Easiest way to see URL traffic of client over a pineapple connection?

[PineUser101]

Newbie to Pineapple MkVII for a few weeks now and not able to find a way to watch the URL traffic yet on connected clients? Played with HTTPeek but only seems to record non HTTPS URLs, which is extremely few these days. My research suggests that HTTPS addresses should be unencrypted at least to the main website part, so this should all be viewable?

Any ideas on how to achieve this with Pineapple? I want to demo the capabilities in a security course and this would be pretty key.

Best

[dark_pyrro]

Decrypting https in a MITM position is practically impossible if you don't have access to key material. HTTPeek is aimed at http traffic only (as the module states; "View plaintext HTTP traffic, such as cookies and images"). But, it also depends on how you define "watch the URL traffic". I guess you mean content. Seeing what endpoints that are active in the traffic flow should still be possible, you just won't see what's inside that traffic.

[PineUser101]

Thanks for the quick response dark_pyrro. Understood fully that HTTPS traffic not possible to see, but I really do mean only the HTTPS URL Address or at least the domain web address; eg: https://bbc.co.uk and maybe not even https://bbc.co.uk/news

This seems like a fundamental function for pen testing over a spoofed SSID so would be surprised if this question has not come up before or even the last 2 years that MkVII has been released.

Any ideas?

[dark_pyrro]

Use the tcpdump module (or use tcpdump on the command line) and dump on any relevant device/interface (either the br-lan device or the wlan0 interface if the client is on the open AP). Then examine the dump in Wireshark afterwards.

[90N45]

Or just use Bettercap (https://www.bettercap.org/)

There is a compiled version for the MK7 on GitHub (https://github.com/adde88/openwrt-useful-tools).

[PineUser101]

How does Bettercap look on the Pineapple? A module? Or is this a command line  tool? I think I have jumped through the hoops needed to instal but can't find it anywhere?

Thanks

[dark_pyrro]

There's no bettercap module for the Pineapple (at least not yet, but someone might create one if they have a need for it). It's mainly command line and it's available using the link that was previously posted in this thread. Just make sure to use the correct branch that corresponds to the OpenWrt version that the Pineapple is using. However, there is a web UI that comes with bettercap that is possible to use. It's not integrated into the pineapple web UI in any way though, but still an alternative instead of doing things using CLI.