fix for HSTS, won't we need to also erase the victim's history or cache? Quote Link to comment Share on other sites More sharing options...
jackendra Posted February 22, 2015 Share Posted February 22, 2015 correct me if im wrong, but even if there happens to be a fix for HSTS, won't we need to also erase the victim's history or cache? I thought about that after I read what the first poster said. You would think so because thats how HSTS works, but maybe not. Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted February 22, 2015 Share Posted February 22, 2015 People use the Mark V for other things decides stripping SSL like i said if you wanna strip ssl you can still strip ssl on users who are connected to the pineapple anyone connected the the pineapple for that matter can strip ssl using ssl strip2 and dns2proxy Quote Link to comment Share on other sites More sharing options...
fringes Posted February 22, 2015 Share Posted February 22, 2015 @THCMinister and @ZaraByte, I've seen several posts today that made me want to reply that the pinapple isn't just a one-trick-pony. Thanks! Quote Link to comment Share on other sites More sharing options...
DataHead Posted February 22, 2015 Share Posted February 22, 2015 People use the Mark V for other things decides stripping SSL like i said if you wanna strip ssl you can still strip ssl on users who are connected to the pineapple anyone connected the the pineapple for that matter can strip ssl using ssl strip2 and dns2proxy Well, can also sslstrip with the pineapple connected to a different ap, and the clients connected to the external ap. Thanks to ettercaps arp poisoning and sslstrip :-) Quote Link to comment Share on other sites More sharing options...
THCMinister Posted February 22, 2015 Share Posted February 22, 2015 I mainly use mine to allow my coffee pot to have connectivity to my network. Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted February 22, 2015 Share Posted February 22, 2015 I use mine for a few things using it right now to collect SSID's from phones and devices in cars that pass by the house to look the SSID up online for other things i won't mention :3 Quote Link to comment Share on other sites More sharing options...
bytedeez Posted February 23, 2015 Share Posted February 23, 2015 The key to breaking the HSTS cycle is to force the client device to delete all web cache and browsing history and maybe cookies. My brilliant idea is to construct a captive portal that works in 1 of 3 ways. 1. Once "login" is clicked it clears all the cache in the background before proceeding. 2. Checks to see if the cache is cleared and if its not instructs the user to clear cache before allowing access. 3. Gives a Security warning to user advising the user to clear all cache. I'm not a dev of any kind so not sure if ways 1 and 2 are possible with the current features of the pineapple. The 3rd is the easiest option but at the same time its a hit or miss.... and more times a miss because its an optional extra step the user will have to take and since its optional most will opt out. Quote Link to comment Share on other sites More sharing options...
johnsteiner Posted February 24, 2015 Share Posted February 24, 2015 To be honest python on the mk5 is a pain in the a** ;-) So to get dns2proxy and sslstrip+ (or as they call it now sslstrip2) running i think the pineapple supergods have to jump in....;-) Quote Link to comment Share on other sites More sharing options...
Armbar2 Posted February 24, 2015 Share Posted February 24, 2015 No, there are a few other things on my list that take priority. Won't take too long though :) Best regards, Sebkinne Six months on, is this any closer to implementation as an infusion? Quote Link to comment Share on other sites More sharing options...
Blacksquid66 Posted August 6, 2015 Share Posted August 6, 2015 There are more uses of the Wi-Fi pineapple than stripping secure traffic... Can you tell me a couple. I just recently bought a wifi pineapple and I don't many infusions to use besides ssl strip. Quote Link to comment Share on other sites More sharing options...
jeble Posted October 19, 2015 Share Posted October 19, 2015 Any updates on the sslstrip2 Infusion for the Pineapple? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.