Jump to content

Advanced Evil Twin?


dclay
 Share

Recommended Posts

thank you for your reply....i'm familiar with this video and wifi phisher but what im looking for is a technique to bring up a pop up like an authentic access point......is it possible??

all assumming im using this in a legal way

Link to comment
Share on other sites

I re-read your post and I think I understand. I believe you want to mimic a WPA2 AP such that a user that connects is challenged by their own OS software for the key. But you want to capture that key at the AP. No, for the user to get that challenge, it must be a real WPA/WPA2 AP. I suppose there might be some way to capture the key they entered, although the handshake would fail. This would take some research though. I would never say there's no way to do it because breaking security is what we do. However, I believe this would be a hard nut to crack.

So I believe a simpler question would be: Is there any facility for the WiFi pineapple (or any AP) to capture invalid keys? Almost certainly not, and if you capture the hash, you still have to crack it. (A deauth attack is easier.)

The above video and WiFiphisher both use social engineering attacks to capture the WPA2 key, because that's the easy (perhaps only) way other than capturing the handshake and performing a brute-force password attack.

Edited by fringes
Link to comment
Share on other sites

I think you missed my point. The pineapple does create a real acccess point. And if it's WPA or WPA2, the user will be challenged (by his own software) when he attempts to connect. I think WPA2 is pretty solid for now. The known attacks are well documented.

Edit: Are you asking if PineAP can throw up WPA2 APs?

Edited by fringes
Link to comment
Share on other sites

yes to both of you and btw thank you both for answering me and helping me out.............now i want very simply to make the pineapple act more real than it already does. So, in effect, i would like to make an wpa2 access point and when the user is challenged with the wpa2 key it would be sent/saved so i can read it (sql, or txt/log)...i have been researching php and i wanted to know if i could use a cropped php page and make it work with $POST???

Link to comment
Share on other sites

currently we depend on a level of stupidty for our attacks to work, so to enhance our effectiveness I'm trying to learn how to close that gap......no one else has tried full WPA2 access point emulation?? i know im not the first to think of it.

Link to comment
Share on other sites

For your client/victim to be challenged, you would have to provide an WPA2 AP. If you do that, the password they enter will be hashed before being returned to AP. A deauth attack would be easier.

For the user to receive your fake challenge, you already would have your own malware on the victim's machine. If you can do that, you don't need to capture just an AP password; you'd already own their box.

The WPA2 handshake is network, not web related.

A practical and effective way to capture the AP password is with the SE attacks described above by J5x86.

Link to comment
Share on other sites

The problem wpa2 emulation with a different password than what the real wpa2 network has, it will still be encrypted packets.

You can however successfully clone a wpa2 network if you know the real wpa2 networks password, and use the same mac address, channell etc. But makes it pointless because we would have to already know the password.

I think the best we will get for this kind of information gathering, would be with Linset. Its not quite what you are wanting, but it works great

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...