Jump to content

Evil Portal steps...


Recommended Posts

Hi all,

I managed to get the Evil Portal working, kind of 🙂

Here is what I did...

- named the Open AP the same name as the SSID of the network I wanted to clone.

- went into the Evil Portal Module

- Started the web server

- Activated the Google login Evil Portal

- connected to the Open AP and was presented with a Google login page

- entered my credentials

- checked the logs on the Pineapple and my credentials had been captured

However, it feels like I am missing something from above. For example, what is to stop the users from connecting to the actual SSID rather than my fake SSID? Is there a way to take the actual SSID offline so that users cannot connect to it? Meaning users will have to connect to my fake SSID.

Thanks in advance as always.

Link to comment
Share on other sites

What happens if you don't name the OpenAP the same as the one you want to clone and instead add the one you want to clone to the SSID pool of PineAP and then broadcast the SSID pool? I'm not sure what you mean when you mention "actual SSID" and "fake SSID" if they are the same one (since you named the "actual SSID" with the name of the "fake SSID" (or "cloned" SSID)).

Link to comment
Share on other sites

actual SSID = the SSID of the network I want to imitate, for example HOME-NETWORK

fake SSID = the SSID I have created in the pineapple, for example HOME-NETWORK. I have made this fake SSID the same name as the actual SSID (above) so when I search for networks on my phone, I see the actual SSID and the fake SSID, both have the same name of HOME-NETWORK

So in the above example, how can I be sure that users connect to my fake SSID (HOME-NETWORK) and not the actual SSID (HOME-NETWORK)

Very confused...


Link to comment
Share on other sites

OK, well, you can't "control" WiFi in the way that you force a STA/client to connect to a specific ESSID. If there are two around, then there's not guarantee that it will connect to the one that you "hope" it should connect to (the fake one). There's no such magic. And..... if the security types differ between the networks (for example, the fake one is open and the actual one has some kind of security/protection like WPA2), then you will never be able to get the STA/client to connect to your fake AP/ESSID.

Link to comment
Share on other sites

ok thanks, I am clearly missing the purpose of a pineapple.

Considering your comments above, why would a user ever connect to a pineapple?

for example, say I fake a McDonalds SSID... the faked SSID will be open therefore not ask the user for a PSK, also, the user will see the faked SSID and the actual SSID therefore why would the user ever connect to my fake SSID being broadcasted by the pineapple? I am totally baffled...

Link to comment
Share on other sites

It all depends on the scenario. You could get the target to connect when the "real" AP isn't around (and it's an open one). You could collect the ESSIDs that a target is "asking" for and then broadcast them as if they were available (using the Pineapple). Then hope that the target connects to your Pineapple.

This is NOT for the Mark VII, but the workflow is more or less the same. It's the basics anyway and explains one type of scenario that could be a possible use case.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...