Jump to content
Sign in to follow this  
IMcPwn

Concern on Web UI Security

Recommended Posts

Hi, I really love the new UI design, besides the pre-login phase. It looks as below:

FKNiMt5l.png

Initially this concerned me because I thought it showed data in the background before you logged in which is false.

Later when I was learning the new API on my own I developed a module called "Reboot" that does as expected, reboots and turns off the machine. My problem is the below is shown even before I log in:

5dlgTgxl.png

In the background there is a leak of information about the module. This can be viewed for any module that's installed to see what the Pineapple owner might be doing or working on. Would it be possible to have an option to force a user to look at a generic login page before viewing anything or do you think that would be excessive?

Thanks for the consideration

Share this post


Link to post
Share on other sites

I noticed the same thing as well IMcPwn. I was going to dig into the html a bit and see if I can't change the logo and "WIFI Pineapple" text to be a bit more...inconspicuous. Not that a layperson would have any idea, but if they googled WIFI Pineapple you'd be busted immediately. I'd prefer it to be a bit more subtle, along the lines of "Router Login Page" or something similar. I'll let you know if I find the location of that field if you're interested in changing it yourself.

telot

Share this post


Link to post
Share on other sites

herp derp. was right in /pineapple/index.html line 78. Couldn't be easier.

uVDBh4e.png

EDIT: Thanks audibleblink! I'll change that too!

telot

Edited by telot

Share this post


Link to post
Share on other sites

I'd prefer it to be a bit more subtle, along the lines of "Router Login Page" or something similar. I'll let you know if I find the location of that field if you're interested in changing it yourself.

Now that is a good idea.

Share this post


Link to post
Share on other sites

One might also add:

.modal {
  background-color: black
}

to the css file in the same folder (or through the advanced tab) to black out the areas behind the modal until a more permanent solution is found.

dh0wOJY.png

Edited by audibleblink

Share this post


Link to post
Share on other sites

Glad you all agree and I'm liking the ideas! Specifically I'll be trying editing the CSS.

Hopefully we'll see what Seb or Darren have to say for a more permanent solution.

Share this post


Link to post
Share on other sites

haha I changed the logo.png to a cisco logo for extra fun :)

T3znqOM.png

telot

  • Upvote 2

Share this post


Link to post
Share on other sites

Thanks audioblink! Appending your code to /pineapple/css/main.css worked like a charm. Good stuff!

telot

Share this post


Link to post
Share on other sites

One might also add:

.modal {
  background-color: black
}

@audibleblink I have been messing with the CSS for the past few weeks and that visible background has been bugging the heck out of me thanks for pointing out that format line I finally have all my CSS running in a fairly streamline format minus a few borders here and there...

455d828747.png
8d531a84ca.png
3e57aed56b.png
Ok ok I know I have a little bit to much of a Hitman liking but hey it works and for me the Red on Black is a lot easier to read and deal with for extented periods of time then the bright white...

Share this post


Link to post
Share on other sites

The old "close your tab" comes in handy here, if you are concerned about people reading your screen.

I can also blank the page, if this is a bigger concern.

Best regards,

Sebkinne

  • Upvote 1

Share this post


Link to post
Share on other sites

I think the concern may be if a connected target joins the network then for some reasons getting curious as to what might be hosted on port 1471 of the gateway. -- ya know, like your average users tend to do, right?

That edge case aside, I'd say given the creativity of the community as illustrated above, this may be an opportunity for a fun module.

Also -- I like your CSS Havenbreaker! One of the initial dream features has been a dark "1337 mode" (for night time use) but we keep pushing it back as it's rather low priority. It seems you've already taken a pretty good stab at it :)

  • Upvote 1

Share this post


Link to post
Share on other sites

I think the concern may be if a connected target joins the network then for some reasons getting curious as to what might be hosted on port 1471 of the gateway. -- ya know, like your average users tend to do, right?

That edge case aside, I'd say given the creativity of the community as illustrated above, this may be an opportunity for a fun module.

Also -- I like your CSS Havenbreaker! One of the initial dream features has been a dark "1337 mode" (for night time use) but we keep pushing it back as it's rather low priority. It seems you've already taken a pretty good stab at it :)

@darren I just got the mobile render to play nicely with the "dark "1337 mode"" shrinking and enlarging my desktop browser in emulator mode to get the different CSS to kick off was "fun" per say...

Share this post


Link to post
Share on other sites

@Darren

I'm not concerned with regular users. This is for the sysadmins or people who would look up WiFi Pineapple to find out what it is or people who already own one being able to find out information about yours. Ex: they could find out if you have Cabinet or any other module installed by going to http://172.16.42.1:1471/#/modules/Cabinet without needing to log on.

@audibleblink's CSS solves the issue of someone looking up WiFi Pineapple and going to your site and to find out information unless they know you can disable that CSS on the right side of Chrome's Developer Tools which makes it look exactly how it did before.

l3dOmFNl.png

Edited by IMcPwn

Share this post


Link to post
Share on other sites

I think the concern may be if a connected target joins the network then for some reasons getting curious as to what might be hosted on port 1471 of the gateway. -- ya know, like your average users tend to do, right?

That edge case aside, I'd say given the creativity of the community as illustrated above, this may be an opportunity for a fun module.

Also -- I like your CSS Havenbreaker! One of the initial dream features has been a dark "1337 mode" (for night time use) but we keep pushing it back as it's rather low priority. It seems you've already taken a pretty good stab at it :)

Also a good battery saver for those of us with oled phones. Black is off!

Share this post


Link to post
Share on other sites
3e57aed56b.png

Good choice in modules.

  • Upvote 2

Share this post


Link to post
Share on other sites

unless they know you can disable that CSS on the right side of Chrome's Developer Tools

Oh man, if they're on your physical machine, you've got bigger problems!

In all seriousness though, tab-closing and relying on the obscurity of the port number you host the GUI on shouldn't be an acceptable _permanent_ solution. Not ideal that one could enumerate your modules. That said, I appreciate how complex the software development process is and the prioritization game that comes with it. Yinz do great work, Hak5 team.

+1 for adding "not exposing information behind the login modal" somewhere on the back log.

Share this post


Link to post
Share on other sites

I think you have what I'm saying confused. They are not on my physical machine. They are merely connected to the Pineapple's open AP from their laptop.

  • Upvote 1

Share this post


Link to post
Share on other sites

Oh, right. I forgot. I'd thrown in a firewall rule to deny requests from the client network to the UI port.

Yeah, no bueno

Share this post


Link to post
Share on other sites

Oh, right. I forgot. I'd thrown in a firewall rule to deny requests from the client network to the UI port.

Yeah, no bueno

That's actually a really good idea. Does it also block on the secure wifi network?

Edited by barry99705

Share this post


Link to post
Share on other sites

I blocked the entire client network, so in my case, it would, if the secure network gives you an IP in that same range. I'm not sure since I've never set it up that way. I've always accessed pineapples through a reverse tunnel and then binding the UI management port to some localhost port.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...