Jump to content

On assignment - Disappointed with Mark V.


Recommended Posts

So I just want to bring to the attention of the experts..

We're currently on assignment and our Mark V is really dropping the ball for us.

Scenario 1.)
Pine AP - enabled

Karma MK5 - enabled

Beacon Responder - enabled

Harvester - Enabled


ettercap on br-lan, hit start.


hit start.

-- So long and short, we activate this.

Ettercap turns off / stops working after about 30 seconds. -- In otherwords it STOPS WORKING.

SSL Strip looks like its working

Pine AP, Karma, Beacon, Harvester all reset back to 'disabled' after about 5 minutes.

What am I doing wrong?

Scenario 2.)

To actually get ETTERCAP to work we've gone ahead and ssh'd into it

Via Putty

cd /sd

ettercap -Tq -i br-lan -w filename.pcap

This scenario works, but prevents us from enabling pineap or any of those options in the web browser.

sure enough

after about 30 minutes

It stops working too.

Can someone please tell me why this isn't working.

We bought hte pineapple with intention of using it for our pen testings. but so far its been headache after headache

We are having far more benefi from kali linux and simple etter capping the network that way

Ultimately we want to use the Mark V though

Please someone - anyone... :\

Sadly, not impresssed or happy at the moment.

I even followed the advice of Whistleblower in another thread, but still no dice -- it simply stops working.

Link to comment
Share on other sites

When i run ettercap the victim lose his connection, i get this error from ettercap:

SSL dissection needs a valid ‘redir_command_on’
Privileges dropped to UID 65534 GID 65534

Tried this:

But when i change it, ettercap still with the message:

SSL dissection needs a valid ‘redir_command_on’
Privileges dropped to UID 0 GID 0

I think it's a firmware issue because i test it with a reseting pineapple. I still losing my connection and without sniff nothing.

Edited by daniboy92
Link to comment
Share on other sites

Want to give an update as to where we're at.

We can't seem to locate the etter.conf file anywhere on the sd card (Where the infusion was installed to)

We're now looking for it on the pineapple itself...

We recently reset the pineapple to default settings (as if we unboxed for the first time.)

I went to the infusion pineapple bar, installed ettercap.

The Live Tile was 'red' and said Install dependancies.

We hit install and after a few moments the tile refreshed on its own and was green (normal).

We hit start and were greeted with the log

Listening on eth0... (Ethernet)

eth0 -> 00:13:37:A5:2D:8A invalid invalid

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file

Privileges dropped to UID 65534 GID 65534...

28 plugins

39 protocol dissectors

53 ports monitored

7587 mac vendor fingerprint

1698 tcp OS fingerprint

2183 known services

Starting Unified sniffing...

According to the link supplied by Whistleblower the goal is to edit the etter.conf file.

Our issue:

We can't find it ANYWHERE on the Pineapple?

Perhaps its in a certain folder?

We're happy to edit it, but still at this point can't seem to locate it...

Is this happening to everyone who installs ettercap?

Did we screw something up?

-- Update 4:37

Changed the UID's to 0 -- Still getting the error

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file

So what we did was went to

line 168 and 169 and removed the # on the ip_tables line.

I cant help but feel like we've done something wrong here in general.

There is no way everyone is experiencing the same problem as us..

Any and all assistance would be greatly appreciated on resolving this issue....

-- Update 4:57pm.

1.) Reinstalled Pineapple factory settings.

2.) Installed Ettercap infusion

3.) Large Tile was 'red' with INSTALL link on it.

4.) Clicked install

5.) Waited a few moments, the tile refreshed on its own

6.) Hit 'start' on the br-lan interface

7.) Received error

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file

Privileges dropped to UID 65534 GID 65534...

8.) Used Whistleblowers link and putty'd our way onto the pineapple

nano /etc/etter.conf

9.) changed ec_uid and ec_gid to 0 and SAVED the file.

10.) Attempted to run ettercap, and was given the same SSL error, however it now says

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file

Privileges droped to UID 0 GID 0...

11.) SSH'd back into the pineapple and opened

/etc/etter.conf once again

12.) Modified

Line 168 and 169 and unhashed the iptables for SSL Forwarding.

13.) Saved the file, rebooted the pineapple and now it appears that it may be working..

Tested it with internet explorer.

We also took the time to ssh in and run

cat /proc/sys/net/ipv4/ip_forward

Which displayed 0.

I guess in the end, it looks like its working, albeit slower than molasses on a cold winter day.

This is a lot of work from the simple 'select the interface and hit start' we originally recieved.

Personally, I'd love to know did we do something wrong?

When I hit install on the large tile when it was in red, should I have waited, should something else have happened?

Did we edit the right file.

Overall, Whistleblower, can you please give us an update on how we're doing, if we messed up in the process.

and perhaps would it be best to reinstall 'again' but perhaps wait longer on the 'install' click in the large tile?

Forever greatful,

(You should PM me your paypal if you ahve one, happy to donate.)

Edited by Urieal
Link to comment
Share on other sites

1.) I'm navigating to the pineapple bar and selecting ettercap.

I'm installing it to SD Storage.


2.) The main tile page refreshes and I'm greeted with a red tile (Ettercap)
I've let it sit for almost 20 minutes, - nothing -

I decided to hit Install at the bottom and WAIT.


3.) Eventually the tab is refreshed and I get this as a popup.


4.) I select br-lan and hit start and am greeted with the following:
ANyone connect to the device loses internet..


At this stage of the game we've been advised to change the ged and uid to 0 in etter.conf

(This file is located in /etc/etter.conf -- not to be confused with the /usr/ path linked in the guide from WhistleBlower earlier).

Link to comment
Share on other sites

Step 6.) We went back into the etter.conf file, have changed the uid / gid in step 5 AND proceeded to remove the #'s surrounding ip forwarding. We then rebooted the pineapple and restarted ettercap.
Clients connected to the Pineapple still have internet at this point and redir_command_on is no longer showing.

It 'appears' to be fixed...


Link to comment
Share on other sites

We've got it working now, -we think-, internet is still active for users whom are connected and in partnership with sslstrip all seems to be operational.

Thus, the question.

- Earlier on it was advised that if installed correctly, you simply select your interface and hit start..... clearly in our attempts this did not work.

Is this a known problem, did we skip a step, is there something we're not seeing here?

We'll be on deployment this Tuesday for about a week.... and want to bring the pineapple along for the assessment -- however, until I know for sure its certain I right now have a fewhundred dollar paperweight.

Anyone able to chime in?

Link to comment
Share on other sites

I'd recommend you take a look at this thread:


Towards the bottom is how we got it to work (AND) keep the internet sharing alive.

Still waiting on an official word, but the above worked well for us...

Thank you Urieal,

I was reading and making all your steps and now my ettercap doesn't show 'SSL dissection needs a valid ‘redir_command_on', but still losing internet connection. I run ettercap with sslstrip, i will try only sslstrip and ettercap alone, and see if there is a problem running both.

EDIT: There is a strange issue with ettercap definitely... I run sslstrip alone, and works perfect, with 80% speed loading webs.

Then run ettercap alone and doesn't work. Running both, obviously not.

After that, change UID and GID again to 65534 and reboot it. Try sslstrip alone, perfect. Try ettercap, works with a slow connection. Running both, loads more slowly and then, lose internet again...

I think if there is a problem with ettercap alone or also with sslstrip's compatibilities.

EDIT2: I forgot to set echo 1 > /proc/sys/net/ipv4/ip_forward, setting this now i have working ettercap+sslstrip perfectly.

Also change again UID and GID to 0.

Edited by daniboy92
Link to comment
Share on other sites

You aren't the only. I have this issue and can't get a working ettercap with sslstrip and even without it.

I just get eliminate the error message from SSL dissection and was making all your tips, with a simple installation I was getting that error and losing Internet.

EDIT: Ok, i forget to set echo 1 > /proc/sys/net/ipv4/ip_forward , everytime ettercap it's ON this value change. It's necessary to set this value each time.

Edited by daniboy92
Link to comment
Share on other sites

Don't forget that infusion are most of the time interface to existing tools, such as ettercap, and normal linux principles are still valid on the pineapple (e.g. conf files in /etc/), so you were correct to put etter.conf in /etc/.

That's said, I could integrate the configuration changes (UID to 0 and redir_command_on) at the first install of the infusion. Maybe for next version ;)

Edited by Whistle Master
Link to comment
Share on other sites

This reminds me, any chance getting ettercap/other packages updated? Updates to the pineapple firmware are great, Sebs done a fanstastic job. The MKV has no problem getting a bunch of clients, recon/scanning is pretty much covered, we now need more tools for exploit and maintaining access.

The current version is 7 years old. I posted this ticket a couple months back: https://wifipineapple.com/?portal&bugs&action=view&id=141 , understand packaging isn't straight forward from link in the ticket, and most of the packages are based on the OpenWrt repository, so it may take some time.

Here is is the changelog from the current OpenWrtw package, 0.7.3, to 0.8.0:

0.8.0-Lacassagne 20130921

!! Fixed some problems in fork and execve usage in case of command failure (sslstrip)
!! Fixed dropping privileges for remote_browser plugin ran as root
!! Fixed infinite loop when a http GET was issued on the attacker browser, while remote_browser was active
!! Fixed some "atexit" bad references
!! Fixed plugin load on text interface, if no number were entered
!! Fixed problem spotted when ethtool wasn't installed on the machine
!! Fixed old "ethereal" references
!! Fixed missing newlines in printf
!! Switching to ps2pdf as default (from ps2pdf13), it should point to ps2pdf14 on all distros
!! Fix cmake file, dropped MACPORTS_BASE_DIRECTORY
!! Fix problem in "stopping attacks" window not properly shown in gtk
!! Fix problem in wrong pcap file saving
!! Fix issue in send_udp function
!! Fix problem in libnet rc detection
!! Fix restore ip_forward by retrying up to 5 times
!! Fix socket issues
!! Fix for hex format display
!! New send_tcp function, taking payload and length
!! Fixed memory leak in remote browser plugin
!! Fixed comparison bug in ec_decode
!! Fixed UI input for GTK
!! Fixed some memory leaks
!! Fixed man pages and AUTHORS file
!! Fixes in sslstrip plugin
!! Many etter.dns fixes
!! Many documentation fixes
!! A ton of refactors/fixes in Cmake scripts
!! Fix GTK crash when scanning hosts
!! Fix build failure on Mac OS X 10.6
!! Crash fix in target selection
!! Disabled UID change for remote browser plugin
!! Fixed remote browser plugin
!! A ton of fixes in protocols and dissectors (dhcp, http, ppp, mpls)
+ New ettercap logo
+ Renamed help menu to "?", to avoid double "H" shortcut
+ New WARN_MSG warning message
+ Added message in DHCP spoofing when no mitm has started
+ New horizontal scrollbar for messages in gtk view
+ Disabled offload warning messages (only in Release mode)
+ New ettercap-pkexec, policy and ettercap.desktop files for launching ettercap -G as a normal user with sudo privileges
+ Automatic host list refresh in GTK GUI after scanning
+ New fraggle plugin attack
+ New fields in etter.fields file
+ Cherry picked debian patches (svg icon)
+ Added content print on http dissector
+ Added support for negative dns replies
+ Creation of (experimental) unit tests
+ Creation of (experimental) libettercap
+ Now you can build just the ettercap library (libettercap) without any GUIs
+ Added travis-ci support
+ DNS spoofing for IPv6 addresses
+ PDF Docs generation is not optional
+ Added SRV query handling to DNS spoof
+ New mDNS spoof plugin
+ New low level decoders
+ New decoder for ip over pppoe
+ Added PPP DLT to interfaces
+ Add experimental Lua support to Ettercap
+ New Bundle libnet and curl
+ Full support for wifi decrypting (wep and wpa)
- Disabled update feature (not working anymore and not secure)
- Deprecated napster dissector

0.7.6-Locard 20130327

!! Fixed some parsing errors
!! Fixes to TN3270 dissector and SSL Strip
!! PostgreSQL dissector: Update output format to reflect release syntax
for John the Ripper 1.7.9-Jumbo-8. The old format is still supported,
but deprecated.
!! Fixed memory leak in SSL Strip plugin
!! Fixed check in invalid ip header
!! Fixed QoS packets handling (they aren't dropped anymore)
!! Fix in o5logon Heap Corruption
!! New and updated OUI file
!! Some memory leaks fixed
!! Fixed some bugs in return values and fstat failures handling
!! Fixed a bug in some password display (didn't get null terminated)
!! Many fixes in gcc warnings when building
!! Better cmake module to find curl and libnet
!! Fixed bug in filters load
!! Fixes in HTTP and HTTPs protocols
!! Fixed UI deadlock
!! Fixes in tcp and http handling (infinite loop and crash)
!! Better reads in BGP to avoid invalid reads
+ New logo
+ Added ascii FQDN support to DHCP ACK
+ Added UA parsing to http packets
+ Added support for IPv4 and IPv6 Tunnels
+ New mDNS dissector
+ Added PPI support (per packet information) for wireless captures
+ Ensure that we find required packages with cmake
+ New clean-all cmake target
+ Print a message when done reading PCAP file
- Removed 'u' and 'p' fields from etter.fields 20130201

!! Fixed ncurses host scan crash (already fixed in
!! Fixed ppp connection crash (already fixed in
!! Fixed only MiTM mode selecting text interface
+ Changed to version to help distributions. 20130129

!! applied patch to fix CVE-2012-0722
!! fixed username detection in TN3270 dissector
+ Added new private-key and certificate-file options for SSL MiTM
+ Fix for crash in ncurses multiple scan for host mode
+ Fix for crash in ppp0 connections 20130103

!! fixed set_blocking() method preventing SSL MiTM from working
!! changed SSLStrip plugin to use PCRE
!! more improvements to SSLStrip plugin
+ Added MySQL 5.x dissector
+ Added O5Logon dissector
+ Added iSCSI CHAP dissector
+ Added TN3270 dissector
+ Added MongoDB dissector

0.7.5-Assimilation 20121015

!! fixed more memory leaks
!! improved GTK GUI
!! changed build system to CMake.
+ Added IPv6 poisoning and capture.
+ Added NBNS spoof plugin.
+ Added SSLStrip Plugin (EXPERIMENTAL)

0.7.4-Lazarus 20111202

!! fixed resource depletion issue
!! buffer access out-of-bounds issues
!! fixed DNS dissector not working on 64bit systems
!! multiple buffer overflows
!! multiple memory leaks
!! multiple files with obsolete code
!! fixed SEND L3 errors experienced by some users
!! fixed a compilation error under Mac OS X Lion
!! updated build system
(Please see bug track for issue specifics)

NG-0.7.4 2005

+ added the radius dissector
+ go into unoffensive mode if libnet initialization fails
!! etterfilter now accepts empty blocks
!! the log files are closed on SIGTERM
!! fixed a compilation error under Mac OS X Tiger
!! fixed an improper handling of wdg_dynlist callback
!! fixed bound checking in some dissectors

@Barry/hfam: Thanks. Now I am humming a 20+ (?) year old song. Even at points of silence, I feel like Michael is quietly whispering the song into my ear over my shoulder, really looking forward to sleeping tonight. I owe you a beer and a slap. :P Good job on the lyrics between you and hfam. :)

Edit: Spelling

Edited by mw3demo
Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...