Jump to content

Suggested improvements for the WiFi Pineapple and the web interface

terraformer

By terraformer
in WiFi Pineapple

Recommended Posts

terraformer Rookie

terraformer

Posted
Posted

I've had my Mark VII for a while now. I've got pretty extensive experience with WiFi related infosec but the Mark VII is the first time I've touched WiFi Pineapple since the very first version came out that I bought @ DefCon many years ago.

The whole experience seems tailored to people not very familiar with 802.11 but I figured instead of just complaining I'd make a list here of suggestions on how to improve both the device and accompanying software. I really have no idea what the intended target audience is since opsec nor a deep level of technical understanding seems to be something this product caters much to. I know some of my software issues can be "solved" by installing third party apps, but since there is a official web interface, I figured it should do most of what needs to be done out of the box.

Software

Tldr; The software abstracts away almost all indicators of what is actually going on with the device. It might make things easier for people not familiar with WiFi but I think it confuses anyone who has worked with WiFi before. The entire web interface needs a lot of work in my opinion before it can be considered functional.

- Refactor the entire WPA Handshake feature. WiFi Handshake capture should be happening passively at all times (I think it already is, which is why the dedicated button is confusing). Focus on channel control instead.

- Allow easy control over which channels to monitor and the hopping between them. Make it easy to camp on channels associated with specific networks (which is seemingly what the "capture handshake" button does) and make it possible to easily control channel hopping for different interfaces. This is my primary gripe with the Wifi Pineapple. I always find myself SSH'ing in and checking the state of the wireless interfaces to see what channel they are on. I'd be happy to provide mockups of what I had in mind. I think it's actually very simple and could be similar to what the Kismet web interface already does, but with a few extra bells and whistles. I have my own Kismet fork where I've implemented some of the stuff I had in mind already and I find the added control super useful.

- Client deauthentication needs more options, including the number of deauth frames to transmit and the the reason code. Currently the Pineapple just spams deauth frames to the network, making it super obvious what's happening. Even my Unifi gear triggered alerts.  I'd also make it easier to verify deauthentication success.

- Indicate whether the PTK and/or GTK has been captured. I have no idea what the WiFi Pineapple considers a WPA handshake. You need packet 1+2 or 2+3 for the PTK and GTK along with the beacon frame for the SSID correlation.

- Add ability to enter network key and get decrypted data frames directly. Saves me the hassle of doing it afterwards in Wireshark.

- Add ability to add MAC addresses to a list of "targets" and get alerts when said targets are observed, either directly or indirectly.

- Make it easier to turn off all active WiFi, including the various broadcasted wifi networks. I still havent been able to turn off everything and the WiFi pineapple insists on either broadcasting it's open network or having it running without broadcasting the SSID. I just want it entirely passive for most of the time.

Hardware

- I have no idea why the Mark VII does not include a more robust hardware package. 5GHz and AC support at a minimum would be appreciated. I know a "enterprise" version is in the pipeline, but again, nothing about the software seems to cater to a "professional" enterprise customer.

- I'd love a built in battery which could be recharged over USB-C.

- Physical switches to disable the radios, or at least a programmable physical switch that could be used to toggle the active component on/off.

- The device needs more system resources in my opinion. Both a better SoC and more RAM in order to handle useful features such as live data frame decryption, multi-interface packet capture, etc.

Link to comment
Share on other sites
Foxtrot Grand Master

Foxtrot

Posted
Posted

Thanks for the detailed feedback!

16 minutes ago, terraformer said:

...

The whole experience seems tailored to people not very familiar with 802.11 but I figured instead of just complaining I'd make a list here of suggestions on how to improve both the device and accompanying software. I really have no idea what the intended target audience is since opsec nor a deep level of technical understanding seems to be something this product caters much to. ...

The goal of the UI is to make certain attacks and recon faster to use, and easier to understand on a basics level. As a fellow 802.11 enthusiast, I agree that having more technical information exposed to the user would be cool, but at the same time (as mentioned) the goal is to keep it simple on purpose. The MK7 UI introduced "modes" for PineAP where you can easily change from Disabled, Passive or Active, with an "Advanced" option to have greater control. We'd like to flesh this out more in a future releases across the other aspects of the UI (such as Recon and Logging specifically) so that if you want to be exposed to deeper information, you can be.

21 minutes ago, terraformer said:

- Refactor the entire WPA Handshake feature. WiFi Handshake capture should be happening passively at all times (I think it already is, which is why the dedicated button is confusing). Focus on channel control instead.

Passive handshake capture is indeed happening during a Recon scan. The dedicated button is to isolate the capture to the channel that the AP is on. As I mentioned in the above paragraph, we'd like to flesh out the control to those who want it in upcoming updates. Control over the channels would be a cool addition there.

25 minutes ago, terraformer said:

- Client deauthentication needs more options, including the number of deauth frames to transmit and the the reason code. Currently the Pineapple just spams deauth frames to the network, making it super obvious what's happening. Even my Unifi gear triggered alerts.  I'd also make it easier to verify deauthentication success.

I think I touched on the deauth methodology in the other post :).

27 minutes ago, terraformer said:

- Indicate whether the PTK and/or GTK has been captured. I have no idea what the WiFi Pineapple considers a WPA handshake. You need packet 1+2 or 2+3 for the PTK and GTK along with the beacon frame for the SSID correlation.

Partial handshakes are captures of EAPOL frames + a beacon that can be cracked, such as 1+2 or 2+3 as you mentioned. Evil WPA captures (in the beta and newer) are EAPOL 1+2, plus a beacon, as that's all that is available there.

31 minutes ago, terraformer said:

- Add ability to enter network key and get decrypted data frames directly. Saves me the hassle of doing it afterwards in Wireshark.

I like this idea, but I think it's fairly low priority, and Wireshark does this very well.

32 minutes ago, terraformer said:

- Add ability to add MAC addresses to a list of "targets" and get alerts when said targets are observed, either directly or indirectly.

Event logging is something we're working on currently, and this falls under that. :)

33 minutes ago, terraformer said:

- Make it easier to turn off all active WiFi, including the various broadcasted wifi networks. I still havent been able to turn off everything and the WiFi pineapple insists on either broadcasting it's open network or having it running without broadcasting the SSID. I just want it entirely passive for most of the time.

I see this requested occasionally, the reason that the Open AP has never had a disable toggle is because it can cause issues for other parts of the device, but I agree that it would be a nice to have, so we'll put it on the backlog.

 

Thanks again for the detailed feedback, we really appreciate it!

Link to comment
Share on other sites
Gabbelebab Apprentice

Gabbelebab

Posted
Posted

What I found to be a bit annoying was the fact that during the setup, when the device asks to update the firmware, it is not able to connect to my Wifi as the PSK must be 8-32 characters. As you might guess mine is not shorter, its longer than that.

Link to comment
Share on other sites
Foxtrot Grand Master

Foxtrot

Posted
Posted
11 hours ago, NoobDad said:

Regarding the capture handshake mode. I like to controll each wifimodule. So if I am connected to the wifi pineapple trough usb-c capture data on three channels at the same time.

I don't know what "wifimodule" means.

10 hours ago, Gabbelebab said:

What I found to be a bit annoying was the fact that during the setup, when the device asks to update the firmware, it is not able to connect to my Wifi as the PSK must be 8-32 characters. As you might guess mine is not shorter, its longer than that.

Will fix in a future stager update.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...