Preconfigured wifi man-in-the-middle attack-box with rickrolling built in: $90.The WiFi Pineapple is a hot-spot honey-pot Most wireless devices including laptops, tablets and smartphones have network software that automatically connects to access points they remember. This convenient feature is what gets you online without effort when you turn on your computer at home, the office, coffee shops or airports you frequent.
Simply put, when your computer turns on, the wireless radio sends out probe requests. These requests say "Is such-and-such wireless network around?" The WiFi Pineapple Mark IV, powered by Jasager -- German for "The Yes Man" -- replies to these requests to say "Sure, I'm such-and-such wireless access point -- let's get you online!"
And with the newly improved Pineapple Mark IV web interface, gathering interesting packets, spoofing DNS, watching web traffic and more is just a click away.
Oh, hey, thanks. I need such a device at present, ordered. (Not necessarily the RickRolling part, that's just a bonus.)
And yet getting anyone to implement DNSSEC or (heaven forbid) end-to-end encryption on anything other than slapping SSL onto a major website is like pulling teeth uphill. Rantyrant.
Three months ago while setting up client certificate authentication for my VPN with my own CA, I thought I was being paranoid. One month ago I learned that my cellular operator intercepts and filters traffic. Judging from insider data, I have a reason to think they have a fake intermediate CA MITM setup waiting to be deployed.
Paranoid? I was careless to wait for such a long time.
A bunch of Cisco firewalls seem to do SSL protocol downgrade attacks in their default configuration (they're trying to force unencrypted connections so they can scan for malware, IIRC). A lot of these attack scenarios are less theoretical or obscure than I used to think they were.
At least an intermediate CA MITM setup is easy to mitigate once it's been discovered--- you can just delist whatever root CA issued the untrustworthy certificate.
The key part is "once it's been discovered". My main browser is (still) Chrome, and there's nothing like Certificate Patrol for it.
We used to use a WebMarshall proxy server at work, that had a SSL MITM attack built in, although I never activated it.
(in the end it was 'broken' so often we've given up on web blocking people)
So let's say you have a home network that uses WPA2-PSK... Can I assume that the 'PSK' part means that a pineapple wouldn't be able to build the other half of the handshake because it doesn't know the password? Or can it just play yes-man to the client's connection offer?
The pineapple is an alternate WiFi network. It does MITM by being a non-encrypted router that broadcasts common public SSIDs, so that your computer (most of them anyway) thinks "Auto-join!" Public networks are often without encryption, and since the SSIDs being spoofed are stored as insecure networks in the client profiles, there's no reason for the client computer to request a password prompt at all. The original home network is bypassed and idle.
Sometimes the client chooses to connect at random when faced with multiple choices. (Or follow a priority list that is rarely edited) But there are plenty of situations where the pineapple router can attract many unwitting clients. Just a few are enough for some hackers.
In other words, indeed it's just a "yes-man" to any client computer that has this badly insecure feature.
I enjoyed your musical selection.
Hello pal, how can i buy one?