samaritan Posted October 5, 2015 Posted October 5, 2015 Is it possible to rename the pineapple to for example "school-teachers" and if a teacher is trying to connect to the pineapple and he enters his credentials then the credentials will be logd and the pineapple would redirect his connection to "shool-students" or something else, but i need it to log credentials. Is this possible?Note: this is only a question, i will not use this for abusive purposes. Quote
cooper Posted October 5, 2015 Posted October 5, 2015 What you're asking is if you can MitM a client and grab its credentials using the pineapple. The answer is "maybe". Let's assume there's a "private" and a "public" wireless network. You have access to "public" but not to "private". You can set up the Pineapple to say it's either "private" or "public" but I would be amazed when "private" isn't at the very least WPA protected. The way a client device connects to a WPA-protected network using a pre-shared key (what the PSK in WPA-PSK stands for and it's the most common but certainly not the only method used) is by both sides proving to the other that they know the password without actually transmitting that password. Since your AP currently doesn't know this password it can show up as the "private" AP but client devices know that "private" uses WPA-PSK with key X and will only try to connect to it with that key. When the device discovers the AP doesn't know the (correct) key, it will refuse to connect to your AP. There are other means of protecting a wireless network that for instance involve certificates meaning that unless you get access to a private key that is (should be) only known to the AP, you're not going to be able to get your Pineapple to successfully pretend it's the real AP. What you can do is have your AP mimic the "public" network and send traffic it receives on to the real public network. While the traffic between the target device and whatever's on the network isn't encrypted you can see exactly what he/she/it's doing and even mangle it. Quote
samaritan Posted October 5, 2015 Author Posted October 5, 2015 What you're asking is if you can MitM a client and grab its credentials using the pineapple. The answer is "maybe". Let's assume there's a "private" and a "public" wireless network. You have access to "public" but not to "private". You can set up the Pineapple to say it's either "private" or "public" but I would be amazed when "private" isn't at the very least WPA protected. The way a client device connects to a WPA-protected network using a pre-shared key (what the PSK in WPA-PSK stands for and it's the most common but certainly not the only method used) is by both sides proving to the other that they know the password without actually transmitting that password. Since your AP currently doesn't know this password it can show up as the "private" AP but client devices know that "private" uses WPA-PSK with key X and will only try to connect to it with that key. When the device discovers the AP doesn't know the (correct) key, it will refuse to connect to your AP. There are other means of protecting a wireless network that for instance involve certificates meaning that unless you get access to a private key that is (should be) only known to the AP, you're not going to be able to get your Pineapple to successfully pretend it's the real AP. What you can do is have your AP mimic the "public" network and send traffic it receives on to the real public network. While the traffic between the target device and whatever's on the network isn't encrypted you can see exactly what he/she/it's doing and even mangle it. yea i want to make an access point through the pineapple but private, i do not need them to connect to it i just want to log they'r AP login credentials. like social engineering. Quote
cooper Posted October 6, 2015 Posted October 6, 2015 As I described, if "private" is a protected AP you can't pretend to be it before you know the password and because devices won't connect to you unless you already know the password you can't discover what the password is by doing so. So your only means of attack is against the AP directly, which is going to involve brute-forcing possible passwords. Google for "wordlist" and "hashcat". An alternative is to see which other APs the devices of your target want to connect to. Many places these days provide free open wifi and I'm not entirely sure on this but devices might pick the stronger signal over the more secure AP it has credentials for. So you could get your target to connect to your "mcdonalds" or "starbucs" or some such AP whose traffic you then simply route to the "public" network you have access to. Depending on the network services used by your target you might be able to see interesting traffic this way. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.