What is the WiFi Pineapple? (for those that don’t know).
If you are looking for the ‘Ananas Comosus’, i.e. the tropical plant with edible coalesced berries you’ve come to the wrong place. If you have come to read more about the WiFi Pineapple Hacking Tool then stay exactly where you are and read on!
The WiFi Pineapple is a Master of All Trades: it’s a WiFi Hotspot, Honeypot, Man In The Middle tool and basically an all round pentest pivot box that has many other functions. The Pineapple is a small box that you can deploy anywhere, manage anywhere, and can be used to significant use in any penetration testing environment. The team behind the Pineapple (and they have other equally cool tools) are motivated by producing affordable, easy to use pentesting hardware, and for that no one can say a negative word. We have yet to get our hands on one but hope to be doing so very shortly, hence why we would really like your comments below if you have tried or own a Pineapple. The Pineapple has been in production for the last five years, hence the Roman five in ‘Mark V’.
The previous version had a completely new user modular interface which helped getting the community involved in its’ development. The Mark IV also had a USB port which allowed for a second WiFi interface and more storage for logging and installing extra programs. Programs and tools to include SSL, deauth attacks, beacon attacks, MITM injection tools, TCP dump and more!
To paraphrase a speech Darren and co-core developer Sebastian Kinne gave at the launch demo, ‘there is nothing out there that serves this really unique need for the hacker and the pentester’ – and judging by the popularity of the Pineapple, the team have done a great job!
Storage and making it ‘simple to use’ seem to have been two of the major drivers for the development of the Pineapple. All told, this looks, and is, an awesome product with a vibrant community behind the development.
CreepyDOL
One of the reasons we wanted to publish a post on the Pineapple was the inspiration of an excellent (and totally fascinating) Hacker Hotshot presentation we had with Brendan O’Connor: a geek of many trades who also manages his own consultancy all whilst studying for a law degree! Brendan developed a product that in some ways is very similar to the Pineapple but in our opinion, is different in that it has a more stealthy approach. Brendan’s hardware and research has illustrated – in a crystal clear fashion – just how much data our mobile devices are leaking.
CreepyDOL, ‘DOL’ is actually an abbreviation for ‘Digital Object Locator, is defined as being ‘a distributed tracking system that uses low-cost hardware sensors, a robust communications system, and simple observation to give near-real-time identification of humans and tracking capabilities to anyone.’ When we asked Brendan whom he’d like to see use this device his answer was interesting to say this least! More on that here.
CreepyDOL was the subject of presentations at Blackhat and DEFCON conferences in Las Vegas 2013.
Similar to the Pineapple, the CreepyDOL, is very affordable costing approximately $57 to build. Consisting of a Raspberry-Pi, two USB WiFi chips (for monitor and master mode) and for injection. Power is provided by USB and there is also room for an SD card which serves as non-volatile storage. http://adfoc.us/17817034573377
The Pwn Plug R2
For design looks this gets first prize, and really does look exactly like a router. Incidentally, we also interviewed Jonthan Cran from Pwnie Express last year. The ‘Pwn Plug R2′, is a device disguised as a Wi-Fi router that can monitor and log data in transit.
In Summary
Both these projects are awesome. The Pineapple should be part of every hackers and pentesters arsenal (and tool kit!) whilst the CreepyDOL exemplifies to vendor manufacturers, CISO’s and developers – just how much data is being leaked.
What are your thoughts? Do you have a Pineapple, or indeed any hardware which helps you with your job, or that you use for fun? We’d love to hear from you!
No comments:
Post a Comment