Skip to content

Commit

Permalink
Initial Commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@ivan-sincek
ivan-sincek committed Apr 6, 2023
0 parents commit 415b5d3
Show file tree
Hide file tree
Showing 27 changed files with 1,384 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# Auto detect text files and perform LF normalization
* text=auto
21 changes: 21 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2019 Ivan Šincek

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
187 changes: 187 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,187 @@
# Evil Twin - Mark VII

Learn how to set up a fake authentication web page on a fake WiFi network.

Read the comments in these two files to get a better understanding on how all of it works:

* [/src/evil-twin/index.php](https://github.com/ivan-sincek/evil-twin/blob/master/src/evil-twin/index.php)
* [/src/evil-twin/MyPortal.php](https://github.com/ivan-sincek/evil-twin/blob/master/src/evil-twin/MyPortal.php)

You can modify and expand this project to your liking. You have everything you need to get started.

You can easily customize [CSS](https://github.com/ivan-sincek/evil-twin/blob/master/src/evil-twin/css/main.css) to make it look more like the company you are testing, e.g. change colors, logo, etc.

You can also use SingleFile ([Chrome](https://chrome.google.com/webstore/detail/singlefile/mpiodijhokgodhhofbcjdecpffjipkle))([FireFox](https://addons.mozilla.org/hr/firefox/addon/single-file)) browser extension to download a web page as a single HTML file, rename the file to `index.php`, and use it in the same template.

Tested on WiFi Pineapple Mark VII Basic with the firmware v2.0.0 and modules Evil Portal v1.5.1 and Cabinet v1.2.1.

Additional set up and testing was done on Windows 10 Enterprise OS (64-bit) and Kali Linux v2022.2 (64-bit).

Made for educational purposes. I hope it will help!

In this project I also want to show you how to install and use WiFi Pineapple's modules through GUI, for more console attacks check my [WiFi penetration testing cheat sheet](https://github.com/ivan-sincek/wifi-penetration-testing-cheat-sheet).

If you have an older device, go to [WiFi Pineapple Nano \(Mark VI\)](https://github.com/ivan-sincek/evil-twin/blob/master/mark_vi).

## Table of Contents

* [How to Set up a WiFi Pineapple](#how-to-set-up-a-wifi-pineapple)
* [Windows OS](#windows-os)
* [Kali Linux](#kali-linux)
* [How to Run](#how-to-run)
* [Spoof All SSIDs](#spoof-all-ssids)
* [Kismet](#kismet)
* [Remote Packet Capture](#remote-packet-capture)
* [Local Packet Capture](#local-packet-capture)
* [Sniff WiFi Network Traffic](#sniff-wifi-network-traffic)
* [Images](#images)

## How to Set Up the WiFi Pineapple

In case you might need it, check [frimware recovery/upgrade](https://downloads.hak5.org/pineapple).

### Windows OS

Follow the instructions below:

1. [Setup Basics](https://docs.hak5.org/wifi-pineapple/setup/setting-up-your-wifi-pineapple)

2. [Windows Setup](https://docs.hak5.org/wifi-pineapple/setup/connecting-to-the-wifi-pineapple-on-windows)

### Kali Linux

Download and run the following script:

```bash
wget https://downloads.hak5.org/api/devices/wifipineapplemk7/tools/wp7.sh/1.0/linux -O wp7.sh && mv wp7.sh /usr/bin/wp7 && chmod +x /usr/bin/wp7 && wp7
```

## How to Run

In WiFi Pineapple's dashboard go to `Modules & Packages -> Modules -> Get Available Modules`, install `Evil Portal` and `Cabinet` modules, and pin them to the sidebar.

Copy all the content from [\\src\\](https://github.com/ivan-sincek/evil-twin/tree/master/src) to WiFi Pineapple's `/root/portals/` directory:

```fundamental
scp -r evil-twin root@172.16.42.1:/root/portals/evil-twin
```

Go to `PineAP Suite -> Open AP`, and set the `Open SSID` to your desired (portal) name.

Go to `PineAP Suite -> Filtering`, and make sure both client and SSID filter lists are set to deny mode.

Connect your WiFi Pineapple to a real working WiFi network in `Settings -> Networking -> Wireless Client Mode` section to tunnel network traffic back and forth from the Internet.

In WiFi Pineapple's dashboard go to `Evil Portal` and activate the portal, then, click on both `Start Web Server` and `Start`.

In WiFi Pineapple's dashboard go to `Cabinet`, navigate to `/root/logs/` directory and click "Edit" on `evil_twin.log` to view the captured credentials.

Download the log file through SSH:

```fundamental
scp root@172.16.42.1:/root/logs/evil_twin.log ./
```

### Spoof All SSIDs

Hide the open access point.

In WiFi Pineapple's dashboard go to `PineAP Suite -> Impersonation` and add desired (portal) names to `Spoofed AP Pool`, then, set your settings as in picture below to spoof all the access points in your range.

<p align="center"><img src="https://github.com/ivan-sincek/evil-twin/blob/master/img/settings.jpg" alt="PineAP Settings"></p>

<p align="center">Figure 1 - PineAP Settings</p>

---

Find out more about PineAP Suite [here](https://docs.hak5.org/wifi-pineapple/ui-overview/pineap).

Find out how to turn up your WiFi Pineapple's signal strength to missassociate clients to the fake WiFi network from my other [project](https://github.com/ivan-sincek/wifi-penetration-testing-cheat-sheet#1-configuration).

Use filtering so you won't go out of your testing scope.

## Kismet

Search for WiFi networks within your range and fetch their MAC address, vendor name, etc.

### Remote Packet Capture

On your Kali Linux, download some missing files, then, run Kismet's server:

```fundamental
wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_httpd.conf -O /etc/kismet/kismet_httpd.conf
wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_manuf.txt.gz -O /etc/kismet/kismet_manuf.txt.gz
kismet
```

Connect to your WiFi Pineapple (remote port forwarding) and install Kismet's remote capturing tool:

```bash
ssh root@172.16.42.1 -R 3501:localhost:3501

opkg update && opkg install kismet-capture-linux-wifi
```

Connect Kismet's remote capturing tool to Kismet's server:

```fundamental
airmon-ng start wlan0
kismet_cap_linux_wifi --tcp --connect localhost:3501 --source wlan0mon
```

On your Kali Linux, navigate to Kismet's dashboard (`http://localhost:2501`) with your preferred web browser.

### Local Packet Capture

Connect to your WiFi Pineapple, then, install, download missing files, and run Kismet's server:

```bash
ssh root@172.16.42.1

opkg update && opkg install kismet

wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_httpd.conf -O /etc/kismet/kismet_httpd.conf

wget https://raw.githubusercontent.com/kismetwireless/kismet/master/conf/kismet_manuf.txt.gz -O /etc/kismet/kismet_manuf.txt.gz

airmon-ng start wlan0

kismet -c wlan0mon
```

On your Kali Linux, navigate to Kismet's dashboard (`http://172.16.42.1:2501`) with your preferred web browser.

## Sniff WiFi Network Traffic

Once you get an access to a WiFi network, start capturing network packets.

In WiFi Pineapple's dashboard go to `Modules -> Manage -> Get Available Modules`, install `TCPDump` module, and pin it to the sidebar.

In WiFi Pineapple's dashboard go to `TCPDump` and start capturing packets.

You can download the PCAP file by clicking on the cloud icon.

You can also pipe `tcpdump` from WiFi Pineapple directly to Wireshark

```bash
ssh root@172.16.42.1 tcpdump -U -i wlan0mon -w - | wireshark -k -i -
```

On Windows OS you might need to specify a full path to the executable.

## Images

<p align="center"><img src="https://github.com/ivan-sincek/evil-twin/blob/master/img/landing_page_pc.jpg" alt="Landing Page (PC)"></p>

<p align="center">Figure 2 - Landing Page (PC)</p>

<p align="center"><img src="https://github.com/ivan-sincek/evil-twin/blob/master/img/landing_page_mobile.jpg" alt="Landing Page (Mobile)"></p>

<p align="center">Figure 3 - Landing Page (Mobile)</p>

<p align="center"><img src="https://github.com/ivan-sincek/evil-twin/blob/master/img/log.jpg" alt="Log"></p>

<p align="center">Figure 4 - Log</p>
Binary file added img/landing_page_mobile.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added img/landing_page_pc.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added img/log.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added img/settings.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 415b5d3

Please sign in to comment.