PineUser101 Posted January 30, 2023 Share Posted January 30, 2023 Newbie to Pineapple MkVII for a few weeks now and not able to find a way to watch the URL traffic yet on connected clients? Played with HTTPeek but only seems to record non HTTPS URLs, which is extremely few these days. My research suggests that HTTPS addresses should be unencrypted at least to the main website part, so this should all be viewable? Any ideas on how to achieve this with Pineapple? I want to demo the capabilities in a security course and this would be pretty key. Best Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 30, 2023 Share Posted January 30, 2023 Decrypting https in a MITM position is practically impossible if you don't have access to key material. HTTPeek is aimed at http traffic only (as the module states; "View plaintext HTTP traffic, such as cookies and images"). But, it also depends on how you define "watch the URL traffic". I guess you mean content. Seeing what endpoints that are active in the traffic flow should still be possible, you just won't see what's inside that traffic. Link to comment Share on other sites More sharing options...
PineUser101 Posted January 30, 2023 Author Share Posted January 30, 2023 Thanks for the quick response dark_pyrro. Understood fully that HTTPS traffic not possible to see, but I really do mean only the HTTPS URL Address or at least the domain web address; eg: https://bbc.co.uk and maybe not even https://bbc.co.uk/news This seems like a fundamental function for pen testing over a spoofed SSID so would be surprised if this question has not come up before or even the last 2 years that MkVII has been released. Any ideas? Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 30, 2023 Share Posted January 30, 2023 Use the tcpdump module (or use tcpdump on the command line) and dump on any relevant device/interface (either the br-lan device or the wlan0 interface if the client is on the open AP). Then examine the dump in Wireshark afterwards. Link to comment Share on other sites More sharing options...
90N45 Posted January 30, 2023 Share Posted January 30, 2023 Or just use Bettercap (https://www.bettercap.org/) There is a compiled version for the MK7 on GitHub (https://github.com/adde88/openwrt-useful-tools). Link to comment Share on other sites More sharing options...
PineUser101 Posted January 31, 2023 Author Share Posted January 31, 2023 How does Bettercap look on the Pineapple? A module? Or is this a command lineĀ tool? I think I have jumped through the hoops needed to instal but can't find it anywhere? Thanks Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 1, 2023 Share Posted February 1, 2023 There's no bettercap module for the Pineapple (at least not yet, but someone might create one if they have a need for it). It's mainly command line and it's available using the link that was previously posted in this thread. Just make sure to use the correct branch that corresponds to the OpenWrt version that the Pineapple is using. However, there is a web UI that comes with bettercap that is possible to use. It's not integrated into the pineapple web UI in any way though, but still an alternative instead of doing things using CLI. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.