MattRedz Posted August 4, 2022 Share Posted August 4, 2022 Hi All I noticed that a lot of modules for the MK VII are not available such as the "Portal Auth" is this due to the new version (or am I missing something), if it is, are there any plans to port these over? Cheers, Matt Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 4, 2022 Share Posted August 4, 2022 What are you comparing to? The modules for the 6th generation of the Pineapple? The modules are community based. In other words, if there's a need for a module, it will be developed by the community. If there's not need, then it will not be available on the Mark VII. Comparing modules with older generations isn't really a measure of how good the product is. Some modules aren't available since the functionality has (more or less) been built in to the core features of the Mark VII. Some modules aren't available since the cyber security landscape has moved on making them obsolete. Quote Link to comment Share on other sites More sharing options...
MattRedz Posted August 5, 2022 Author Share Posted August 5, 2022 13 hours ago, dark_pyrro said: What are you comparing to? The modules for the 6th generation of the Pineapple? The modules are community based. In other words, if there's a need for a module, it will be developed by the community. If there's not need, then it will not be available on the Mark VII. Comparing modules with older generations isn't really a measure of how good the product is. Some modules aren't available since the functionality has (more or less) been built in to the core features of the Mark VII. Some modules aren't available since the cyber security landscape has moved on making them obsolete. Totally get your comments, my question was open as there seemed to be a lot more avalable before such as the "captive portal using the Portal Auth" that allowed for cloning of other portals and the use of injection sets. Quote Link to comment Share on other sites More sharing options...
DramaKing Posted August 5, 2022 Share Posted August 5, 2022 Modules like CursedScreech, DNSspoof, HTTPProxy, and tor have not been ported over, and there are no plans to do so. The reason given for SSLsplit no longer being included is that there's HSTS. Quote Link to comment Share on other sites More sharing options...
McFlyJr Posted March 23 Share Posted March 23 I received my Pineapple Mark VII two days ago, and I realize that everything I had planned to do with it, (by looking at the documentation, forums and videos), I could not do it. I have the impression that all MitM tools are gone (HTTP PRoxy, SSLsplit and others...) I never would have thought that the modules present on the old versions, would not be present on the new one, it's a technical step back, and disapointement for me. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 23 Share Posted March 23 In what way can it be considered a "technical step back"? Do you want to turn the clock back to be able to use methods that are obsolete in todays cybersec landscape? If you (or someone else) would develop all the MiTM modules you seem to crave for, you would still end up being disappointed due to the fact that they no longer work in relevant red team scenarios. Where in all the documentation, forum posts and videos did you see any of the modules (you seem to miss) being used on a Mark VII? The documentation clearly says that modules aren't provided automatically by someone, they are community developed when and if there's a need. The documentation also links to the GitHub repo for the Mark VII (not any previous version/generation) and it's clear what modules that are available. Quote Link to comment Share on other sites More sharing options...
McFlyJr Posted March 25 Share Posted March 25 What I don't understand is why remove them modules who worked in previous version ? And the point that "the modules are not created by Hak5 but by the community" is partly biased, because in many tutos and videos, scenarios are based on the modules. Imagine a scenario with deauth, fake AP, SSLsplit, and HTTP Proxy for inject JS in HTTP/S. I don't know what is obsolete in this kind of scenario just an warn message that most of the users will pass without reading. Am I wrong? So yes, I can use my PC in addition to Pineapple to do this, but pineapple is interesting to perform penetration tests autonomously, and finally If I must take my PC, I could continue without Pineapple. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 25 Share Posted March 25 No modules have been removed, they have never existed for the Mark VII. 18 minutes ago, McFlyJr said: And the point that "the modules are not created by Hak5 but by the community" is partly biased, because in many tutos and videos, scenarios are based on the modules. I quote myself: On 3/23/2023 at 11:03 PM, dark_pyrro said: Where in all the documentation, forum posts and videos did you see any of the modules (you seem to miss) being used on a Mark VII? Question remains... what videos are showing the Mark VII using modules that doesn't exist for the Mark VII? 20 minutes ago, McFlyJr said: Imagine a scenario with deauth, fake AP, SSLsplit, and HTTP Proxy for inject JS in HTTP/S. I would love to see this being demo'ed in a modern and up to date scenario. Complete write-up and videos showing it as a relevant red team use case. Pineapple involved, or not. Quote Link to comment Share on other sites More sharing options...
McFlyJr Posted March 25 Share Posted March 25 20 minutes ago, dark_pyrro said: No modules have been removed, they have never existed for the Mark VII. 20 minutes ago, dark_pyrro said: Question remains... what videos are showing the Mark VII using modules that doesn't exist for the Mark VII? We don't understand each other, maybe my English isn't good enough. When I say removed, I'm talking from the Tetra and Nano. I know this modules never been on mk7, That is the source of my disappointment. 22 minutes ago, dark_pyrro said: I would love to see this being demo'ed in a modern and up to date scenario. Complete write-up and videos showing it as a relevant red team use case. Pineapple involved, or not. What is not "modern and up to date" for you ? SSL interception? HTTP injection? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.