Sean Wright


Personal blog of app security guy, blogging about application security related topics, focused primarily on web based applications.

Sean Wright

Man in The Middle With WiFi Pineapple

14th April 2018

A few months back I bought myself a WiFi Pineapple and had some issues trying to get it setup for a Man in The Middle scenario with a proxy. Initially I looked online and did not really come across anything. Some people simply configure their browser's proxy to point to the WiFi Pineapple, which kind of defeats the purpose of a Man in The Middle demonstration. This post will provide a guide as how to do this, and hopefully save yourselves some time.

DISCLAIMER - these instructions are only meant for educational purposes and should under no circumstances be used to help or carry out illegal activities.

Setup DNS

This section only applies if you are using Dnsmasq to resolve your DNS queries. One thing that I had spent ages trying to get working for this was DNS. For some reason, when a MASQUERADE iptables rule is used, Dnsmasq is not happy and no DNS names resolve. This is obviously an issue for trying to covertly pull off a Man in The Middle attack! To solve this, I had to configure Dnsmasq to instead use preconfigured DNS servers.

  1. Edit the file /etc/resolvconf/resolv.conf.d/head
  2. Add the following contents (the servers below are the new Cloudflare DNS servers, but you can change these to any DNS servers you would like):
nameserver 1.1.1.1
nameserver 1.0.0.1
  1. Update the config:
sudo resolvconf -u
  1. Restart your network manager to allow the new settings to take affect:
sudo service network-manager restart

Setup Wifi Pineapple

The next bit will setup Internet connection sharing with your Wifi Pineapple. Run the wp6.sh script to setup the Internet connection sharing with the Pineapple:
Screenshot-from-2018-04-14-14-29-27
Once you have the Pineapple configured, log into the web admin interface using the address from the script.
Screenshot-from-2018-04-14-14-33-44
The next step is to configure the "rogue" access points:

  1. Navigate to PineAP in the web admin interface.
  2. Click on the Switch button to the right of PineAP Daemon: Disabled.
  3. Ensure the you enter at least 1 SSID into the SSID Pool.
  4. Check the following checkboxes
  • Allow Associations
  • Log PineAP Events
  • Beacon Response
  • Broadcast SSID Pool
  1. Click on the Save button.
  2. Ensure that your "rogue" AP is now available.

Setup BurpSuite

The last bit is to configure BurpSuite. Firstly you will need to redirect traffic on port 80 (HTTP) and port 443 (HTTPS) to go to BurpSuite. To do this add the follow iptable rules:

sudo iptables -t nat -A PREROUTING -p tcp -i <wifi-pineapple-interface> --destination-port 80 -j REDIRECT --to-port 8080
sudo iptables -t nat -A PREROUTING -p tcp -i <wifi-pineapple-interface> --destination-port 443 -j REDIRECT --to-port 8080

will be the Wifi Pinapple's interface and this will be the same as the interface which was set when running the wp6.sh script above.

Next is to open BurpSuite and perform the following:

  1. Navigate to the Proxy tab.
  2. Navigate to the Options sub-tab.
  3. In the Proxy Listeners section, select the current listener and press the Edit button.
  4. In the Bind to address field, select Specific address and then select the address of your Wifi Pineapple (this will be the same IP as the IP used in the URL to access the Wifi Pinable web admin interface).
    Screenshot-from-2018-04-14-14-49-12
  5. Select the Request Handling tab.
  6. Check the checkbox Support invisible proxing.
    Screenshot-from-2018-04-14-14-50-40
  7. Click on the OK button.
  8. Navigate to the Intercept and click on the Intercept is on button.
  9. Navigate to the HTTP history sub-tab.
  10. Use a client (victim) to connect to the "rogue" AP and navigate to a site.
  11. In BurpSuite, ensure that it is now receiving the requests from the victim:
    Screenshot-from-2018-04-14-14-55-11

View Comments