Cuttlefishjonez Posted March 8, 2023 Posted March 8, 2023 Hi, I have had a mark VII up and running for about 2 weeks now (I am doing a PoC and value exercise for work) and I have some issues with it I am hoping someone can help with. First is getting anything to connect to it. I have set up an OpenAP and my laptop(s) and desktop(s) can connect to that. No mobile device will connect though. I have had recon running and have been capturing SSIDs to the pool, this is set to broadcast those and there are no restrictions on who can connect. But if try to connect via mobile or PC to any of those broadcast SSIDs then they can't. I have tried all combinations of adding MACs and SSIDs to the Allow List and also tried it without anything in either list. Still nothing will connect. It is set to respond to all requests. It's very good at not allowing things to connect. The whole front end randomly freezes and I have to restart the box. I have added modules but they work on a random basis and HTTPPeek won't run at all. There is a brief glimpse of a socket error. Sometimes. And finally when I tried to update the firmware I get an error - Could not process upgrade file. Other than the above it's been very good at flashing an LED and occupying a USB power supply. I am evalutaing this on the idea that we could bulk buy for our global offices and use them as tools, via Cloud c2 (which also doesn't seem to work - makes nice graphs though), for monitoring our wifi networks as they seemed, on paper, to be ideal for the job. Also our inhouse security team were interested in them. Any help would be appreciated.
dark_pyrro Posted March 8, 2023 Posted March 8, 2023 32 minutes ago, Cuttlefishjonez said: I have set up an OpenAP and my laptop(s) and desktop(s) can connect to that. No mobile device will connect though. Are you actively trying to get mobile devices to connect (i.e. are you manually connecting and failing), or are you just hoping that they will connect? 34 minutes ago, Cuttlefishjonez said: I have had recon running and have been capturing SSIDs to the pool, this is set to broadcast those and there are no restrictions on who can connect. But if try to connect via mobile or PC to any of those broadcast SSIDs then they can't. The captured ESSIDs, are any of the true WiFi networks that is captured open networks or are all of them passphrase protected (or protected in some other form)? You can't capture the ESSID of a protected network and broadcast them as open and expect devices to see them and connect to them. 36 minutes ago, Cuttlefishjonez said: I have added modules but they work on a random basis and HTTPPeek won't run at all. What other modules (other than HTTPeek) are failing and in what way? What is your goal running HTTPeek? It won't catch much at all since almost all communication is https based nowadays. Just so that you don't get stuck and spend a lot of time trying to make it work when there perhaps isn't that much relevant use of the module. When I have used it, it has worked, but (as said) not a relevant tool for so haven't used that module more than trying to help others to troubleshoot things. 38 minutes ago, Cuttlefishjonez said: I tried to update the firmware I get an error - Could not process upgrade file. What firmware are you on and what firmware are you trying to upgrade to? At what stage more specifically do you get the error?
Cuttlefishjonez Posted March 8, 2023 Author Posted March 8, 2023 2 minutes ago, dark_pyrro said: Are you actively trying to get mobile devices to connect (i.e. are you manually connecting and failing), or are you just hoping that they will connect? I am actively trying to connect to the APs. 2 minutes ago, dark_pyrro said: The captured ESSIDs, are any of the true WiFi networks that is captured open networks or are all of them passphrase protected (or protected in some other form)? You can't capture the ESSID of a protected network and broadcast them as open and expect devices to see them and connect to them. They are a combination. None of them open or otherwise will connect. 2 minutes ago, dark_pyrro said: What other modules (other than HTTPeek) are failing and in what way? What is your goal running HTTPeek? It won't catch much at all since almost all communication is https based nowadays. Just so that you don't get stuck and spend a lot of time trying to make it work when there perhaps isn't that much relevant use of the module. When I have used it, it has worked, but (as said) not a relevant tool for so haven't used that module more than trying to help others to troubleshoot things. It worked when I first installed it. Just once since then it's been borked. just logged in an ran it manually from the CLI, and this is what happens when I try to start it: Exception occurred during processing of request from ('172.16.42.246', 4135) Traceback (most recent call last): File "/usr/lib/python3.9/socketserver.py", line 683, in process_request_thread File "/usr/lib/python3.9/socketserver.py", line 360, in finish_request File "/usr/lib/python3.9/socketserver.py", line 747, in __init__ File "/pineapple/ui/modules/httpeek/assets/libsniffer/websocket_handler.py", line 28, in handle handshake_done = self.handshake() File "/pineapple/ui/modules/httpeek/assets/libsniffer/websocket_handler.py", line 61, in handshake response = self.build_response(key) File "/pineapple/ui/modules/httpeek/assets/libsniffer/websocket_handler.py", line 46, in build_response digest = b64encode(decode(sha1((key + self.magic).encode('utf-8')).hexdigest().encode('utf-8'), 'hex')) TypeError: unsupported operand type(s) for +: 'NoneType' and 'str' ---------------------------------------- 2 minutes ago, dark_pyrro said: What firmware are you on and what firmware are you trying to upgrade to? At what stage more specifically do you get the error? I tried to move to the beta channel to see if the update would fix anything. I am going to scrub the whole thing and try a factory restart, also try it without the 5Ghz wifi addon. Maybe it's just broken.
dark_pyrro Posted March 8, 2023 Posted March 8, 2023 Can't see that the 5 GHz WiFi adapter should have to do with any of those issues. HTTPeek listens/sniffs on the br-lan device and the open AP is wlan0. What kind of mobile devices are you trying to connect to the open AP of the Pineapple? I've never had any such issues. When your filters is set to "allow all", how do you configure them? "Deny List" + (totally empty list) for both Clients and SSID?
Cuttlefishjonez Posted March 8, 2023 Author Posted March 8, 2023 Just now, dark_pyrro said: Can't see that the 5 GHz WiFi adapter should have to do with any of those issues. HTTPeek listens/sniffs on the br-lan device and the open AP is wlan0. What kind of mobile devices are you trying to connect to the open AP of the Pineapple? I've never had any such issues. When your filters is set to "allow all", how do you configure them? "Deny List" + (totally empty list) for both Clients and SSID? Yeah, I thought it would be a bit weird for the adpater to be an issue and I have just tested on a box here and it's fine. I've tried a range of different iPhones and Android devices no joy with any of them - Linux and Windows PCs connect just fine. So for the filters I've tried Deny List Empty for both. I've also tried puttting MACs in for both in the Allow List. Still no joy. It's currently getting factory reset so I carry on testing when it's done.
DramaKing Posted March 8, 2023 Posted March 8, 2023 2 hours ago, Cuttlefishjonez said: Yeah, I thought it would be a bit weird for the adpater to be an issue and I have just tested on a box here and it's fine. I've tried a range of different iPhones and Android devices no joy with any of them - Linux and Windows PCs connect just fine. So for the filters I've tried Deny List Empty for both. I've also tried puttting MACs in for both in the Allow List. Still no joy. It's currently getting factory reset so I carry on testing when it's done. Does the connection simply fail? Or do they simply not have network access?
Cuttlefishjonez Posted March 10, 2023 Author Posted March 10, 2023 On 3/8/2023 at 8:13 PM, DramaKing said: Does the connection simply fail? Or do they simply not have network access? The connection simply fails.
Salacryl Posted March 11, 2023 Posted March 11, 2023 On 3/8/2023 at 6:50 PM, dark_pyrro said: Can't see that the 5 GHz WiFi adapter should have to do with any of those issues. HTTPeek listens/sniffs on the br-lan device and the open AP is wlan0. What kind of mobile devices are you trying to connect to the open AP of the Pineapple? I've never had any such issues. When your filters is set to "allow all", how do you configure them? "Deny List" + (totally empty list) for both Clients and SSID? I have the same issue. No mobile device will connect. For me I don't even see the AP 40% of the time listed as available network. If it is listed, I try connect and the device can't even go til "getting IP Address". It just ends the process aber 5 sec. of trying to even connect with the AP.
dark_pyrro Posted March 11, 2023 Posted March 11, 2023 Difficult to say without more details of how the Pineapple is set up and what kind of mobile devices that fail. I've never had any issues. Is the Pineapple offering internet access to the clients? Some mobile devices ditch a connection if it's not possible to connect to the internet and selects another AP instead. I.e. tries to connect to the AP but disconnects more or less immediately and connects to some other AP nearby that is known by the device and has internet access.
Salacryl Posted March 11, 2023 Posted March 11, 2023 2 hours ago, dark_pyrro said: Difficult to say without more details of how the Pineapple is set up and what kind of mobile devices that fail. I've never had any issues. Is the Pineapple offering internet access to the clients? Some mobile devices ditch a connection if it's not possible to connect to the internet and selects another AP instead. I.e. tries to connect to the AP but disconnects more or less immediately and connects to some other AP nearby that is known by the device and has internet access. I fear that the mobile devices have the ID (macs or whatever) listed to "dangerous networks". There is an option for that on my Galaxy S10+. To set it to off just doesn't change anything. At least it would explain a lot, f. e. why mobile devices can't connect but my kali laptop has no issues with it. .. wait a minute ... I'll try to set up a debug mode with my mobile and hopefully I can get something out of the logs. I'll keep you updated. In the meanwhile: @Cuttlefishjonez do have the opportunity to try a mobile device with lineageOS? Maybe it is only Samsung and Apple?
dark_pyrro Posted March 11, 2023 Posted March 11, 2023 For reference; connected the following to the open AP on my Pineapple now: - Motorola Moto G4 with LineageOS - Samsung Galaxy A3 2016 (SM-A310F) with LineageOS - Samsung Galaxy S10e with Android 12 - Samsung Galaxy A52s 5G with Android 13 - Apple iPhone 11 Pro All of them successful
Recommended Posts
Archived
This topic is now archived and is closed to further replies.