66% or better

Wifi Pineapple project uses updated hardware for man-in-the-middle attacks

updated-wifi-pineapple

We’ve seen this small, cheap, and powerful WiFi router before. But this time it’s up to no good. [Andy] used a TP-Link WR703N to build an upgraded WiFi Pineapple hacking tool.

A WiFi Pineapple is a device spawned years ago by the Hak5 team (here’s a clip showing off the device). It uses a WiFi router that will answer to any SSID request. Basically if your computer or smart phone has an AP SSID saved and broadcasts a request to connect the pineapple will pretend to be that device and start the handshake. This provides the chance to sniff all the data passing through in a classic man-in-the-middle attack.

[Andy] is recreating the device but at a rock bottom price. He picked up this router for about $20 and added an $8 USB drive to it. The only other thing you would need is a power source and a way to hide the hardware. The code used in the Hak5 version is available for download and that’s what he worked on after flashing OpenWrt to the device.

[Thanks Midnite]

Comments

  1. Ricksl says:

    Inb4 not a hack. On a different note pretty impressive, would be neat if he made his own image for it.

  2. Erin says:

    Huh. I think I’m vulnerable to that attack on my phone–if I’m not paying attention, I might assume it’s connecting to the internet via 3G. I guess somebody might get me if they left one outside the window at my house, too, but not as reliably.

    Any suggestions on not being fooled?

  3. Doktor Jeep says:

    Why you should never do anything sensitive on a public Wi Fi

    • Erik Johnson says:

      That’s not quite the issue in TFA. This would hijack your home AP, too, if your device sees it as the nearest router. However it don’t see how it would work unless they know the(your) AP’s key, lest your device prompts for a new password because it cant auth with the Pineapple…

      • barry99705 says:

        It can’t hijack your home ap unless it’s an open access point.

        • Erik Johnson says:

          If this relies on open AP then there is no reason for it to exist, as any promiscuous WiFi adaptor is cabale of capturing all traffic. As a standalone AP, it surely can hijack your encrypted (home) AP so long as it is configure with the same encryption mechanisms and key, and the client devices aren’t tied to the MAC of the real AP they could connect to this if they see it as a closer/stronger signal.

          • barry99705 says:

            Sure, but you can do so much more when you’re the man in the middle. This isn’t just about sniffing traffic. It’s about being the internet to the client. With ssl strip you can see what’s supposed to be encrypted. Throw up a couple fake web pages and you can change the news. You can even use it to inject malicious java apps to give yourself a backdoor into the computers connecting.

            Unless you already know the encrypted network password, it can’t spoof that network. Even Windows won’t connect to a network with the same name that should be encrypted that suddenly isn’t. If you already know the password, then you’re right, you don’t need the pineapple.

          • Blue Footed Booby says:

            @Erik Johnson
            You said it yourself: “AP so long as it is configure with the same encryption mechanisms and key”

            “and key”

            If they have your key you’re already hosed. That’s kind of the whole fucking point of the key.

        • trndr says:

          Please correct me if I’m wrong, but AFIK there is nothing stopping a person doing half of the 4-way handshake, get the clients PTK and sending it of to a server rack to crack and then complete the handshake.
          Which means in addition to having an encrypted network you also need a good password.

  4. geekmaster says:

    I bought 3 of these last time this was on hackaday:
    http://hackaday.com/2012/01/12/cheap-wifi-bridge-for-pen-testing-or-otherwise/

  5. Corrosive says:

    To reinforce what others have said if the wireless profiles in your device are all secured with at least wep (note: don’t use wep) then the pineapple is null/void. It cannot start a handshake with any wireless device that uses a keyphrase.

    I should also note that while hak5 did have something to do with the pineapple it was 99% about pimping it all over town and making it look “pretty” the real work was done by others and its really just stolen software like karma developed by other open source groups.

  6. RicoElectrico says:

    I would use this little guy with a GPS and Kismet installed for wardriving, but couldn’t find this particular version in Poland, neither in the stores, nor at the auction sites. Only the very crippled (memory-wise) TL-WR702N is available :(

  7. hfpierre says:

    Speaking of which, where do you North American get your WR703N?

  8. Madox says:

    https://forum.openwrt.org/viewtopic.php?id=43757

    TL-MR10U , similar to the TL-WR703N but with internal 2600mAh battery!

  9. Mickcy says:

    Now I have a security reason for turning off my WiFi on my phone outside of home. Used to be for saving battery.

  10. Fapjuice says:

    Seriously not as good as the actual pineapple itself… Check the hak5 forums and see why…

  11. Reblogged this on Julio Della Flora.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s