Wifi Pineapple Lab Ideas?

[OKlabs]

Hello, I am a high school teacher and I recently obtained a Wi-Fi Pineapple from my school in-order to aid in teaching a new computer science class which has a whole unit dedicated to cyber security. I was successful in setting it up, going through the configuration of the device, and I have successfully captured packets / viewed internet traffic. However, I wish to move away from simply “showing off” and demonstrating the abilities of the Wi-Fi Pineapple to the classroom. I wish to set up the device in a way that students can walk through labs that teach important lessons on cyber security. My goal is to set up the Wi-Fi Pineapple in a way students can experiment with device in a safe environment that is educational. I wish for students to walk away from this lab with the sense that information sent over the web is not necessarily private and that they should be careful about what information they make public. The only problem is that I am at a COMPLETE LOSS on how to do this. I have very limited cyber security/ network skills... does anyone have any ideas?  Thanks in advance, any leads would be appreciated.

[elkentaro]

I think what is more important is to build a scenario or syllabus around what it is you want the students to experience.

Rather than tackling the whole pie as one, start with something simple.

I think by mixing up wifi security with general web-activity safety , you are actually creating an overly complex issue.

Web activity security can be taught without an pineapple , but wifi security is much easier to teach with a pineapple.

 

 

[OKlabs]

Hello, and thanks for the reply!

It's been a very long time since I have posted a question on a forum and I was a bit nervous that no one would reply. I appreciate the advice and agree but, what would be a more specific scenario I could focus on that would utilize the Wifi-Pineapple in the classroom?

I'm trying to come up with a syllabus supplemented with various activities. Let’s say I want to use the Wifi - Pineapple in the classroom, how would I do that, other than demonstrating a few of its capabilities? I must admit my knowledge of cyber-security is limited but, I want to learn. Thanks.

[elkentaro]

I guess the ideal scenario would be to show the dangers of connecting to a public wifi spot . That scenario would be ideal to show case the pineapple's capability.

1.Pretend the class room is a coffee shop with wifi.

2. People would connect to the legitimate wifi spot . ( you probably would need another wifi AP for this )

3. Then a criminal could bring up a rogue AP using PineAP.

4. Deauth everybody.

5. Many clients end up connecting to the PineAP.

6. You could use tcpdump/urlsnarf or any of the other tools on how criminals could intercept the transmission.

7. Homework: How would you protect your communication transmission in this scenario?

-----Encrypt everything.

----- bring your own wifi spot

---- etc etc.

 

Something like this might be of interest.

[3mrgnc3]

I love the last educational scenario.

A level up from that. You could demonstrate the importance of properly implemented wireless security.

This could be given as a small business guest network in the classroom. Setup similar to before, but using WPA2 with a weak passphrase (ie. its in the rockyou wordlist) or even WPS enabled with a weak implementation.

Then

1. An attacker deauths clients and captures 4-way handshake packets.

2. He Joins the network and demonstrates ability to do attacks such as ARP Spoofing.

3. Sets up an evilAP with the pineapple using network name and MACaddress of WPA2 Access Point with same passphrase on a different channel.

4. constantlty Deauthenticate broadcast MAC address on origional channel.

5. Demonstrate students connecting to EvilAP

Homework.

What are the fundemental differences to the 1st scenario?

Are there flaws in the level of trust we assign based on whether a wifi network is open or WEP/WPA/WPA2?

What can we do about the problem?

Regards,

 

Ps. Wish I'd had that class back in the day... :D