rO0t Posted September 15, 2020 Posted September 15, 2020 Hello, is it possible to install Nano or Tetra modules? Currently, there are few modules to use with the GUI level.
newbi3 Posted September 16, 2020 Posted September 16, 2020 Developers have to port their old apps to the new Pineapple. To any module devs from the Nano/Tetra: You qualify for the new developer program: https://docs.hak5.org/hc/en-us/articles/360053279254-Hak5-Developer-Program-for-WiFi-Pineapple-Mark-VII
dustbyter Posted September 16, 2020 Posted September 16, 2020 Thank for the link newbi3! I've been MIA for some time. I'll take a look at how to update my modules for the new hardware.Ā
Jay42 Posted April 28, 2021 Posted April 28, 2021 we DESPERATLY need SSLstrip ported to the new mk7 or something of the like.... httpeek is great and all but its useless against https which sslsplit can downgrade to http so we can see all the fun loot š current mk7 is just about pointless without baked in 5ghz support and no ability to read https traffic š
chrizree Posted April 28, 2021 Posted April 28, 2021 I don't know what you define as "we", but there's a limited few that see the relevance of having access to that kind of downgrade since the infrastructure has moved forward and modern software doesn't allow this to happen. It's of course possible (but not highly likely) to encounter situations when a customer has really bad IT infrastructure, but you don't need a Pineapple module to come to such a conclusion.Ā I suggest that those that is in need of this module also starts developing it since module development is community based. There is perhaps a bunch here and on Discord that want this to happen, so gather together and start hammering on the keyboards. No one will create modules because of someone demanding it, especially if they have come to the conclusion that it is obsolete and don't add value in the current landscape.
marckiuy Posted April 30, 2021 Posted April 30, 2021 On 4/28/2021 at 5:25 PM, Jay42 said: we DESPERATLY need SSLstrip ported to the new mk7 or something of the like.... httpeek is great and all but its useless against https which sslsplit can downgrade to http so we can see all the fun loot š current mk7 is just about pointless without baked in 5ghz support and no ability to read https traffic š Hi,Ā Just wondered if youd tried doing any SSL Stripping recently? (not talking about using a WiFi pineapple to do this) If you initiate a man in the middle attack and attempt SSL Stripping, most devices know that this is being done and wont let you connect. If you have a device with nethunter onĀ its really easy to do aĀ MITM with SSL strippingĀ on your own WiFi network then try going to a site as simple as google and a big red warning page comes up to tell you whats happening and it wont let you progress.Ā On a lot of pages they use HSTS cookies that force an SSL connection if you've visited before. You can sometimes get lucky if the user hasn't visited the site before or the HSTS cookie has expired, but chances are if you perform a MITM attack, its their commonly visited sites youd be most interested in i.e google, social media etc. In a real world application, say the Mk7 had SSL strip module, if you turned it on and the target tried to visit a page and gets the warning, they immediately know somethings wrong, disconnect and you've just advertised your in that network.Ā With HTTPeek your quieter, your not advertising your there, yes the information you get is less, but its better to get something than nothing at all and not be noticed
fugeesnfunions Posted August 19, 2021 Posted August 19, 2021 On 4/30/2021 at 12:41 PM, marckiuy said: Hi,Ā Just wondered if youd tried doing any SSL Stripping recently? (not talking about using a WiFi pineapple to do this) If you initiate a man in the middle attack and attempt SSL Stripping, most devices know that this is being done and wont let you connect. If you have a device with nethunter onĀ its really easy to do aĀ MITM with SSL strippingĀ on your own WiFi network then try going to a site as simple as google and a big red warning page comes up to tell you whats happening and it wont let you progress.Ā On a lot of pages they use HSTS cookies that force an SSL connection if you've visited before. You can sometimes get lucky if the user hasn't visited the site before or the HSTS cookie has expired, but chances are if you perform a MITM attack, its their commonly visited sites youd be most interested in i.e google, social media etc. In a real world application, say the Mk7 had SSL strip module, if you turned it on and the target tried to visit a page and gets the warning, they immediately know somethings wrong, disconnect and you've just advertised your in that network.Ā With HTTPeek your quieter, your not advertising your there, yes the information you get is less, but its better to get something than nothing at all and not be noticed I've had great luck runningĀ Airgeddon then initiatingĀ an Evil Twin w/sniffing and bettercap-sslstrip2/BeEF. Controlling the victims browser can be a pretty fun way to mess with friends.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.