Jump to content

What to do once your the MITM


Recommended Posts

Hey everyone, I am wondering if you guys have any specific steps you take once you are the MITM?

What kind of things are you trying to do with the packets? Push java applets to clients? Use Karmetaspolit? Since SSLStrip is no longer working, what types of things are you doing to gaurentee the most data out of your "victims". I am particularly intrested in emails, social media, etc... Assuming its been approved by the client I am auditing.

I really want to show some examples of what can go wrong for a client site when a MITM attack is successfully executed using the pineapple, any ideas?

Link to comment
Share on other sites

I can't speak highly enough of the Evil Portal captive portal in regards to effort:reward ratio.

I cant agree more. This is a very easy and robust step in the front door! I had shiish loads of fun last night with Evil Portal. Also the new landing page in config is nice to have!

Now how do we get into more plays like metasploit and other client side exploits via MITM?

Is that not to be discussed on the fourm? Ive looked at Karmetasploit and Bettercap and I think to myself, how can I port that over to the pineapple. I see ettercap, but its not the easiest thing to use on the MK5.8T currently lol. Maybe if i had CLI expierence with ettercap beforehand I would be more inuitive on how to use it.

Any others out there that have these feelings of wanting to be able to make this thing more effective and automated through community developed scipts and porting of exixting tools?

p.s. I saw on my Tetra, the model number was MK5.8 which is why I referred to it in that way. Any particular reason you decided not to go full MK6? Or was that just a lil easter egg for later in the dev cycle? :)

Link to comment
Share on other sites

Internal code name to differentiate from the NANO - which got its name from a text editor that's better than another text editor that can be read as 6 in roman numerals. If you do the math the TETRA is the 7th WiFi Pineapple hardware to date, but it along with the NANO are sharing the 6th Generation title (and software base). But anyway, the real easter egg is in the stager firmware which you flashed over during initial setup. Oh well...

Link to comment
Share on other sites

Internal code name to differentiate from the NANO - which got its name from a text editor that's better than another text editor that can be read as 6 in roman numerals. If you do the math the TETRA is the 7th WiFi Pineapple hardware to date, but it along with the NANO are sharing the 6th Generation title (and software base). But anyway, the real easter egg is in the stager firmware which you flashed over during initial setup. Oh well...

Makes sense. And trust me, I have another tetra and my first nano in the cart. So please. Elaborate about said Easter egg. ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...