olympus_mons Posted April 14, 2022 Share Posted April 14, 2022 Hi all, I managed to get the Evil Portal working, kind of 🙂 Here is what I did... - named the Open AP the same name as the SSID of the network I wanted to clone. - went into the Evil Portal Module - Started the web server - Activated the Google login Evil Portal - connected to the Open AP and was presented with a Google login page - entered my credentials - checked the logs on the Pineapple and my credentials had been captured However, it feels like I am missing something from above. For example, what is to stop the users from connecting to the actual SSID rather than my fake SSID? Is there a way to take the actual SSID offline so that users cannot connect to it? Meaning users will have to connect to my fake SSID. Thanks in advance as always. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted April 14, 2022 Share Posted April 14, 2022 What happens if you don't name the OpenAP the same as the one you want to clone and instead add the one you want to clone to the SSID pool of PineAP and then broadcast the SSID pool? I'm not sure what you mean when you mention "actual SSID" and "fake SSID" if they are the same one (since you named the "actual SSID" with the name of the "fake SSID" (or "cloned" SSID)). Quote Link to comment Share on other sites More sharing options...
olympus_mons Posted April 15, 2022 Author Share Posted April 15, 2022 actual SSID = the SSID of the network I want to imitate, for example HOME-NETWORK fake SSID = the SSID I have created in the pineapple, for example HOME-NETWORK. I have made this fake SSID the same name as the actual SSID (above) so when I search for networks on my phone, I see the actual SSID and the fake SSID, both have the same name of HOME-NETWORK So in the above example, how can I be sure that users connect to my fake SSID (HOME-NETWORK) and not the actual SSID (HOME-NETWORK) Very confused... Â Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted April 15, 2022 Share Posted April 15, 2022 OK, well, you can't "control" WiFi in the way that you force a STA/client to connect to a specific ESSID. If there are two around, then there's not guarantee that it will connect to the one that you "hope" it should connect to (the fake one). There's no such magic. And..... if the security types differ between the networks (for example, the fake one is open and the actual one has some kind of security/protection like WPA2), then you will never be able to get the STA/client to connect to your fake AP/ESSID. Quote Link to comment Share on other sites More sharing options...
olympus_mons Posted April 15, 2022 Author Share Posted April 15, 2022 ok thanks, I am clearly missing the purpose of a pineapple. Considering your comments above, why would a user ever connect to a pineapple? for example, say I fake a McDonalds SSID... the faked SSID will be open therefore not ask the user for a PSK, also, the user will see the faked SSID and the actual SSID therefore why would the user ever connect to my fake SSID being broadcasted by the pineapple? I am totally baffled... Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted April 15, 2022 Share Posted April 15, 2022 It all depends on the scenario. You could get the target to connect when the "real" AP isn't around (and it's an open one). You could collect the ESSIDs that a target is "asking" for and then broadcast them as if they were available (using the Pineapple). Then hope that the target connects to your Pineapple. This is NOT for the Mark VII, but the workflow is more or less the same. It's the basics anyway and explains one type of scenario that could be a possible use case.https://www.youtube.com/watch?v=CcnCbxoUWps Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.