Jump to content

Modules from previous devices and Mark VII


rO0t
 Share

Recommended Posts

Developers have to port their old apps to the new Pineapple.

To any module devs from the Nano/Tetra: You qualify for the new developer program: https://docs.hak5.org/hc/en-us/articles/360053279254-Hak5-Developer-Program-for-WiFi-Pineapple-Mark-VII

Link to comment
Share on other sites

  • 7 months later...

we DESPERATLY need SSLstrip ported to the new mk7 or something of the like.... httpeek is great and all but its useless against https which sslsplit can downgrade to http so we can see all the fun loot 🙂 current mk7 is just about pointless without baked in 5ghz support and no ability to read https traffic 😕

Link to comment
Share on other sites

I don't know what you define as "we", but there's a limited few that see the relevance of having access to that kind of downgrade since the infrastructure has moved forward and modern software doesn't allow this to happen. It's of course possible (but not highly likely) to encounter situations when a customer has really bad IT infrastructure, but you don't need a Pineapple module to come to such a conclusion. I suggest that those that is in need of this module also starts developing it since module development is community based. There is perhaps a bunch here and on Discord that want this to happen, so gather together and start hammering on the keyboards. No one will create modules because of someone demanding it, especially if they have come to the conclusion that it is obsolete and don't add value in the current landscape.

Link to comment
Share on other sites

On 4/28/2021 at 5:25 PM, Jay42 said:

we DESPERATLY need SSLstrip ported to the new mk7 or something of the like.... httpeek is great and all but its useless against https which sslsplit can downgrade to http so we can see all the fun loot 🙂 current mk7 is just about pointless without baked in 5ghz support and no ability to read https traffic 😕

Hi, 

Just wondered if youd tried doing any SSL Stripping recently? (not talking about using a WiFi pineapple to do this)

If you initiate a man in the middle attack and attempt SSL Stripping, most devices know that this is being done and wont let you connect. If you have a device with nethunter on its really easy to do a MITM with SSL stripping on your own WiFi network then try going to a site as simple as google and a big red warning page comes up to tell you whats happening and it wont let you progress. 

On a lot of pages they use HSTS cookies that force an SSL connection if you've visited before. You can sometimes get lucky if the user hasn't visited the site before or the HSTS cookie has expired, but chances are if you perform a MITM attack, its their commonly visited sites youd be most interested in i.e google, social media etc.

In a real world application, say the Mk7 had SSL strip module, if you turned it on and the target tried to visit a page and gets the warning, they immediately know somethings wrong, disconnect and you've just advertised your in that network. 

With HTTPeek your quieter, your not advertising your there, yes the information you get is less, but its better to get something than nothing at all and not be noticed

Link to comment
Share on other sites

  • 3 months later...
On 4/30/2021 at 12:41 PM, marckiuy said:

Hi, 

Just wondered if youd tried doing any SSL Stripping recently? (not talking about using a WiFi pineapple to do this)

If you initiate a man in the middle attack and attempt SSL Stripping, most devices know that this is being done and wont let you connect. If you have a device with nethunter on its really easy to do a MITM with SSL stripping on your own WiFi network then try going to a site as simple as google and a big red warning page comes up to tell you whats happening and it wont let you progress. 

On a lot of pages they use HSTS cookies that force an SSL connection if you've visited before. You can sometimes get lucky if the user hasn't visited the site before or the HSTS cookie has expired, but chances are if you perform a MITM attack, its their commonly visited sites youd be most interested in i.e google, social media etc.

In a real world application, say the Mk7 had SSL strip module, if you turned it on and the target tried to visit a page and gets the warning, they immediately know somethings wrong, disconnect and you've just advertised your in that network. 

With HTTPeek your quieter, your not advertising your there, yes the information you get is less, but its better to get something than nothing at all and not be noticed

I've had great luck running Airgeddon then initiating an Evil Twin w/sniffing and bettercap-sslstrip2/BeEF. Controlling the victims browser can be a pretty fun way to mess with friends.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...