Forum Thread: Do a MITM-Attack on a Public Wifi Using a Pineapple

Hello my ambitious hackers,

In this short tutorial I want to show you how you can spy on data traffic (also called a Man-in-the-Middle attack) on a public Wifi using a Pineapple Mark or Nano (you didn´t really think that I mean the pineapple fruit;)?

The Man-in-the-Middle attack:

https://en.wikipedia.org/wiki/Man-in-the-middle_attack

So, first of all you need to buy one. You can do a Man-in-the-Middle attack without one, but i´ll show you this in an other tutorial. In case you can do a lot more with the Pineapple, but these things are coming later. I know, you can spy the traffic with Wireshark or else, but as I said: The Pineapple can do a lot more.

I just want to say: If you know how to use a Wifi Pineapple, then it´s a really, really powerful tool!

You can buy one here:

https://hakshop.com/products/wifi-pineapple

Step 1: Configure the Wifi Pineapple on Windows, Linux and Android

Follow these instructions:

https://www.wifipineapple.com/pages/setup

Be sure that you download the correct firmware for the Wifi-Nano, the Wifi-Tetra or the Wifi-Mk4/5.

Step 2: (Optional) Download Modules

For a successful attack you dont need to install modules.

But if the traffic is encoded with HTTPS or SSL, you can download and install this:

Click on "Modules" on the site bar > Manage Modules > Get Modules from WIFIPINEAPPLE.com

Install SSLsplit. It shows you the decoded TCP and SSL traffic if your Pineapple can´t decode it into HTTP.

You want to have an account with the password?

Download Site Survey. With this module you can make a fake login-site to get email-addresses, other logins and passwords!

Step 3: Find a Public Wifi and Setup the Pineapple

So, now you are equipped with the most useful stuff.

Go to a public Wifi, sit down (best on a wall), start your laptop and connect with your Wifi Pinapple.

Click on "Recon" on the site bar and scan for SSID´s

If you found one, click on it and click on "Add SSID".

Now wait for some people to connect to the Wifi ( or now to your Pineapple). What you are doing now, you are redirecting the Network traffic to your Pineapple.

Step 4: Finished!

Now you can spy on anyone in this network!

You can send a report on the time you want and you can choose how (on Email, SSD, etc.)

I hope you liked my first tutorial on Null-Byte. I am really sorry if my English isn´t that good. When I did something wrong or you want to update this post, just write a comment!

4 Responses

Thanks for writing this!

Does the pineapple create its own wifi? And if someone connects to it, will this person be able to access the internet? I'm not interfering with the original public wifi am I?

Sorry I'm very new to this :p

Yes, if you just do a mitm attack the person will have internet access. You then can capture unencrypted data.

The Wifi Pineapple is an amazing and truly powerful pentesting tool...but it's just so expensive :( Due to the cheapskate in me, I tried to find cheaper alternatives to the Pineapple, and it led me to Kali Linux and researching about wifi dongles that support monitor mode/packet injection.

Share Your Thoughts

  • Hot
  • Active