deadpirates Posted July 27, 2016 Posted July 27, 2016 I need a help about wifi pineapple product. How can I implement ssl certificate so that people who are using this automatically connected through ssl. and how can I decrypt the traffic that is going through this ssl. Is there any build in option that can decrypt the SSL encrypted traffic ? Quote
sud0nick Posted July 27, 2016 Posted July 27, 2016 You can implement TLS/SSL on the Pineapple by using the Papers module. You won't be able to use that to decrypt target traffic, though. You can try your luck at SSLSplit or SSLStrip but they're becoming less useful with time. Quote
Ineffective_Device Posted January 19, 2017 Posted January 19, 2017 Doesn't the decline of tools like SSLSplit and SSLStrip effectively make the pineapple an obsolete tool as nearly all internet traffic at this point uses both HTTPS and HSTS Quote
Foxtrot Posted January 19, 2017 Posted January 19, 2017 5 hours ago, Ineffective_Device said: Doesn't the decline of tools like SSLSplit and SSLStrip effectively make the pineapple an obsolete tool as nearly all internet traffic at this point uses both HTTPS and HSTS No. Quote
sud0nick Posted January 19, 2017 Posted January 19, 2017 (edited) 9 hours ago, Ineffective_Device said: Doesn't the decline of tools like SSLSplit and SSLStrip effectively make the pineapple an obsolete tool as nearly all internet traffic at this point uses both HTTPS and HSTS The Pineapple does so much more than intercept communications to the internet. It's great for spoofing, auditing, recon, and much more. It's really only limited to your capabilities and the laws of physics. Edited January 19, 2017 by sud0nick Quote
Ineffective_Device Posted January 20, 2017 Posted January 20, 2017 Surely spoofing is of little use as the main purpose of spoofing is man in the middle attacks, which are not effective if the device has no mechanism to deal with HTTPS. While auditing and recon are present in the device, there seems to be nothing present that a simple ping sweep or network scan could not accomplish. I work in penetration testing and vulnerability assessment and later today will be giving a demo and talk on the pineapple where I will find it very hard not to describe it as a piece of hardware that is aging and on the verge of being completely obsolete. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.