Access Point configuration change

[p28312]

I just updated to firmware 2.1.0 -

The client access point SSID was reset, and when I go to change it, I get a an error 'invalid CSRF token'. I cannot change the hidden checkbox either (same error).

Another question - isn't this the network I want my targets to connect to - why would I want this to be hidden?

[m40295]

Try rebooting that error only showed once for me

For your second question

pineap and karma would create ssids to connnect to

So having a hidden open ap. would be more stealth. When not running a attack

+10000 to the team beautiful

Edited December 8, 2014 by m40295

[p28312]

Agreed - this update looks awesome. I've tried rebooting (a few times) and that has not helped. Are you connected wirelessly or wired when configuring that? (just trying to see if there is anything that could be different..)

[m40295]

I do it all via wifi using mobile

Samsung s3

Moto zoom

[Sebkinne]

I'm looking into this in a little bit, we can push updates to infusions via the pineapple bar.

Best regards,

Sebkinne

[Sebkinne]

I cannot reproduce this issue, what browser are you using when you have this issue? Could you try chrome or Firefox?

Best regards,

Sebkinne

[Exploit112]

I got the same error many times when trying to save. It happends in all browsers

[p28312]

It fails in IE 11 11.0.9879.0 (windows 8.1 x64). It worked in Chrome version 31.0.1650.63

[arachnida]

Same on iOS iPad.

[Sebkinne]

That it fails on IE is clear - we do not support it.

We do not own any apple devices for testing, but will get this issue fixed ASAP.

Does Firefox / chrome on iOS also not work?

Best regards,

Sebkinne

[arachnida]

There is no real FF browser for the iPad AFAIK. Chrome and Terra, that can mimic several browsers, both don't work.

Exit: Nor does Mercury.

Edited December 9, 2014 by arachnida

[Sebkinne]

Right, then what I remembered regarding Webbrowsers on iOS is correct: they all use the same engine.

The reason this issue exists is because of how we silently inject the csrf protection token into all jquery post requests. Sadly, different browsers implement FormData a little differently, so the injection simply fails, resulting in the error you are getting.

Luckily, I have can get my hands on a Mac later and should be able to see what the issue is.

Best regards,

Sebkinne

[Sebkinne]

Firmware version 2.1.1 has been released with a fix for iOS / Safari browsers not appending the CSRF token correctly.

Thanks for everyone hat reported this issue.

Best Regards,

Sebkinne

[arachnida]

Thank you, great support! Will try it out later this afternoon.

[arachnida]

I can confirm that iOS Safari now works fine!

Thx!