• Home

it is a group project, my group did send me their papers. In each tool they discussed I needed to come with an abstract, intro and conclusion. this is my part

Wifi pineapple is a penetration testing tool that was developed by Hak5. Hak5 is involved in the information security industry through podcasts and have developed a number of penetration testing gear that often times combines open source software with small form factor hardware. The wifi pineapple was initially released in 2008 and is now on its 6th generation platform. The wifi pineapple is scoped for wifi penetration testing scenarios and includes various capabilities such as, reconnaissance, rogue access point deployment, and wifi enterprise attacks.

As part of the reconnaissance phase of wifi penetration testing the wifi pineapple can be configured to scan the area around. It comes with antennas, but users have the option for purchasing larger antennas for larger range. When running a scan, wifi pineapple returns with the following results:

a. SSIDs – identifies the broadcasted SSIDs and also hidden SSIDs. WIfi Pineapple is not only able to identify the SSIDs of Aps around it, but also identifying devices that are connected to them.

b. MAC Address – identifies unique hardware addresses specific to the device and enables hardware identification. MAC addresses can be changed and Wifi Pineapple has the ability to identify if a MAC address it receives has been randomized by the AP for additional security.

c. Security Protocol – identifies the type of security protocol the device is using to connect to the access point, which is typically WEP or WPA. Identifying that use a weaker encryption are more likely to be attacked.

d. Wifi Protected Setup (WPS) Status – Determines if the access point is using WPS settings

e. Channel – Identifies the channel that is being broadcasted by the Aps

f. Signal – determines the strength of the AP to help determine it’s location. A good signal strength determines if a access point is close or far from the Wifi Pineapple.

The key to the information gathering phase is to identify the access points around the wifi and their associated clients. Wifi pineapple allows the information to identify the intended target user. Isolating the desired target is

Upon gathering the information, the tool can use the information gathered to perform man in the middle attacks by spoofing a legitimate network. This is enabled by creating a rogue access point that the target device connects to. The rogue access point feature of wif pineapple allows for the target device to be deauthenticated form it’s current wifi AP connection and intercepts it’s the device’s attempt to reconnection. By being closer to the attacker then it’s intended AP, the target device authenticates to wifi pineapple first.

Once the target connects to the wifi pineapple AP is now positioned to enterprise attacks. The wifi pineapple is able to monitor the target machine’s access to the internet and potentially gather more information, such as acting as a proxy for when the target user access a website.

However, wifi pineapple is not perfect. Wifi Pineapple cannot fully use the trusted SSL communication that is typically from a user to a server, in this case, a user attempting to use a use a secure communication to a website will prompt the browser to show a warning for unverified certificates are being used. Attempting and keeping devices connected to the rogue access point is possible, but an educated use would easily identify that their device is not acting normal and is likely to disconnect the session. The dauth and man in the middle is attack is dependent on physical distance. The wifi pineapple has to be closer to the target user than to the legitimate access point. In a public setting, setting up with a laptop and an obvious device with an antenna is easy to spot.

The strengths of this tool is the information gathered from its reconnaissance scan and the tool’s ability to specifically target and deauthenticate intended users to force them to reconnect to reauthenticate. Deauthenticate attack on systems that are not within scope of a pen test is illegal and with wifi pineapple’s filtering and targeted methods, it will allow the penetration testers to stay out of jail.