Keylogging devices on wifi

[Harold Finch]

Hi eveyone.  Is possible keylogging any phone or computer with this Pineapple Tetra? 

I just want keylogging. 

[Zylla]

You could create a client, or use meterpreter to connect to an infected computer.
But afaik such a project doesn't exist yet.

Are you thinking about the sort of "Wireless USB Ruber Ducky" projects that are out there?

[Harold Finch]

12 hours ago, Zylla said:

You could create a client, or use meterpreter to connect to an infected computer.
But afaik such a project doesn't exist yet.

Are you thinking about the sort of "Wireless USB Ruber Ducky" projects that are out there?

I'm working on information security and I'm tracing, investigating office computers but, same time I need to keylogging some employee's phone. And I cant find a better idea than that. I think that device can help me in that case. 

[Zylla]

7 hours ago, Harold Finch said:

I'm working on information security and I'm tracing, investigating office computers but, same time I need to keylogging some employee's phone. And I cant find a better idea than that. I think that device can help me in that case. 

Keylogging a phone?
In such a scenario, i think you're best solution is to use some key-logging software on the phone, and then make it report back to a server.
The Pineapples aren't key-logging devices.

[Harold Finch]

It's impossible for now. Cause I havent any intercourse, sociablility with them. I've just remote access methods, not directly. But I dont know, if that phones connected to my pineapple devices, can I install any keylogger apps to that phones over pineapple tetra devices?

[Foxtrot]

16 minutes ago, Harold Finch said:

It's impossible for now. Cause I havent any intercourse <...>

Dinner first is usually the way to go.

As Zylla mentioned, the Pineapples aren't keyloggers. Installing malware on a client that sends payloads to a destination is possible, though.

[Harold Finch]

2 minutes ago, Foxtrot said:

Dinner first is usually the way to go.

As Zylla mentioned, the Pineapples aren't keyloggers. Installing malware on a client that sends payloads to a destination is possible, though.

Dear friend, I havent directly access to them phones. But I can to change this office router with Pineapple Tetra. I have  one way for access, it's just installing any malware or application to them phone over wifi pineaplle. And I must to know, is it possible with this devices?

[Just_a_User]

1 hour ago, Foxtrot said:

Dinner first is usually the way to go.

ROFL you sly old fox :)

[Harold Finch]

On 11/22/2017 at 11:06 AM, Just_a_User said:

ROFL you sly old fox :)

have you any idea? )))

[Just_a_User]

29 minutes ago, Harold Finch said:

have you any idea? )))

Nope,  I'm celibate :)

But to be fair your typo was one of the best I have seen in a while, I would have probably missed it if it were not for foxtrot spotting it, bravo!

 

[Zylla]

On 22.11.2017 at 6:55 AM, Harold Finch said:

Dear friend, I havent directly access to them phones. But I can to change this office router with Pineapple Tetra. I have  one way for access, it's just installing any malware or application to them phone over wifi pineaplle. And I must to know, is it possible with this devices?

By manipulating the network-traffic it is theoretically possible to install malware on a device.
Just like when you're using "The Backdoor Factory" (bdfproxy) on Linux.
But afaik it doesn't exist any modules/software for the Pineapples that is customized for this.

Another issue would be that most of that traffic is protected by SSL/TLS, so you'd need to somehow also get the device to trust your certificate.
But yes. It is possible to install malware by manipulating the traffic, but not feasible.

[Harold Finch]

26 minutes ago, Zylla said:

By manipulating the network-traffic it is theoretically possible to install malware on a device.
Just like when you're using "The Backdoor Factory" (bdfproxy) on Linux.
But afaik it doesn't exist any modules/software for the Pineapples that is customized for this.

Another issue would be that most of that traffic is protected by SSL/TLS, so you'd need to somehow also get the device to trust your certificate.
But yes. It is possible to install malware by manipulating the traffic, but not feasible.

So, I must to find other methods.  :/  thanks

[Dave-ee Jones]

On 11/22/2017 at 4:45 PM, Foxtrot said:

Dinner first is usually the way to go.

As Zylla mentioned, the Pineapples aren't keyloggers. Installing malware on a client that sends payloads to a destination is possible, though.

Saw that one coming >.<

To keylog a phone it needs to have software on it that can capture the key presses. There's no way, that I know of, that can remotely install and run software (apart from ADB and Google, for Android at least) on a phone to start capturing packets.

Wireless Rubber Ducky attacks are nigh impossible on phones, and again would need software on the phone anyway (unless you have a USB plugged into it launching Ducky attacks).

If it's a bluetooth keyboard we're talking about (for PCs), you could POTENTIALLY read the data, however you would need the right hardware and software.

[Just_a_User]

Would it not be possible to use session replay scripts on a website to replay keys typed during the web session? Plus more info ;)

Its old but i found an example of an open source replay file generator https://github.com/stykiaz/we3c_tracker

And one for cloudflare wisdom module ;) https://github.com/Wisdom/Wisdom-CloudFlare-App

If feasible would be a nice addition to EvilPortal lol