This section contains information on PineAP and how it can be used


PineAP is a powerful, modular rogue access point suite that helps WiFi auditors collect clients by imitating Preferred Networks. Leveraging PineAP, we are able to see what SSIDs devices are trying to look for. Using that information and PineAP's features, we are able to advertise ourselves as that SSID which the device is looking for.


Let's say you were authenticated to your home network named 4pfHome . Your phone will then try to look for that same SSID when you're outside and have your WIFI on. PineAP will then see this and advertise itself as 4pfHome to your device. If connected, you will be one of Wifi 🍍's many clients, and that's not good. Let's take a look at how it's done!

Live Attack

Prior to launching the attack, the PineAP first has to be set up to listen.

PineAP Setup

Enabling the following options to be able to capture and rebroadcast SSIDs

Broadcast Attack

After letting PineAP do its thing for a while, we are able to see a couple of SSIDs in the SSID Pool .

Now on my devices, I would be able to see these SSIDs being broadcasted and unprotected. (as shown below)

Now once our "target" connects to our network, we own it :) (kind of)

Client Connect back


We can see that both the devices are connected to the Wifi 🍍 but they are connected under 2 different SSIDs. My laptop thinks it is connected to AndroidAP68A2 and my phone thinks it is connected to Linksys12765_5GHz .

The connected devices won't realize a thing as the Wifi 🍍 is connected to the internet and acts how any other router would.

Now that we have both devices connected to our bogus network, we can use Modules (which will be covered in the next section) to perform various attacks.

This is how we can make use of PineAP to trick users to connect to us.

From my testing, I wasn't able to get the devices to connect to the endpoints automatically. Thus, this attack still depends on the user to make the final decision to connect.

Last updated