Jump to content

Forcing a Client to Talk with or without the Pineapple


Recommended Posts

Hi All,

I have a question regarding the pineapple but a bit of background would probably be helpful. On a daily basis my job is to hunt down and remove unauthorized WiFi devices people accidentally bring into a very large building. My management has decided they don't want any outside WiFi devices and have put money into technical solutions.

I have an enterprise solution that can put me to within 20 meters of the target device. This system will provide me with the MAC address of the offending WiFi device. Once I am in the area, I have a WiFi sniffer that will give me a MAC address readout with it's associated RSSI. Before the pineapple I would wait for the device to broadcast every 30 seconds to 20 minutes depending the device's broadcast frequency. Tracking could take hours. The pineapple really changed the game. When the device connects to the pineapple the hunting time drops fantastically. In the best of scenarios the WiFi device pushes out a steady stream of RF breadcrumbs to the pineapple that allow me to track it down.

Here's the problem. There are many devices I've come across that the pineapple cannot ensnare. At last check my pineapple is blasting about 400 different SSIDs to attract attention but the fish aren't biting.

Anyway, here's my question. Is there anything I can do to get these devices (mostly phones) to just respond. I have the MAC address. I know I am within range. Is there anything I can do, pineapple or not, to just get these devices to just chirp. I'm not at all interested in connecting. I just need a steady, repeatable response to assist with tracking.

I know this may be a bit of an odd application but any ideas would be greatly appreciated.

Thanks for any help you can provide.


Link to comment
Share on other sites

  • 3 weeks later...

Thanks for the responses. Finally getting back to this after the holidays.

Usually what will happen is I will actually see the phones sending out a broadcast, so I know the they are not turning off wifi. I know when a phone is in the area and I even know its MAC address. From time to time the pineapple will work, but it is not often. I'd say I can grab an unassociated client 20% of the time. When I do get the phone to associate, I can locate the phone quickly, otherwise I have to wait around for another broadcast packet and very slowly close in on it.

One thing to note is that almost every phone I've found has been in an idle state. Most people don't realize they have brought the device in with them. I'm starting to suspect that some devices will send a broadcast packet but will not respond when the device is in an idle state (ie Turned on but not direct use). I do not know if this assumption is true.

However, I'm still curious if there is some way to craft a transmission to these idle devices and forces them to talk back. Even if the response is "Shut up and go away. I'm not talking to you," that would completely change the game for me. I have no desire for the devices to associate in the first place, I just need to get them to be chatty.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...