Coroner Posted May 12, 2016 Share Posted May 12, 2016 Hello, so i live opposite a school and during drop off and pick up day 1.. pineapple harvested a ton of SSID's from mobile phones probing day 2.. had alot of connected clients connected to the SSID's pineAP made when the mobile phones connect to the SSID would they automatically give up the WPA stored password upon login? and if so is there an infusion that will siphon the password to a log file? they may only give up the password if wpa security is set to on.. maybe someone could make an infusion that acts like wpa is turned on and is requestiong a password while we are connected to the client and logging the information they give up Cheers Coroner Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted May 12, 2016 Share Posted May 12, 2016 In order to take in WPA clients you must already know the key, defeating the purpose of having such an infusion - if I understand correctly. Also, I'm assuming you aren't authorised to be doing this outside of a school at peak times, and if so you should probably stop doing that. Quote Link to comment Share on other sites More sharing options...
Coroner Posted May 12, 2016 Author Share Posted May 12, 2016 In order to take in WPA clients you must already know the key, defeating the purpose of having such an infusion - if I understand correctly. when pineAP clones the SSID's that the phones are probing for, once they probe again and find the SSID made by the pineapple, i would of thought that they would hand over the SSID password fairly easily?? Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted May 12, 2016 Share Posted May 12, 2016 when pineAP clones the SSID's that the phones are probing for, once they probe again and find the SSID made by the pineapple, i would of thought that they would hand over the SSID password fairly easily?? The devices dont just spit out the passwords in plaintext over the waves, that would completely defeat the encryption. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted May 13, 2016 Share Posted May 13, 2016 when pineAP clones the SSID's that the phones are probing for, once they probe again and find the SSID made by the pineapple, i would of thought that they would hand over the SSID password fairly easily?? Nope, that's what the 4-way handshake is for. Best regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted May 13, 2016 Share Posted May 13, 2016 when the mobile phones connect to the SSID would they automatically give up the WPA stored password upon login? and if so is there an infusion that will siphon the password to a log file? Cheers Coroner I've been looking at a project called Fluxion that basically setups a fake clone AP of the target network and also captures the WPA Handshake so that when someone connects to the AP when they get sent to the fake page they will be asked to enter their wifi password and it checks to make sure it matches the password inside the cap which you capture durning the setup. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.