Mark V Questions - General

[calguy]

Hello,

Just got my pineapple and flashed firmware, and watching some videos and have several questions.

1) I see that Dogma is used to transmit beacon frames at very high rates to respond to probe requests. Still it's a timing issue, and wouldn't a laptop connect to the highest signal strength (real AP)? On that same topic, what is the signal strength of the wifi radio on the Pineapple relative to that of a typical wifi router? With the included antennas , what are distance limitations?

2) When testing, if you want to target say 3 laptops, not the entire building, or area, can you specify the mac addresses of three? I saw that it has provision to offer one?

3) Realism.. one thing that concerns me -> if you turn it on, and it populates a large number of ssids, if you look at the wireless icon (which I always do), you would see two of every ssid, the real one, and the non secure one, ie: linksys with a lock, linksys without a lock, .... and a complete list. This certainly is a major tip off, and also very obvious. Thoughts on this?

4) Know about sslstrip (hsts) , dnsspoof, and the comments about dns caching. Yes, you can do things with routing which were mentioned, but there was talk about a new mitm, i believe mitmf project. Anything new in that arena?

5) What infusions for the Mark V are your favorites in pentesting?

Thank you! I'm glad to be part of this extremely interesting community.

[apkehler]

I just received my pineapple as well, so I don't know that can provide an authoritative response, however I can talk about my experience.

In regards to 3), I also noticed the duplicate SSIDs showing up on all clients in the area and decided that this was too "loud". What I did was simply turn off Harvester and those went away. I think the AP is still effective because Dogma/Karma/Beacon Response are still responding to probe requests and I'm still seeing devices connecting to my AP without broadcasting them to the world.

The other issue I noted, and sorry to hijack the thread, is that the MAC of the Pineapple shows up in tools like "wifi analyzer" as "ORIENT POWER HOME NETWORK", which would certainly tip off any security folks that a rogue AP is set up. So I tried changing the MAC address of the AP so that the first half mimic'd the MAC of a known brand such as Cisco. However, after I changed the MAC through the web interface, I had a heck of a time getting general network connectivity to work. Note that I was in Client-Mode on wlan1 and connected via Ethernet; don't know if those are relevant facts or not. Could someone publish some procedures for changing the MAC on wlan0 without messing up the networking?

[calguy]

Hi

Does anyone have any thoughts on any of my above questions?

Thank you