How many devices are vulnerable to Pineapple?

[Newusersz]

I am really unsure if I want to buy this. So many stuff are getting patched, for example SSLstrip and SSLsplit. I know we have alternatives for these methods (Phising and fake certificate), but I am wondering how many devices are actually vulnerable to the different attacks of the Pineapple?

For example, can we for example deauthenticate all kinds of devices? (I know there are some cisco firewall that has management frame protection).

The probe requests that gets sent out by different devices, can the Pineapple force these devices to connect to them by "telling" them that this is a trusted network they have connected to before? (For example home network). Or are there limitations to this?

The whole point of this thread is the downsides of the WIFI Pineapple. I am ending up spending $400 on all of the equipment for the Pineapple, so I want to make sure there are no major downsides of this product.

When I bought the rubber ducky I was really disappointing because of the driver installation time, sometimes it took over 5 minutes, and this was not the kind of information that was available anywhere. I don't want to be disappointed in the Pineapple and waste $400 if there are lower rate of success because things are getting patched daily.

[Rkiver]

Vulnerabilities are patched every single day, but new ones are discovered every single day.

So to answer your question, how long is a piece of string? This question doesn't have an exact answer. But as long as devices use wifi and continue to work as they do, they can be de-authed and forced to connect.

But let me put it this way, your overall attitude to what this is and what it can be used for should inform you more than what the device is in and of itself. If you don't want to give it a try, don't.

[sud0nick]

Most successful attacks come from the user's laziness. People don't keep their systems up to date like they should nor do they harden their systems. People will install anything and everything that they want, opening ports without even knowing, and not pay attention to the risks. You know there are still many organizations running Windows XP right? There are a lot of people that just don't want to change their system because it is familiar. You won't get everyone but you will get some. When performing a pentest on an organization you will most likely trick a few people.

Edited February 13, 2015 by sud0nick

[Armaal]

Most successful attacks come from the user's laziness. People don't keep their systems up to date like they should nor do they harden their systems. People will install anything and everything that they want, opening ports without even knowing, and not pay attention to the risks. You know there are still many organizations running Windows XP right? There are a lot of people that out there that just don't want to change their system because it is familiar. You won't get everyone but you will get some. When performing a pentest on an organization you will most likely trick a few people.

"Most successful attacks come from the user's laziness"

Yes & yes.

Edited February 13, 2015 by Armaal