Skip to main content

WiFi Pineapple: It’s Not a Fruit



WiFi Pineapple Review


Credits:
https://fractionalciso.com/wifi-pineapple

Suppose you see a few people in a rented car, parked across a street at a hotel, next to an office.
Does this sound suspicious to you at all? Not at all! Right?
In a real-life version of this story, those people were attempting to perform a cyber-attack on the Organization for the Prevention of Chemical Weapons (OPCW). According to reporting on the incident, Dutch law enforcement foiled their attempts when they discovered their ‘weaponized’ car with long-range high-gain WiFi antennas, battery backup, and power inverter and something that looked to be a WiFi Pineapple kit. 
Such “close access” attacks on WiFi networks are well known in the cybersecurity world, as an established technique for penetrating a target. The news of the Dutch attack validates that the threat is realThe WiFi Pineapple just makes it easy to target WiFi access points, as well as employee’s WiFi-enabled devices.


WiFi Pineapple Terminal

WiFi Pineapple: It’s Not a Fruit

The “WiFi” Pineapple is a pen testing tool, originally created in order to allow IT professionals to test the vulnerability of their networks. They can be used to de-authenticate and spoof a legitimate network, forcing employees to connect to this fake network. Once connected, the attacker can target the local device on the fake network, to exploit it and gain access to its data. This device can be set up as a rogue wireless access point within minutes, ready for attack.

WiFi is Inherently Flawed

A WiFi operation relies on trust, especially in terms of the validity of the source and destination addresses. That is exactly what is leveraged to spoof values and carry out attacks. WiFi obviously presents more challenges than the traditional wired networks, due to the easy accessibility of the signals. The Access Point (AP) generates radio waves traveling through walls and windows, and these waves can be picked up by someone sitting outside in a parking lot!
Any time you connect to a WiFi network from your phone or computer, your device saves that network’s SSID. Remember the auto-connect feature that your phones and laptops have that allows your device to connect to that SSID automatically? It comes at a major cost.
For example, say you connected to the airport WiFi called- ‘Airport WiFi’. After you’ve left the airport, your device will broadcast a signal asking if WiFi access points around the device are ‘Airport WiFi’. Your device does this for any network you’ve connected to in the past.
WiFi Pineapples take advantage of this feature by scanning for all the SSIDs being broadcast by devices in its vicinity. It then rebroadcasts these SSIDs to trick devices into thinking it is an access point that has been connected to in the past. The WiFi Pineapple sees your device asking, “is this network ‘Airport WiFi’?” And then starts broadcasting its own signal that says “Yes, I am ‘Airport WiFi’, connect to me.”

WiFi Pineapple is Not That Difficult

The WiFi Pineapple is available to anyone on Hak5’s website at the price of $99.99. It will be delivered to you within a week’s time and setting up the device takes about fifteen minutes. Downloadable modules and plugins are available for free. Operating this device to launch a basic attack takes minimal formal training or knowledge. To test it out, I tried to launch a basic coffee shop attack. The goal was to capture the login credentials of the victim.

Demonstrating the Basic Coffee Shop Attack

A while ago, obtaining someone’s login credentials was a piece of cake. All that was required was the SSLsplit module. You can find videos on YouTube from 2013-2014, where you can see how easy it was to capture literally any login credentials.
Now, it’s harder, since browsers have adapted HSTS (HTTP Strict Transport Security) to protect websites against downgrade attacks. They also warn users when the site is not secure.


WiFi Pineapple Prevent Warning Mobile
WiFi Pineapple Prevent Warning Laptop

These measures have made attacks like a WiFi Pineapple gambit difficult, but not impossible.
While SSLSplit is pretty much useless now, it is still possible to obtain credentials by first launching a de-authentication attack. This forces the user to go through a captive portal where the attacker will be sitting with their ears on the door.
With two easy steps using two free modules, the attacker can grab your credentials.
1. Deauth- With one click, the WiFi Pineapple can launch a de-authentication attack on clients connected to nearby APs.
Or if you want to kick off all the clients from a particular AP, you can do that too.


WiFi Pineapple De-auth

2. Evilportal- This is a trap that lets users ‘authenticate’ themselves to connect to the WiFi network.
After de-authenticating, the next step is to direct the victim to the login portal. Creating the login portal was easy, as there are several codebases available online, even ones that are specially designed to be ‘evil portals.’
The login portal I created looks like this-


WiFi Pineapple Evilportal Google

Once the victim entered their credentials, I was able to capture it in a log file-


WiFi Pineapple Captured Password

Step 2 can also be done using another module, PortAuth, which is basically a clone of captive portals and acts as a payload distributor for the WiFi Pineapple.
PortAuth allows the users of the WiFi Pineapple to easily spoof captive portals and regular websites, capture credentials and system information, and delivers payloads to targets.
This has just scratched the surface of what’s happening around these sorts of technologies. With more training and deeper knowledge of the modules and attacks, the WiFi Pineapple is capable of so much more. It can generate fake certificates, in case anyone needs an extra touch of authenticity. It can also be used to inject raw frames and capture WPA handshakes.


WiFi Pineapple Fake Certificate Generate
WiFi Pineapple Captured WPA Handshakes

The attacker doesn’t even have to know your SSID! The WiFi Pineapple can collect this information by collecting leaking SSIDs from the potential clients. They are added to the SSID pool and are used to spoof networks and trick devices into connecting to malicious networks.

A WiFi Pineapple Coffee Shop Attack Can Happen to Your Organization

We’ve become alarmingly accustomed to connecting to random wireless access points while we’re out and about. From a security standpoint, that’s a problem.
When the average person at the airport waiting for a flight sees SSID names like ‘Free Airport WiFi’, what are they going to do? Assume it’s an attacker’s honeypot and steer clear of it, or believe it’s free airport WiFi and dive right in? Exactly. Too often, they’re not cautious – with big consequences.
Your company employs a number of employees, including software engineers and others who have a high level of access to the company’s infrastructure. You might also allow BYOD and working from home. It is very much possible that one of these people falls for an attack like this, putting not only their devices, but the whole network at risk.  

How to Defend Against the Malicious WiFi Pineapple

Luckily, there are some simple practices you could follow as an individual to protect yourself from getting pwned by a WiFi Pineapple:
  1. Beware of public WiFi! This goes without saying: only connect to WiFi networks you know and trust. Do not conduct sensitive business, banking or health care-related activities over public WiFi.
  2. Use a VPN. if you absolutely must connect to a public WiFi, USE A VPN! It is your best bet when it comes to surfing the net securely. A VPN will encrypt your data before routing it to its destination, so even if the attacker is able to see that your device is connected to their WiFi Pineapple, since you are using a VPN, they will not be able to see the data that is being routed.
  3. Connect to HTTPS only. Most websites that you visit on a regular basis that have sensitive information on them have switched from HTTP to HTTPS. So, if you type just the website’s domain name, you will be directed to the secure HTTPS site. The bad news is, too may websites do not use HTTPS and can leave you open to a WiFi Pineapple attack. So, the best way to stay safe is to check for HTTPS and use a VPN.
  4. Whenever you are done using public WiFi, make sure that you configure your devices to ‘forget’ that network. This way, since your device won’t constantly broadcast the SSIDs of the networks it has connected to in the past, the WiFi Pineapple won’t spoof the SSID and trick your device into connecting to it. 
    Keep your WiFi functionality turned off when you are not using it, don’t allow your devices to automatically connect to open WiFi networks.
  5. Be vigilant about your network settings and surroundings. You can’t be connected to ‘Airport WiFi’ if you are sitting at home. Be skeptical of network names like ‘Free WiFi’ and network names for common hotel chains and other franchises.
  6. Verify that the SSL certificate for the website is genuine and was issued to the company to which you are connecting.
  7. If you can, just use a wired connection.
If you are the Server Admin or IT Administrator, here are some precautionary measures you could take to prevent your organization from being duped by WiFi Pineapple’s malicious attacks:
  1. Install a Wireless Intrusion Prevention System (WIPS) on your network. It will keep an eye out for Evil Twins and Client Deauths 24/7 and will automatically detect and neutralize WiFi Pineapple attacks for you.
  2. Update your WiFi routers, access points and client devices to patch unknown vulnerabilities.
  3. Use HSTS. This policy forces all server responses to pass through HTTPS connections instead of plain text HTTP. This will ensure that the entire channel is encrypted before data is sent.

Reference:

https://fractionalciso.com/wifi-pineapple/



Comments

Post a Comment

Popular posts from this blog

How to Properly Hack PLDT Wifi: 100% Working in 2019

Pldt Wifi are easy to hack if you know how to properly used the tools available, these tools and apps are need to be download on your smartphones or tablets. PLDT wifi hacker allows you to connect to a PLDT router if you know some tricks, dony worry, it is very simple and easy to follow. How to download this file  New Update for new PLDT WIFI Device: June 29, 2018 Note: 50% change to working on same new device just try if working Example #1  PLDTWIFI52374 x 3 nyo bali 52374 x 3 = 157122 New password is:  PLDTWIFI157122  Example #2  network name: PLDTHOMEDSL57341 57341*3=172023 add mo yun PLDTWIFI password: PLDTWIFI172023  Supported Devices: Note: It's not hacking but it will only view password that has not been change the default password Android Phone ( Exclude Galaxy Young ) NOTE : MANUAL HACKING  If the name of the wifi is PldtMyDSL_XXX or the name of the wifi was included costumer name you may p...
7 comments
Read more

HACK WIFI USING DRAGONBLOOD

DRAGONBLOOD Analysing WPA3's Dragonfly Handshake By  Mathy Vanhoef  (NYUAD) and  Eyal Ronen  (Tel Aviv University & KU Leuven) Currently, all modern Wi-Fi networks use WPA2 to protect transmitted data. However, because WPA2 is more than 14 years old, the Wi-Fi Alliance  recently announced  the new and more secure WPA3 protocol. One of the main advantages of WPA3 is that, thanks to its underlying Dragonfly handshake, it's near impossible to  crack  the password of a network. Unfortunately, we found that even with WPA3, an attacker within range of a victim  can still recover the password of the Wi-Fi network . Concretely, attackers can then read information that WPA3 was assumed to safely encrypt. This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on. The Dragonfly handshake, which forms the core of WPA3, is also used on certain Wi-Fi n...
Post a Comment
Read more

WIBR+ WIFI HACK ANDROID

DOWNLOAD THE APP HERE WIBR+ is an advanced application for testing of security of the WPA/WPA2 PSK WiFi networks. This application is NOT FAKE, it really works and it will discover weak password. WIBR+ supports queueing, custom dictionaries, bruteforce generator and advanced monitoring! WIBR+ supports two types of attack Dictionary attack – WIBR+ tries passwords from predefined list one by one. Please don’t be disappointed if the password will not be found, it simply means that it was not in the dictionary. However, if the key is set to “12345678” or “password” it will be detected. WIBR+ supports importing of your own password lists, so you are not limited by pre-installed dictionaries! You can download dictionaries here . Bruteforce attack – you can select alphabet, length of password and the app will try all combinations of characters in the alphabet. Of course this is complete madness because the number of combinations is growing exponentially with password...
1 comment
Read more