PineUser101 Posted January 30 Share Posted January 30 Newbie to Pineapple MkVII for a few weeks now and not able to find a way to watch the URL traffic yet on connected clients? Played with HTTPeek but only seems to record non HTTPS URLs, which is extremely few these days. My research suggests that HTTPS addresses should be unencrypted at least to the main website part, so this should all be viewable? Any ideas on how to achieve this with Pineapple? I want to demo the capabilities in a security course and this would be pretty key. Best Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 30 Share Posted January 30 Decrypting https in a MITM position is practically impossible if you don't have access to key material. HTTPeek is aimed at http traffic only (as the module states; "View plaintext HTTP traffic, such as cookies and images"). But, it also depends on how you define "watch the URL traffic". I guess you mean content. Seeing what endpoints that are active in the traffic flow should still be possible, you just won't see what's inside that traffic. Quote Link to comment Share on other sites More sharing options...
PineUser101 Posted January 30 Author Share Posted January 30 Thanks for the quick response dark_pyrro. Understood fully that HTTPS traffic not possible to see, but I really do mean only the HTTPS URL Address or at least the domain web address; eg: https://bbc.co.uk and maybe not even https://bbc.co.uk/news This seems like a fundamental function for pen testing over a spoofed SSID so would be surprised if this question has not come up before or even the last 2 years that MkVII has been released. Any ideas? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 30 Share Posted January 30 Use the tcpdump module (or use tcpdump on the command line) and dump on any relevant device/interface (either the br-lan device or the wlan0 interface if the client is on the open AP). Then examine the dump in Wireshark afterwards. Quote Link to comment Share on other sites More sharing options...
90N45 Posted January 30 Share Posted January 30 Or just use Bettercap (https://www.bettercap.org/) There is a compiled version for the MK7 on GitHub (https://github.com/adde88/openwrt-useful-tools). Quote Link to comment Share on other sites More sharing options...
PineUser101 Posted January 31 Author Share Posted January 31 How does Bettercap look on the Pineapple? A module? Or is this a command lineĀ tool? I think I have jumped through the hoops needed to instal but can't find it anywhere? Thanks Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 1 Share Posted February 1 There's no bettercap module for the Pineapple (at least not yet, but someone might create one if they have a need for it). It's mainly command line and it's available using the link that was previously posted in this thread. Just make sure to use the correct branch that corresponds to the OpenWrt version that the Pineapple is using. However, there is a web UI that comes with bettercap that is possible to use. It's not integrated into the pineapple web UI in any way though, but still an alternative instead of doing things using CLI. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.