The WiFi Pineapple is a powerful and flexible wireless auditing platform. The project is a combination of continuously evolving hardware, software and modules. It caters to and is supported by a passionate and creative community of penetration testers, systems administrators and wireless enthusiasts.
With each generation, the hardware is designed to take advantage of the best available wireless components of the day. The hardware continues to grow as the user experience is refined and components are updated to respond to the ever changing wireless landscape.
The firmware is engineered alongside the hardware to fully exploit 802.11 protocols. Comprising both the embedded Linux base as well as the web-based user interface, it’s in continuous development with free updates delivered over the air.
To further enhance the platform the firmware is designed with an API which enables add-on modules. Modules extend the functionality by providing additional tools and exploits to take advantage of the platform. They can be downloaded and installed over the air from the web interface. In fact, every WiFi Pineapple component is a module which can be updated from the web interface.
What does it do?
Being a versatile Linux-based wireless auditing platform in development since 2008, it does many things. That said, it is best known for it’s ability to passively gather intelligence, target and track WiFi enabled devices and effectively deploy a rogue access point for man-in-the-middle attacks.
Rogue Access Point?
The WiFi Pineapple can be deployed as an extremely effective rogue access point. This is done by thoroughly mimicking the preferred wireless networks of client devices such as laptops, phones and tablets.
For convenience, modern WiFi enabled devices automatically connect to networks for which they have previously joined. Over the years the ways in which devices connect to these preferred networks has changed, and throughout the WiFi Pineapple has stayed effective at capturing these clients using its custom PineAP suite.
As an example, this means that a targeted laptop which has previously connected to an airport WiFi network may automatically connect to the penetration testers WiFi Pineapple thinking it is the legitimate network in its preferred network list. Once the targeted device joins the WiFi Pineapple network as a client, it poises the auditor in the position as the man-in-the-middle.
Network connections are made up of many nodes. When you browse the web from home, for instance, your traffic goes through many “hops”. From your laptop to your wireless access point, your modem and numerous routers between your ISP and the web server of the site you’re accessing – your traffic in the form of packets is handed off to a variety of equipment down the chain.
Any node between you and the destination can be considered a man-in-the-middle, in a way, but the term itself generally refers to an attack. This is where an untrusted third party is poised in such a way as to eavesdrop on the connection. An attacker setup as a man-in-the-middle can both monitor and manipulate the traffic down the line.
It’s a powerful place to be as a penetration tester. The closer you can get in-line to the target, the more successful your attack may become. With the WiFi Pineapple deployed as a rogue access point targeting the individual of interest in an audit, this poises you, the auditor, as the first hop in the chain.
How can the WiFi Pineapple help my pentest?
With an emphasis on responsible auditing within the scope of engagement, the WiFi Pineapple can be used to passively gather intelligence, as well as actively capture clients in order to monitor and manipulate traffic. Modules such as Evil Portal can be deployed to effectively harvest credentials or inject malware onto targeted devices. When used in conjunction with typical tools of the trade, the WiFi Pineapple can easily integrate into your pentest workflow.
As more organizations embrace Bring Your Own Device (BYOD) policies, endless possibilities emerge for the penetration tester. The focus shifts from breaking into the network to becoming the network.