Blog Toolz

Modules

This section contains information about community modules that can be used on top of the PineAP Attack

Background

The WiFi Pineapple was created with modularity in mind. The WiFi Pineapple supports community-developed modules in addition to the system modules supplied with the WiFi Pineapple, such as Recon, Clients, and PineAP. The WiFi Pineapple API is used by several community-developed modules to expand functionality. This API can be used by anybody to build modules for the WiFi Pineapple.

Modules

Let's take a look at some of the community-made modules in this section!

We'll assume we already got our target to connect to our rogue network beforehand

TcpDump

This module is pretty self-explanatory. It assists us by dumping all network traffic generated by our clients. This module comes in very handy in case when we want to inspect our client's network traffic for some insecure traffic and possibly sniff out some passwords or files that were transferred.

Demo

  • Hit start and we'll be running

  • Once done, hit stop and download the capture for analysis

Analysis

We can simply open the capture up with Wireshark and proceed with our analysis.

DWall

DWall is similar to TCPdump, but it focuses on web! DWall display's Plaintext HTTP URLs, Cookies, POST DATA, and images from browsing clients. This has a similar issue to TCPdump. We will only be able to see insecure traffic!

Demo

  • Hit start listening to start capturing web traffic from clients

  • As the Clients browse insecure sites, their data would be relayed to us on this page (as shown below)

Client View

Wifi 🍍 View

DNSMasq Spoof

This module forges replies to arbitrary DNS queries using DNSMasq.

Demo

  • Hit Start to run the spoofer

  • Add a custom host entry to redirect hosts

I'll be adding a fake entry for example.com. example.com is an actual site that people can access on the web. The real site looks like the following:

Now that we have pointed it to a different IP address containing our "evil portal", let's see what happens to the clients connected to our rogue network.

Live DNS Attack

Here we can see one of the rogue network's clients navigating to example.com but its totally different from what the actual website is. This shows that an attacker/man-in-the-middle is able to easily reply falsely to your DNS queries and this is highly likely to end up as a phishing attack.

Conclusion

Those were some of the ways the community modules could be used in a lab environment!

PreviousPineAPNextAuthentication

Last updated