Evil Twin - Mark VII

Learn how to set up a fake authentication web page on a fake WiFi network.

Read the comments in these two files to get a better understanding on how all of it works:

• /src/evil-twin/index.php
• /src/evil-twin/MyPortal.php

You can modify and expand this project to your liking. You have everything you need to get you started.

You can easily customize CSS to make it look more like the company you are testing, e.g. change colors, logo, etc.

Tested on WiFi Pineapple Mark VII Basic with firmware v1.0.2 and modules Evil Portal v1.1 and Cabinet v1.0.

Additional set up and testing was done on Windows 10 Enterprise OS (64-bit) and Kali Linux v2020.3 (64-bit).

Made for educational purposes. I hope it will help!

In this project I also want to show you how to install and use WiFi Pineapple's modules through GUI, for more console attacks check my WiFi penetration testing cheat sheet.

If you have an older device, check the WiFi Pineapple Nano (Mark VI).

Table of Contents

• How to Set up a WiFi Pineapple
  • Windows OS
  • Kali Linux
• How to Run
• Kismet
  • Remote Packet Capture
  • Local Packet Capture
• Sniff WiFi Network Traffic
• Images

How to Set up a WiFi Pineapple

Windows OS

Follow the instructions below:

1. Setup Basics

2. Windows Setup

Kali Linux

Download and run the following script:

wget https://downloads.hak5.org/wp7.sh && mv wp7.sh /usr/bin/wp7 && chmod +x /usr/bin/wp7 && wp7

How to Run

In the WiFi Pineapple's dashboard go to Modules -> Manage -> Get Available Modules, install Evil Portal and Cabinet modules, and pin them to the sidebar.

Copy all the content from \src\ to the WiFi Pineapple's /root/portals/ directory:

scp -r evil-twin [email protected]:/root/portals/

In the WiFi Pineapple's dashboard go to PineAP Suite and add the desired names to the SSID pool, then, set your settings as in picture below.

Figure 1 - PineAP Settings

[Optional] Hide the open access point.

Connect your WiFi Pineapple to a real working WiFi network in the Settings -> Networking -> WiFi Client Mode section to tunnel network traffic back and forth from the Internet.

In the WiFi Pineapple's dashboard go to Evil Portal and activate the Evil-Twin portal, then, click on both Start Web Server and Start.

In the WiFi Pineapple's dashboard go to Cabinet, navigate to /root/logs/ directory and click "Edit" on the evil_twin.log to view the captured credentials.

Download the log file through SSH:

scp [email protected]:/root/logs/evil_twin.log ./

Use the SingleFile (Chrome)(FireFox) browser extension to download a web page as a single HTML file, then, rename the file to index.php.

Find out more about the PineAP Suite.

Find out how to turn up your WiFi Pineapple's signal strength to missassociate clients to the fake WiFi network from my other project.

Use filtering so you won't go out of your testing scope.

Kismet

Search for WiFi networks within your range and fetch their MAC address, vendor's name, etc.

Remote Packet Capture

On your Kali Linux, download some missing files, then, run the Kismet's server:

wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_httpd.conf -O /etc/kismet/kismet_httpd.conf

wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_manuf.txt.gz -O /etc/kismet/kismet_manuf.txt.gz

kismet

Connect to your WiFi Pineapple (remote port forwarding) and install the Kismet's remote capturing tool:

ssh [email protected] -R 3501:localhost:3501

opkg update && opkg install kismet-capture-linux-wifi

Connect the Kismet's remote capturing tool to the Kismet's server:

airmon-ng start wlan0

kismet_cap_linux_wifi --tcp --connect localhost:3501 --source wlan0mon

On your Kali Linux, navigate to the Kismet's dashboard (http://localhost:2501) with your preferred web browser.

Local Packet Capture

Connect to your WiFi Pineapple, then, install, download some missing files, and run the Kismet's server:

ssh [email protected]

opkg update && opkg install kismet

wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_httpd.conf -O /etc/kismet/kismet_httpd.conf

wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_manuf.txt.gz -O /etc/kismet/kismet_manuf.txt.gz

airmon-ng start wlan0

kismet -c wlan0mon

On your Kali Linux, navigate to the Kismet's dashboard (http://172.16.42.1:2501) with your preferred web browser.

Sniff WiFi Network Traffic

Once you get an access to a WiFi network, start capturing network packets.

In the WiFi Pineapple's dashboard go to Modules -> Manage -> Get Available Modules, install TCPDump module, and pin it to the sidebar.

In the WiFi Pineapple's dashboard go to TCPDump and start capturing packets.

You can download the PCAP file by clicking on the cloud icon.

You can also pipe the tcpdump directly into the Wireshark:

ssh [email protected] tcpdump -U -i wlan0mon -w - | wireshark -k -i -

On Windows OS you might need to specify a full path to the Wireshark executable.

Images

Figure 2 - Landing Page (PC)

Figure 3 - Landing Page (Mobile)

Figure 4 - Log