Jump to content

Pineapple - On-The-Fly payload injector


Recommended Posts

Hello Hak5 members,

New to this site and platform, but am pretty excited to be back in the states and to get my hands on the Tetra I purchased. When looking at modules I can't seem to find something similar to the MITMf framework integrated into it. This takes use of filepwn, but I have been having a great experience using Shellter. 

Where should I go for learning how to integrate a new module into the Pineapple? Here is what I am wanting:

1. Client makes request for .exe file

2. Pineapple forwards to the web server

3. Web server responds

4. Pineapple receives the traffic:

    If (PARAMS == TRUE): Pass the executable over to Shellter, inject a payload, then forward to the client.

    else: forward to the client

Some of the params you would setup would be maximum file size (to make sure the process doesn't take too long), if the program is already wrapped, etc. Ideally, one would be running some sort HTTPS downgrade attack, or SSL Stripper, so the probability of injection is higher as most sites now use https. Shellter has been awesome for me when it comes to AV evasion, but it may also be perfect to allow user's to pipe the executable to whatever program they want to handle the payload injection and just have the module looking for the created file to popup in a specific location.

Link to comment
Share on other sites

Found the youtube series on creating modules: https://www.youtube.com/watch?v=Lvf2At3G1C0

I have experience with Bootstrap and AngularJS so it shouldn't take too long to figure out the formatting for the modules. Only thing is, hopefully I can leverage another module for finding *.exe download requests for a MITM attack otherwise it would make creating this a lot longer. Needs to be able to have a MITM running and replace any .exe a client requests with one that has a custom payload put in it. 

If anyone knows of something that already does this, then please let me know.


Link to comment
Share on other sites


Goal: With a MITM attack in progress, be able to sniff traffic and modify any requested downloads to the victim/client machines utilizing Ettercap. With this, the attacker should have the option to use a previously created payload from a file location, or allow for on-the-fly injection using simple ‘expect’ scripts passing a downloaded file over to a program for injection before forwarding it to the client. For pre-set files, the filenames would be modified to match the requested file before being pushed to the client. 

Ettercap Filters: 

  • Locate Exe files 
  • Locate Office files
  • Locate PDF files

Stored user variables (Pineapple Module options using Bootstrap front-end):

  • Max file size (prevent from injecting large files causing long latencies)
  • Select associated client(s) to attack
  • Injection Method
    • On-the-fly (Shellter, Metasploit, Veil/Macro_safe.py)
      • Payload (would be awesome to detect OS and use a correlated payload for it)
      • LHost
      • LPort
    • Custom/Pre-set files
      • File locations (payload.exe, payload.pdf, payload.doc, payload.docx, payload.xls, etc)
      • Option to auto-add client/file correlation to a blacklist once it was already injected and forwarded

Config files:

  • Template for adding more injection methods to supplement Shellter, Veil, Metasploit as the defaults.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...