IvanDoe Posted July 30, 2015 Share Posted July 30, 2015 Few months ago i started working on pineapple infusion but it ended up being alot bigger project. I made a php/mysql script and the way it works is MITMf injects javascript(xss) code into each page, and there is web script that manages clients with various xss "options" like cookie stealing, jskeylogger etc... Each clients history and captures can be viewed on a timeline. You don't have to use mitmf, you can use whatever application you want as long as you inject code with necessary information. You can find out more about it, how to set it and download it here > https://github.com/ivangr0zni/mitm-grabb3r Quote Link to comment Share on other sites More sharing options...
cooper Posted July 30, 2015 Share Posted July 30, 2015 Looks pretty slick. Nice job. Quote Link to comment Share on other sites More sharing options...
WPA3 Posted July 30, 2015 Share Posted July 30, 2015 Very nice , thanks for sharing. Quote Link to comment Share on other sites More sharing options...
InfiniteDevelopment Posted August 6, 2015 Share Posted August 6, 2015 Very l33t work. I would love more docs about set up though! ;) Its a bit confusing exaclty how to set this up. Quote Link to comment Share on other sites More sharing options...
IvanDoe Posted August 6, 2015 Author Share Posted August 6, 2015 It's pretty much all there on github but if some part isn't clear feel free to ask :) Quote Link to comment Share on other sites More sharing options...
InfiniteDevelopment Posted August 8, 2015 Share Posted August 8, 2015 So I guess how do we get started with this using the Pineapple? If you give me some instructions and a bit of guidance I will volunteer my time to making a video for it. :) 1. When I boot up my pineapple, how do I get your infusion installed? 2. After installation what should the infusion settings be? 3. How do we connect this local data back to the VPS running the dashboard? Quote Link to comment Share on other sites More sharing options...
IvanDoe Posted August 9, 2015 Author Share Posted August 9, 2015 This isn't infusion for pineapple, it's a script that works with or without wifi pineapple but it needs MITMf software. I made it and released it here since i was expecting(as many others) this last pineapple firmware to have MITMf included... You will have to use some other linux box in combination with wifi pineapple to use mitm grabb3r. I use raspberry pi 2 with kali linux to run mitmf and script and wifi pineapple to do wifi stuff. Quote Link to comment Share on other sites More sharing options...
IvanDoe Posted August 9, 2015 Author Share Posted August 9, 2015 You could use strip-n-inject (i think that is name of infusion) to inject grabber code but the way script is set is it needs clients ip, i have limited knowledge of pineapple API but i don't think there is easy way for strip-n-inject to pass client ip. Even if that would work you still coudln't use script on ssl websites ( thats where MITMf comes in with its hsts ssl options). Quote Link to comment Share on other sites More sharing options...
InfiniteDevelopment Posted August 18, 2015 Share Posted August 18, 2015 strip-n-inject hasn't worked for me one time. More than not I have to reboot the Pine when I try and use it. I would love to use some of these features but its such a limited topic I think most of my research will be very new. I will keep the community in the loop when I get something worth sharing. :) Quote Link to comment Share on other sites More sharing options...
IvanDoe Posted September 19, 2015 Author Share Posted September 19, 2015 Yes, copy files to www, import mysql db and edit config files Replace mitmf plugin and you should be ready to go :) Quote Link to comment Share on other sites More sharing options...
IvanDoe Posted September 20, 2015 Author Share Posted September 20, 2015 It says on github what files to edit in script, google for mysql import for database Quote Link to comment Share on other sites More sharing options...
mendoza Posted October 6, 2015 Share Posted October 6, 2015 Hi @IvanDoe . Great work, congrats! I tried to install your script and iam getting this error: Fatal error: Class 'Cookie' not found in /var/www/html/www/includes/Login.class.php on line 11 What iam doing wrong?? Thanks in advance :D Quote Link to comment Share on other sites More sharing options...
IvanDoe Posted October 6, 2015 Author Share Posted October 6, 2015 What page did you open when that happend? I tested script on windows and linux but it looks like include error. Maybe Cookie.class.php is empty? Try and delete all files and download/unzip/git clone again Quote Link to comment Share on other sites More sharing options...
mendoza Posted October 6, 2015 Share Posted October 6, 2015 wow. thanks for the quick respond. I tried with Kali Linux 2.0 (sana) and the Cookie.class.php file seems to be right :S . The error appears in index Quote Link to comment Share on other sites More sharing options...
IvanDoe Posted October 6, 2015 Author Share Posted October 6, 2015 Try and put full include on index.php or functions.php and see if that changes anything require_once ('includes/functions.php');to require_once ('/var/www/html/www/includes/functions.php'); now that i see it /var/www/html/www/ doesn't look right either Try and put script into root folder of web server. Quote Link to comment Share on other sites More sharing options...
InfiniteDevelopment Posted February 17, 2016 Share Posted February 17, 2016 This isn't infusion for pineapple, it's a script that works with or without wifi pineapple but it needs MITMf software. I made it and released it here since i was expecting(as many others) this last pineapple firmware to have MITMf included... You will have to use some other linux box in combination with wifi pineapple to use mitm grabb3r. I use raspberry pi 2 with kali linux to run mitmf and script and wifi pineapple to do wifi stuff. Now that I have more knowledge of MITM and the pineapple. I feel secure that this will be a fun project. Are you still maintaining it? I would also like to know of possible ways to inject once I have clients on the pineapple. Maybe evil portal? Or am I missing a step? I get that your base is just a UI for the exisiting functions of MITMf correct? Quote Link to comment Share on other sites More sharing options...
IvanDoe Posted February 18, 2016 Author Share Posted February 18, 2016 Now that I have more knowledge of MITM and the pineapple. I feel secure that this will be a fun project. Are you still maintaining it? I would also like to know of possible ways to inject once I have clients on the pineapple. Maybe evil portal? Or am I missing a step? I get that your base is just a UI for the exisiting functions of MITMf correct? Hey :) I didn't update project for awhile since it worked pretty much as it should. I don't think evil portal would work for something like this. The way i would use it is have pineapple "collect" clients, and raspberry pi would run MITMf and run mitm attack and collect data. Raspberry pi would be connected via eithernet to pineapple. https://bettercap.org/ turned into really great project and i was thinking of getting that working with my script soon. I have few extra ideas but since i have MKV and current firmware isn't the most stable i am waiting for new firmware of NANO and TETRA to get ported to MKV. Firmware was supposed to be released this month, not sure if that is still true. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.