Jump to content

Easiest way to see URL traffic of client over a pineapple connection?


PineUser101

Recommended Posts

Newbie to Pineapple MkVII for a few weeks now and not able to find a way to watch the URL traffic yet on connected clients? Played with HTTPeek but only seems to record non HTTPS URLs, which is extremely few these days. My research suggests that HTTPS addresses should be unencrypted at least to the main website part, so this should all be viewable?

Any ideas on how to achieve this with Pineapple? I want to demo the capabilities in a security course and this would be pretty key.

Best

Link to comment
Share on other sites

Decrypting https in a MITM position is practically impossible if you don't have access to key material. HTTPeek is aimed at http traffic only (as the module states; "View plaintext HTTP traffic, such as cookies and images"). But, it also depends on how you define "watch the URL traffic". I guess you mean content. Seeing what endpoints that are active in the traffic flow should still be possible, you just won't see what's inside that traffic.

Link to comment
Share on other sites

Thanks for the quick response dark_pyrro. Understood fully that HTTPS traffic not possible to see, but I really do mean only the HTTPS URL Address or at least the domain web address; eg: https://bbc.co.uk and maybe not even https://bbc.co.uk/news

This seems like a fundamental function for pen testing over a spoofed SSID so would be surprised if this question has not come up before or even the last 2 years that MkVII has been released.

Any ideas?

Link to comment
Share on other sites

There's no bettercap module for the Pineapple (at least not yet, but someone might create one if they have a need for it). It's mainly command line and it's available using the link that was previously posted in this thread. Just make sure to use the correct branch that corresponds to the OpenWrt version that the Pineapple is using. However, there is a web UI that comes with bettercap that is possible to use. It's not integrated into the pineapple web UI in any way though, but still an alternative instead of doing things using CLI.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...