Modules from previous devices and Mark VII

[rO0t]

Hello, is it possible to install Nano or Tetra modules? Currently, there are few modules to use with the GUI level.

[newbi3]

Developers have to port their old apps to the new Pineapple.

To any module devs from the Nano/Tetra: You qualify for the new developer program: https://docs.hak5.org/hc/en-us/articles/360053279254-Hak5-Developer-Program-for-WiFi-Pineapple-Mark-VII

[dustbyter]

Thank for the link newbi3!

I've been MIA for some time. I'll take a look at how to update my modules for the new hardware. 

[Jay42]

we DESPERATLY need SSLstrip ported to the new mk7 or something of the like.... httpeek is great and all but its useless against https which sslsplit can downgrade to http so we can see all the fun loot 🙂 current mk7 is just about pointless without baked in 5ghz support and no ability to read https traffic 😕

[chrizree]

I don't know what you define as "we", but there's a limited few that see the relevance of having access to that kind of downgrade since the infrastructure has moved forward and modern software doesn't allow this to happen. It's of course possible (but not highly likely) to encounter situations when a customer has really bad IT infrastructure, but you don't need a Pineapple module to come to such a conclusion. I suggest that those that is in need of this module also starts developing it since module development is community based. There is perhaps a bunch here and on Discord that want this to happen, so gather together and start hammering on the keyboards. No one will create modules because of someone demanding it, especially if they have come to the conclusion that it is obsolete and don't add value in the current landscape.

[marckiuy]

On 4/28/2021 at 5:25 PM, Jay42 said:

we DESPERATLY need SSLstrip ported to the new mk7 or something of the like.... httpeek is great and all but its useless against https which sslsplit can downgrade to http so we can see all the fun loot 🙂 current mk7 is just about pointless without baked in 5ghz support and no ability to read https traffic 😕

Hi, 

Just wondered if youd tried doing any SSL Stripping recently? (not talking about using a WiFi pineapple to do this)

If you initiate a man in the middle attack and attempt SSL Stripping, most devices know that this is being done and wont let you connect. If you have a device with nethunter on its really easy to do a MITM with SSL stripping on your own WiFi network then try going to a site as simple as google and a big red warning page comes up to tell you whats happening and it wont let you progress. 

On a lot of pages they use HSTS cookies that force an SSL connection if you've visited before. You can sometimes get lucky if the user hasn't visited the site before or the HSTS cookie has expired, but chances are if you perform a MITM attack, its their commonly visited sites youd be most interested in i.e google, social media etc.

In a real world application, say the Mk7 had SSL strip module, if you turned it on and the target tried to visit a page and gets the warning, they immediately know somethings wrong, disconnect and you've just advertised your in that network. 

With HTTPeek your quieter, your not advertising your there, yes the information you get is less, but its better to get something than nothing at all and not be noticed

[fugeesnfunions]

On 4/30/2021 at 12:41 PM, marckiuy said:

Hi, 

Just wondered if youd tried doing any SSL Stripping recently? (not talking about using a WiFi pineapple to do this)

If you initiate a man in the middle attack and attempt SSL Stripping, most devices know that this is being done and wont let you connect. If you have a device with nethunter on its really easy to do a MITM with SSL stripping on your own WiFi network then try going to a site as simple as google and a big red warning page comes up to tell you whats happening and it wont let you progress. 

On a lot of pages they use HSTS cookies that force an SSL connection if you've visited before. You can sometimes get lucky if the user hasn't visited the site before or the HSTS cookie has expired, but chances are if you perform a MITM attack, its their commonly visited sites youd be most interested in i.e google, social media etc.

In a real world application, say the Mk7 had SSL strip module, if you turned it on and the target tried to visit a page and gets the warning, they immediately know somethings wrong, disconnect and you've just advertised your in that network. 

With HTTPeek your quieter, your not advertising your there, yes the information you get is less, but its better to get something than nothing at all and not be noticed

I've had great luck running Airgeddon then initiating an Evil Twin w/sniffing and bettercap-sslstrip2/BeEF. Controlling the victims browser can be a pretty fun way to mess with friends.