Awesome
Evil Twin - Mark VII
Learn how to set up a fake authentication web page on a fake WiFi network.
Read the comments in these two files to get a better understanding on how all of it works:
You can modify and expand this project to your liking. You have everything you need to get started.
You can easily customize CSS to make it look more like the company you are testing, e.g. change colors, logo, etc.
You can also use SingleFile (Chrome)(FireFox) browser extension to download a web page as a single HTML file, rename the file to index.php
, and use it in the same template.
Tested on WiFi Pineapple Mark VII Basic with the firmware v2.0.0 and modules Evil Portal v1.5.1 and Cabinet v1.2.1.
Additional set up and testing was done on Windows 10 Enterprise OS (64-bit) and Kali Linux v2022.2 (64-bit).
Made for educational purposes. I hope it will help!
In this project I also want to show you how to install and use WiFi Pineapple's modules through GUI, for more console attacks check my WiFi penetration testing cheat sheet.
If you have an older device, go to WiFi Pineapple Nano (Mark VI).
Table of Contents
How to Set Up the WiFi Pineapple
In case you might need it, check frimware recovery/upgrade.
Windows OS
Follow the instructions below:
Kali Linux
Download and run the following script:
wget https://downloads.hak5.org/api/devices/wifipineapplemk7/tools/wp7.sh/1.0/linux -O wp7.sh && mv wp7.sh /usr/bin/wp7 && chmod +x /usr/bin/wp7 && wp7
How to Run
In WiFi Pineapple's dashboard go to Modules & Packages -> Modules -> Get Available Modules
, install Evil Portal
and Cabinet
modules, and pin them to the sidebar.
Copy all the content from \src\ to WiFi Pineapple's /root/portals/
directory:
scp -r evil-twin root@172.16.42.1:/root/portals/evil-twin
Go to PineAP Suite -> Open AP
, and set the Open SSID
to your desired (portal) name.
Go to PineAP Suite -> Filtering
, and make sure both client and SSID filter lists are set to deny mode.
Connect your WiFi Pineapple to a real working WiFi network in Settings -> Networking -> Wireless Client Mode
section to tunnel network traffic back and forth from the Internet.
In WiFi Pineapple's dashboard go to Evil Portal
and activate the portal, then, click on both Start Web Server
and Start
.
In WiFi Pineapple's dashboard go to Cabinet
, navigate to /root/logs/
directory and click "Edit" on evil_twin.log
to view the captured credentials.
Download the log file through SSH:
scp root@172.16.42.1:/root/logs/evil_twin.log ./
Spoof All SSIDs
Hide the open access point.
In WiFi Pineapple's dashboard go to PineAP Suite -> Impersonation
and add desired (portal) names to Spoofed AP Pool
, then, set your settings as in picture below to spoof all the access points in your range.
Find out more about PineAP Suite here.
Find out how to turn up your WiFi Pineapple's signal strength to missassociate clients to the fake WiFi network from my other project.
Use filtering so you won't go out of your testing scope.
Kismet
Search for WiFi networks within your range and fetch their MAC address, vendor name, etc.
Remote Packet Capture
On your Kali Linux, download some missing files, then, run Kismet's server:
wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_httpd.conf -O /etc/kismet/kismet_httpd.conf
wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_manuf.txt.gz -O /etc/kismet/kismet_manuf.txt.gz
kismet
Connect to your WiFi Pineapple (remote port forwarding) and install Kismet's remote capturing tool:
ssh root@172.16.42.1 -R 3501:localhost:3501
opkg update && opkg install kismet-capture-linux-wifi
Connect Kismet's remote capturing tool to Kismet's server:
airmon-ng start wlan0
kismet_cap_linux_wifi --tcp --connect localhost:3501 --source wlan0mon
On your Kali Linux, navigate to Kismet's dashboard (http://localhost:2501
) with your preferred web browser.
Local Packet Capture
Connect to your WiFi Pineapple, then, install, download missing files, and run Kismet's server:
ssh root@172.16.42.1
opkg update && opkg install kismet
wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_httpd.conf -O /etc/kismet/kismet_httpd.conf
wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_manuf.txt.gz -O /etc/kismet/kismet_manuf.txt.gz
airmon-ng start wlan0
kismet -c wlan0mon
On your Kali Linux, navigate to Kismet's dashboard (http://172.16.42.1:2501
) with your preferred web browser.
Sniff WiFi Network Traffic
Once you get an access to a WiFi network, start capturing network packets.
In WiFi Pineapple's dashboard go to Modules -> Manage -> Get Available Modules
, install TCPDump
module, and pin it to the sidebar.
In WiFi Pineapple's dashboard go to TCPDump
and start capturing packets.
You can download the PCAP file by clicking on the cloud icon.
You can also pipe tcpdump
from WiFi Pineapple directly to Wireshark
ssh root@172.16.42.1 tcpdump -U -i wlan0mon -w - | wireshark -k -i -
On Windows OS you might need to specify a full path to the executable.