Where's my problem with associations?

[skoops]

Heyhey,

I recently bought a NANO to start experimenting with wireless security and pretty quckly I encountered my first problem.

About half a year ago I've met a security researcher who demonstrated his pineapple setup to a bunch of managers. While he was prepping for his short talk on the stage he switched on the pineapple and I looked at my iPhone which then displayed almost ALL my "known" wireless networks. Airports, Hotels, Restarurants, you know what I mean. My phone also immediately connected to one of them.

Now I wanted to reproduce this, but I fail miserably.

When I enably PineAP on my NANO, log all probes and broadcast all known SSIDs it just seems my phone isn't asking for ANY previously associated open network. No hotels, no airports or restaurants. It just sits there and does not probe for wifi networks, so the NANO does not learn any new SSIDs and thats about it.

When I manually enter a SSID into the iphone to connect to it associates itself immediately and the counter on the NANO increases by one, but that's not how I wanted it to work.

So my question actually is: In a room with about 15 persons, all with smartphones, why is no phone looking for it's previous WiFi networks?

:/

[White Light]

Heyhey,

I recently bought a NANO to start experimenting with wireless security and pretty quckly I encountered my first problem.

About half a year ago I've met a security researcher who demonstrated his pineapple setup to a bunch of managers. While he was prepping for his short talk on the stage he switched on the pineapple and I looked at my iPhone which then displayed almost ALL my "known" wireless networks. Airports, Hotels, Restarurants, you know what I mean. My phone also immediately connected to one of them.

Now I wanted to reproduce this, but I fail miserably.

When I enably PineAP on my NANO, log all probes and broadcast all known SSIDs it just seems my phone isn't asking for ANY previously associated open network. No hotels, no airports or restaurants. It just sits there and does not probe for wifi networks, so the NANO does not learn any new SSIDs and thats about it.

When I manually enter a SSID into the iphone to connect to it associates itself immediately and the counter on the NANO increases by one, but that's not how I wanted it to work.

So my question actually is: In a room with about 15 persons, all with smartphones, why is no phone looking for it's previous WiFi networks?

:/

They're likely already connected to a wifi spot. Phones don't tend to search out for previous connections unless the one they're on is really bad or they're just not connected. You can deauth clients on nearby networks and then they'll try to connect to you instead.

[skoops]

They're likely already connected to a wifi spot. Phones don't tend to search out for previous connections unless the one they're on is really bad or they're just not connected. You can deauth clients on nearby networks and then they'll try to connect to you instead.

Unfortunately they are not connected to any hotspots. In our office building there's only a protected wifi network with certificate authentication, which is only deployed to corporate phones. everyone uses his private cellphone to browse the net here. there are no other wifi hotspots nearby. also my 100% disassociated iphone doesn't connect either but i KNOW that I have some SSIDs stored on the phone.

[ricos]

Given the environment you described, is it reasonable to assume that everyone else in the office has wifi turned off on their phones while at work in order to preserve battery? Did you usually walk into work with wifi turned on even though you knew that there was no wifi to connect to?

[skoops]

Did you usually walk into work with wifi turned on even though you knew that there was no wifi to connect to?

Yes. And I'm pretty sure my colleagues don't turn their wifi off when they walk into the office.

Regardless of the office situation I did a little field test in the wild with my nano and sat down in the food court of a nearby shopping mall. The results were quite dissapointing.

I gathered exactly ZERO SSIDs over the course of twenty minutes - Here are a few screenshots:

There are quite a few unassociated clients waiting for networks, about the same amount of connected clients which were out of reach (why?) and my lonely bunch of hotspots which I connect to for NANO access.

Any hints what's going on?

[audibleblink]

Does you PineAP setup look like this?

[ricos]

Client filter list empty and set to block?

Also, b4 you take it to the field: try at home, in a controlled environment. It help norrowing down the problem.

On a side note (really not trying to be a smartass, I promise), you should get into the habit of turning wifi on only when you're about to use it.

[skoops]

Does you PineAP setup look like this?

Yes, additionally I also Log Probes, so I actually have EVERYTHING checked and PineAP is obviously enabled

Client filter list empty and set to block?

Also, b4 you take it to the field: try at home, in a controlled environment. It help norrowing down the problem.

On a side note (really not trying to be a smartass, I promise), you should get into the habit of turning wifi on only when you're about to use it.

Client filter List is set to block and empty, so every MAC-Adress should be able to connect.

In a controlled environment I did the following to test a scenario.

1. Create Ad-hoc WiFi on Windows Laptop (No encryption, simply an open network)

2. Connect with my iPhone into the open hotspot

3. Make sure the connection was established.

4. Disable the adhoc WiFi on the Windows Laptop

5. Look for probe requests or even associations on the Nano.

Step 5 never happened. The iPhone simply wouldn't look for the adhoc network anymore.

I feel like I'm missing something obvious in my setup, but I can't quite put my finger on it.

@your sidenote: I never switch off my WiFi. Since that demo from the security researcher I really KNOW this is a bad habit that I should change sooner than later. I'm working on it :)

[ricos]

I get your frustration. It should work.

Please try the following:
1. go to PineAP, clear SSID Pool, manually add a random SSID (random name that'll easily catch your eye)
2. Enable PineAP Daemon
3. check only Broadcast SSID Pool, leave everything else unchecked, click 'Save PineAP Settings'

Now check on another device of your choice if the SSID shows up on the list of available networks. If it doesn't, something is fubar; factory reset your Nano, perform 1.0.5 upgrade and repeat. Otherwise proceed:

4. In PineAP, additionally check 'Capture SSIDs to Pool', click 'Save PineAP Settings'

Now the SSID pool should begin to populate. (remember that the counter in Dashboard only increments upon refresh)
Again: if it doesn't, something is fubar.

If you have an Android device, you can find the list of stored networks in:
data/misc/wifi/wpa_supplicant.conf (obviously you need to be rooted in order to view that)
If there's nothing there, then there's no beacon for your nano to hear.

Can't help you with IOS, but I recall some app called NetworkList or NetworkInfo that might help you. Runs on Cydia framework or something, you need to be jailbroken. Sorry, but I've never owned anything apple.

Keep at it, keep us updated. I have faith in you, young Skywalker.

[zoro25]

I have exactly the same issue,

Recon can detect hundreds of clients all broadcasting yet PineAP never detects anything,

I thought I had a faulty device however maybe a software bug I'm now thinking after your post.

I raised a bug = https://www.wifipineapple.com/?portal&bugs&action=view&id=378

however your post above is actually a little more clean on the actual issue.

[skoops]

I get your frustration. It should work.

Please try the following:

1. go to PineAP, clear SSID Pool, manually add a random SSID (random name that'll easily catch your eye)

2. Enable PineAP Daemon

3. check only Broadcast SSID Pool, leave everything else unchecked, click 'Save PineAP Settings'

Now check on another device of your choice if the SSID shows up on the list of available networks. If it doesn't, something is fubar; factory reset your Nano, perform 1.0.5 upgrade and repeat. Otherwise proceed:

4. In PineAP, additionally check 'Capture SSIDs to Pool', click 'Save PineAP Settings'

Now the SSID pool should begin to populate. (remember that the counter in Dashboard only increments upon refresh)

Again: if it doesn't, something is fubar.

Okay, I've done that.

1. Cleared the list and added a random SSID (Wheeeeeee_random_AP)

2. Enabled PineAP

3. Checked only "Broadcast SSID" and nothing else.

The SSID was visible on the iPhone. Everything fine so far.

Then I enabled "Capture SSID" in the PineAP Settings and saved them.

Nothing happened. Nothing changed. No additional SSIDs showed up.

Then I went to have lunch. I'm passing the shopping mall I mentioned in an earlier post, so I took the opportunity and logged into the OPEN and free WiFi of a McDonalds restaurant and used it for a minute or two to do a bit of webbrowsing. Their SSID was something like "McDonalds_Free_WiFi"

After my lunch break I come back to my office (and the nano) - with the last known good wifi in my iphone being the mcdonalds one. I hoped to see probes for the mcd-wifi, but nothing is showing up.

There is still only ONE network in the SSID pool and thats the one I added manually.

So yeah. That's the problem.

[barry99705]

Given the environment you described, is it reasonable to assume that everyone else in the office has wifi turned off on their phones while at work in order to preserve battery? Did you usually walk into work with wifi turned on even though you knew that there was no wifi to connect to?

I never turn off wifi, bluetooth, gps, or nfc unless I'm at a con, then I turn all that shit off!

[ricos]

After my lunch break I come back to my office (and the nano) - with the last known good wifi in my iphone being the mcdonalds one. I hoped to see probes for the mcd-wifi, but nothing is showing up.

There is still only ONE network in the SSID pool and thats the one I added manually.

What you should have done is take your Nano to the mall with you, that would have cleared up the issue.

Like I mentioned b4, my knowledge of iPhones is rudimentary at best, but I'm assuming it doesn't deviate from Androids that much when it comes to the way it prioritizes Wifi networks. If you have location awareness services running on your mobile device, it can (and will) make an educated guess as to what networks will be in range. Upon approaching the office it would correctly prioritize the Nano's AP and connect to it b4 sending out beacons for other networks.

Granted, it's been ages since I last tested this, since my devices don't broadcast their network list and always have location awareness functions turned off when I don't need them.

I never turn off wifi, bluetooth, gps, or nfc unless I'm at a con, then I turn all that shit off!

I don't want to let this steer OT, but I have to ask... If nothing else, aren't you guys bothered by the battery drain? Why would you leave all that crap running when it takes a simple button press to switch it off. You could also automate the proccess and save yourself that click. Sorry if I come across like a smartass - totally not my intention, I promise. Just curious.

[skoops]

What you should have done is take your Nano to the mall with you, that would have cleared up the issue.

That is exactly what i did before that.

see:

Regardless of the office situation I did a little field test in the wild with my nano and sat down in the food court of a nearby shopping mall. The results were quite dissapointing.

I gathered exactly ZERO SSIDs over the course of twenty minutes - Here are a few screenshots:

I'm pretty sure the hundreds of guests in the shopping mall aren't ALL using iOS devices so one of them should've at least probed for something once.

[ricos]

I'd say check the Nano's logs for failed inits, sounds like there might be a problem. Is wlan1 actually switched to monitor mode when you run the PineAP Daemon? (It should appear as 'wlan1mon' under 'Advanced' in 'Networking'.

[mbakker]

Did you already checked the filter? Is the SSID filter set on "Deny" or "Allow"?

"Deny" needs to be set in your situation without any info in it, this will allow all SSID't to be filtered into the SSID Pool for Broadcast.

 

Please let me know if this helps

[BenNano]

Are there any postings from  2019 ?