root@Pineapple:/sd/modules/wps/scripts# ./wps.sh start

Reaver v1.6.3 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner [email protected]

reaver: invalid option -- a

ssh'd and ran wps.sh manually to discover this as output is not appearing in the wps module page logging.

I have 40 AP'S showing up, I have over 40 clients, none of them are associated, which in-turn gives me no handshakes. I am on 2.5.4. There is 0 possibility that none of the clients are associated to at least one AP.

Can you add hcxtools to your repository? @adde88 has a repository with a makefile. Then I could add a module that allows you to intercept PMKID.

I just installed urlsnarf with dependencies on a factory-reset Pineapple Tetra running 2.6.1. When I run urlsnarf from either the GUI or command line, it will start but never shows any log output despite browsing to HTTP websites. Sniffing the same interface with tcpdump does show traffic following through.

Could you please update the version of Responder used by the Pineapple to the under support version at https://github.com/lgandx/Responder.

Specifically this includes the -P option which is far more effective at getting NTLMv2 hashes via WPAD (this is also the version that the Bash Bunny uses).

The dependencies are the same, and I have the lgandx version working fine on the Pineapple Nano

First of all, thank you for maintaining this project!

I'm having an issue where SSLSplit doesn't start when invoked it from the GUI. The "start"-button turns yellow for a bit, and then back to green. We haven't been able to find any feedback about the error on the device or in any running terminals. We're hoping for logs or something better. The question two-fold:

1. Is there any directory on the device (or a terminal window) where we can get some feedback from the SSLSplit-module, when it fails?

2. Does SSLSplit have any requirements for running successfully that we might have missed?

Setup

Pineapple Nano, v2.3.2, running:

• SSLSplit
• Cursed Screech
• DeAuth
• EvilPortal
• HttpProxy
• Papers
• PortalAuth
• ConnectedClients

Dependencies stay stuck at "Installing..." forever

Not sure how to debug yet.

Not sure if it would be better to report individual package issues to OpenWRT or not, but I received an issue recently on my dev repo for OpenVPNConnect claiming some issues installing the dependencies for the module:

InjectionSoftwareandSecurityLLC/OpenVPNConnect#12

When I tried to reproduce this issue on a clean installation of the latest 2.6.1 WiFi Pineapple firmware I came across two interesting finds:

1. I was able to reproduce the issue verbatim, it appears that there is a kernel conflict with the OpenWRT 19.07 firmware's kernel 4.14 and the openvpn-mbedtls package.
2. When installing another module "Papers" it failed as well. Its dependencies were zip and unzip. unzip installed just fine, but zip did not exist.

I imagine this issue is affecting a few modules due to the firmware jump and what appears to be package support falling behind. In the case of OpenVPNConnect and Papers this totally breaks the modules on the 2.6.X pineapple firmware.

A solution in my case might be to bring my own openvpn installation, but that is going to require a significant module upgrade and is likely not a great idea as openvpn is no small application. I imagine for other modules such as Papers, we don't want to "roll" or "bring our own" zip package either.

Not sure what the best solution is here as this doesn't really seem like a fault of the WiFi Pineapple firmware itself, just good old package management lag. The answer might be to "just wait" for OpenWRT/opkg to get our packages out there.

Seeing as this significantly breaks some existing modules, I wanted to throw up an issue somewhere since there wasn't one already.

Would love some suggestions, I definitely don't mind contributing to a solution, just not sure what a good path would be (if anything).

Just a heads up,the following file within DWall does not work with firmware > v2.6.x.
DWall/assets/http_sniffer

I'm not sure exactly where to find the source for this binary, if it's public, or private.
If i had i would have re-compiled it myself and sent a PR. :)

hi
tor module won't start at all
pineapple nano
V = 2.6.2

Hi,

I'm having an issue getting the "capture" function to run on Site Survey. Here's my steps to recreate:

1. Start with fresh out-of-the-box Pineapple.
2. Power up and update firmware.
3. Setup Internet connection sharing.
4. Install Site Survey and it's dependencies to the SD card
5. Put wlan1 in monitor mode
6. Scan for targets.
7. Hit Capture next to my target

At this point I never get a Running processes window. If I look at /tmp/SiteSurvey.log though, it says:

BSSID : xx:xx:xx:xx:xx:xx
Channel : 1
Capture is running...

But, if I hit Deauth I will see aireplay-ng running against the target. And no new entry is written to /tmp/SiteSurvey.log. Seems like maybe a pathing issue or something easy (hopefully). Any ideas?

Thanks,
Brian

when i use opkg install ngrep , it told me this:

Unknown package 'ngrep'.
Collected errors:
 * opkg_install_cmd: Cannot install package ngrep.

I populate all fields with default and switch the target to starbucks.com and get this error. I have tried multiple different targets and it always spits out the same.

Error is called: clone_error_01_59_55.txt
Text:
Traceback (most recent call last): File "/pineapple/modules/PortalAuth/includes/scripts/portalclone.py", line 4, in from PortalCloner import PortalCloner File "/pineapple/modules/PortalAuth/includes/scripts/PortalCloner.py", line 12, in import requests File "/pineapple/modules/PortalAuth/includes/scripts/libs/requests/init.py", line 53, in from .packages.urllib3.contrib import pyopenssl File "/pineapple/modules/PortalAuth/includes/scripts/libs/requests/packages/init.py", line 63, in load_module import(name) File "/pineapple/modules/PortalAuth/includes/scripts/libs/requests/packages/urllib3/init.py", line 10, in from .connectionpool import ( File "/pineapple/modules/PortalAuth/includes/scripts/libs/requests/packages/urllib3/connectionpool.py", line 37, in from .request import RequestMethods File "/pineapple/modules/PortalAuth/includes/scripts/libs/requests/packages/urllib3/request.py", line 6, in from .filepost import encode_multipart_formdata File "/pineapple/modules/PortalAuth/includes/scripts/libs/requests/packages/urllib3/filepost.py", line 10, in writer = codecs.lookup('utf-8')[3] LookupError: unknown encoding: utf-8

There is an issue with "Start Listening" in DWall v1.2 on Pineapple firmware version 2.5.2 when accessed through WAN interface.

The problem is that firewall blocks access on port TCP/9999 which DWall uses to start the scan.

I have run into a handful of issues related to site survey.

1. any scan longer then 30 seconds gets stuck on "collecting results"
2. there are a ton less results compared to built in recon scans
3. sometimes the interface will fail to go into monitor mode

capturing and deauth appear to be working just fine for the networks in the range

1- deauth the user from his original network
2- broadcast an AP from his prob ssid list so it will connect
3- the captive portal page that contains ajax code opens
4-Disconnect him from our ap
5- The cached page (obviously it should be the same IP as the router because of SOP) with ajax will connect to the router page (when it detects internet connection) and will send us the page code and images (base 64 encoded) to our puplic server that can be anything.
6- download the page to our device and add to a note the AP ssid and bssid and the client bssid

Notes maybe make the page show in large text "internet is loading" with a little cute spinning circle so the victim waits

also if router ip isn't the default we will need an additional step something like this js script for scanning local network then after you receive the ip in our server (maybe ngrok with port forwarding) we deauth it again so he reconnects and we update the page ip with the correct one .

The key is timing
What do you think ?

https://forums.hak5.org/topic/43603-onlinehashcrack-fix/

User https://forums.hak5.org/profile/40543-battery_/ suggested using http and not https will successfully submit hashes through the module.

as karma attacks works on saved open networks only and not secured ones so we will need to have the password first to get it work although this seems a bit hard... the number of saved networks Guarantee that there is a one with a weak password... so will need to make the karma attack start two networks of the targeted prob one open and the second secured and the victim will auto connect to the one with the correct configuration with the saved obviously correct password and we save that handshake with the other handshakes captured form the same device to brute force and break the ones with the weak passwords.

I got an error cloning Starbucks as a sample.

Traceback (most recent call last):
  File "/sd/modules/PortalAuth/includes/scripts/portalclone.py", line 4, in <module>
    from PortalCloner import PortalCloner
  File "/sd/modules/PortalAuth/includes/scripts/PortalCloner.py", line 18, in <module>
    import tinycss
ImportError: No module named tinycss

I ssh-ed into the pineapple to see the command executed, it is:

python /sd/modules/PortalAuth/includes/scripts/portalclone.py --portalName Starbucks --portalArchive /sd/portals/ --url https://www.starbucks.com/ --injectSet Harvester 
--injectjs --injectcss --injecthtml

No reason the URL containing mac address information should be seen by anyone sniffing your traffic.

macvendors.co also provides lookups over https which all modules should be using

            $url = "http://macvendors.co/api/" . $mac . "/JSON";

Here's how it should be
1- get the clients from other aps connected to our pineapple using deauth/karma
2- grab their user agent from their connection requests(apps and sevices ) or using a captive portal page to get it faster
3- store their (device name - mac address - useragent - and the network name that they was connected to or their ssids prob requests ) in a db
4- it would be great if we could automatically rank the vunrablite status of the devices from the db..

Thanks .... would do you think of this idea ?

Edit: the objectives check list
1- do a network scan on the target network and save the clients mac and prob requests to a db
2- you got two options

• waiting for the client to connect manually
  Or

• karma attack ( deauth and replicate a probe network ssid )

3- they will land on the captive portal page

• catch the useragent headers and save it

• catch the ip and mac address of that device and save it with the headers

About number unfortunately i can't think of a way to automate it ...
I think we can leave to the user to manually perform it by searching the device model or os version for known vunrablites on the web.

so from the recon page I only see the 2.4 channels.
from cli ... I see 5hz ... where is this is the ui?

from cli I run airodump-ng --band abg wlan1mon and tada all the channels.

CH 54 ][ Elapsed: 24 s ][ 2019-07-17 14:32

BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:2A:10:EB:96:BD -1 0 0 0 5 -1 <length: 0>
00:2A:10:E4:61:FD -1 0 0 0 6 -1 <length: 0>

Reference Issue From my Dev Repo:
InjectionSoftwareandSecurityLLC/OpenVPNConnect#15

It was reported to me that, at least on firmware version 2.7.0 for the Pineapple Nano, this module now crashes when starting the VPN. Reviewing the patch notes and seeing a recent note on openvpn specifically being fixed made me think that they perhaps were just on a broken version of the firmware and needed to upgrade.

I was able to replicate the issue with a clean install on a WiFi Pineapple Nano running version 2.7.0 firmware, and can confirm that even issuing an openvpn command via ssh crashes on the line Incoming Data Channel: when setting up a data channel for the connection.

Just wanted to bring this to someone's attention (if it wasn't well known already) as this likely is breaking any OpenVPN dependent modules. If there's anything I can do to assist let me know!

• 3ndG4me

I updated to last firmware OTA and reinstalled modules on SD a before. SD formatted from scratch
Urlsnarf (1.6) does not install dependencies (...installing... stays forever). Done a full firmware factory reset (updating with special web interface 192.168.x.x) - DWall (1.3) installation ok but doing nothing when selecting "enable". ettercap (1.6) by selecting instal dependecies just go back to "Not installed".
After trying all possible reset i am really lost.

Themes module needs updated CSS for the new GUI
Ex. improperly sized boxes
Certain places where the theme does not change any color that was added post- GUI Update
ETC...

The sslsplit start command fails because the log folder is missing from the package.

Solution: root@Pineapple:~# mkdir /pineapple/modules/SSLsplit/log

Having problems running bully, investigated wps.sh script to find bully could not find any log directory.

root@Pineapple:/sd/modules/wps# ./scripts/wps.sh start
Can't open output file -- /pineapple/modules/wps/log/log_1520307829.log