-
Notifications
You must be signed in to change notification settings - Fork 40
mk34quickstartguide
``` wget wifipineapple.com/wp4.sh; chmod +x wp4.sh; ./wp4.sh; firefox http://172.16.42.1:1471 & ```
We've made using the WiFi Pineapple with Linux very simple. By default, the WiFi Pineapple has an IP address of 172.16.42.1, and will assign clients IP addresses in the range of 172.16.42.100-150. Its default gateway is set as 172.16.42.42.
This means the WiFi Pineapple is looking for an Internet connection from the device with the IP address of 172.16.42.42.
A simple quick-connect script is provided at wp3.sh (Mark III) / wp4.sh (Mark IV). Downloading and running the script will walk you through the process of setting up the Ethernet interface and configuring IP Forwarding for Internet connection sharing.
Power the WiFi Pineapple, and directly connect it to the host PC via Ethernet cable. Download and run the quick-connect script. Example:
wget wifipineapple.com/wp3.sh; chmod +x wp3.sh; ./wp3.sh
Answer the questions as prompted and when complete the WiFi Pineapple is ready to use. Now access the WiFi Pineapple Control Center by pointing your web browser to http://172.16.42.1:1471
If you would prefer to setup a connection manually the following commands are provided as an example assuming the WiFi Pineapple is connected to the host via eth0 and the host has an Internet connection via wlan0.
echo '1' > /proc/sys/net/ipv4/ip_forward
iptables -X
iptables -F
iptables -A FORWARD -i wlan0 -o eth0 -s 172.16.42.0/24 -m state –state NEW -j ACCEPT
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE
gateway=netstat -nr | awk 'BEGIN {while ($3!="0.0.0.0") getline; print $2}'
route del default
route add default gw $gateway wlan0
While there is no quick-connect script for Windows 7 currently, it is fairly simple and straight forward to setup.
First we must understand that by default the WiFi Pineapple has an IP address of 172.16.42.1 and like a regular WiFi Router will assign clients IP addresses in the range of 172.16.42.100-150. It also expects its Internet connection from 172.16.42.42.
So if the Windows 7 host's wired Ethernet adapter is configured with a static IP address of 172.16.42.42 and the Internet-facing adapter(for example from another WiFi network or a 3G/4G cellular modem) is configured for Internet Connection Sharing, clients connecting to the WiFi Pineapple will get online through the Windows 7 host's Internet connection.
Begin by powering the WiFi Pineapple and directly connecting an Ethernet cable between it and the host Windows 7 PC. Then click Start, type “view network connections” and press ENTER. Right-click the Internet-facing adapter and click Properties. From the Sharing tab check the box labeled “Allow other network users to connect through this computer's Internet connection”. From the “Home networking connection: drop-down select the wired Ethernet adapter directly connect to the WiFi Pineapple, typically “Local Area Connection”. Click OK, then YES to the warning.
Next Right-Click the Wired adapter directly connected top the WiFi Pineapple and click Properties. Select “Internet Protocol Version 4” and click Properties. Check “Use the following IP address” and select 172.16.42.42 for IP address and 255.255.255.0 for subnet. Leave the default gateway field blank. Next check “Use the following DNS server address” and specify 8.8.8.8 for PReferred DNS server. Click OK then Close.
The WiFi Pineapple-facing and Internet-facing adapters have been configured and Internet Connection Sharing has been enabled. Now open your web browser of choice and navigate to http://172.16.42.1:1471
The WiFi Pineapple is a versatile wireless auditing tool that can be used in various configurations. This document serves as a guide to setting up the WiFi Pineapple in the most common of these – as a simple Man-In-The-Middle access point. The nature of this configuration can be illustrated as follows:
Alright, now Imagine you’re Chuck, a penetration tester at Bob Co., sitting at the Bob Co. cafeteria (where excellent sandwiches are served). Busy office workers are eating, socializing and using the Internet from their laptops, smart phones and tablets. Alice is sitting at the table across from you having a salad and pulling a tablet from her purse. She intends to connect to the Bob Co. wireless network and surf kitten videos on her lunch hour. The tablet, waking up, transmits WiFi Probe Requests looking for preferred networks.
Since Alice has connected to the Bob Co. wireless network from her tablet in the past it remembers the network name (SSID) and looks for it periodically in this fashion. If the Bob Co. network is within range it will receive a Probe Response to its Probe Request.
The Probe Response provides Alice’s tablet with the necessary information it needs to associate with the Bob Co. network. Since this process happens automatically for every network Alice frequently connects to, both on her tablet and laptop, she isn’t inconvenienced by choice when getting online at the office, home, cafes or even airplanes!
Chuck (that’s you!) has a WiFi Pineapple Mark IV in his bag. With Karma enabled the WiFi Pineapple is constantly listening for Probe Requests. When it hears the Probe Request for the Bob Co. network from Alice’s tablet it responds with an appropriately crafted Probe Response. This informs Alice’s tablet that the WiFi Pineapple is in fact the Bob Co. wireless network.
Of course this is a lie that Alice’s tablet will believe. This simple yet effective lie is responsible for the WiFi Pineapple’s code name “Jasager” – German for “The Yes Sayer” or “The Yes Man”. It should be understood that when Alice’s tablet transmitted the Probe Request for the Bob Co. network, both the Karma-enabled WiFi Pineapple and the real Bob Co. network will respond. In this situation Chuck’s WiFi Pineapple will likely win the race condition due to proximity. Moreover if Alice and Chuck are at a cafe miles from the Bob Co. headquarters the same Probe Request can be expected and the WiFi Pineapple will most definitely win.
Once Alice’s tablet receives the Probe Response from Chuck’s WiFi Pineapple, they begin the process of associating, and within moments her tablet has obtained an IP address from the WiFi Pineapple’s DHCP server. The WiFi Pineapple’s DHCP server not only provides Alice’s Tablet with an IP address, but also provides the DNS and routing information necessary to get her online. Depending on the configuration of the WiFi Pineapple, Alice’s tablet will use one of two common default gateways to get online.
If Chuck has the WiFi Pineapple tethered to his Internet-connected Laptop via Ethernet, the default gateway used by Alice’s tablet will be 172.16.42.42 (the IP address of Chuck’s laptop). Chuck can tether the WiFi Pineapple to his laptop via an Ethernet cable simply using the “mk4.sh” script in Linux, or by enabling Internet Connection Sharing in Windows 7. Details on this later in the guide.
If Chuck has the WiFi Pineapple “dialed up” to the Internet via a pre-configured USB mobile broadband modem (a new feature to the Mark IV), the default gateway used by Alice’s tablet will be 172.16.42.1 (the IP address of the pineapple).
Now that Chuck’s Internet enabled WiFi Pineapple has made friends with Alice’s tablet, she is free to browse the web and he is free to eavesdrop and even change the web she sees. Using some of the built-in Man-in-the-Middle tools, Chuck is able to watch what web sites Alice visits (urlsnarf). Since Chuck is particularly mischievous, he prefers to change what servers Alice connects to when looking up a web site (dnsspoof) – thus replacing would be kitten videos with ones of puppies. Oh the horrors!!!
With additional modules run from USB mass-storage (available from WiFiPineapple.com), Chuck is even capable of saving Alice’s browsing session to disk for later analysis (tcpdump), intercept secure communications (sslstrip), or inject malicious code on to websites (ettercap-ng).
Alternatively, if Chuck chooses not to provide Internet access at all, the default gateway will be 172.16.42.1, and the WiFi Pineapple will still be an effective wireless auditing tool. By enabling dnsspoof, Chuck is able to redirect Alice’s browsing session from legitimate websites to the WiFi Pineapple’s built-in web server, which may host a number of phishing sites or malware.
Since Chuck can’t stay at the Bob Co. cafeteria all day (no matter how delicious the sandwiches are), he might consider leaving his WiFi Pineapple on site. The WiFi Pineapple can be concealed in a case with a battery pack (available at HakShop.com), or even hidden in plain sight using the building’s existing power infrastructure. See the WiFi Pineapple forums for inspiration on creative enclosure mods, such as magnetic electrical outlets, uninterpretable power supplies or out-door utility housings.
In this case Chuck is able to remotely manage the WiFi Pineapple a number of ways. If no Internet access is being provided, Chuck must be within range of the WiFi Pineapple’s wireless network in order to connect via the management SSID “pineapple” (configurable). If Internet access is provided, Chuck can configure a persistent SSH tunnel. Configuration and help on setting this up is available from the WiFi Pineapple’s web interface.
With an SSH or VPN tunnel enabled, Internet traffic from the WiFi Pineapple connected client routes through the tunnel endpoint – typically, a Virtual Private Server. From this VPS, Chuck may also extend the Man-in-the-Middle attack with additional tools.