Wifi Pineapple

The Wifi Pineapple is a wifi auditing device.

• Official Documentation (Hak5)
• Hak5 Download Center – manually download firmware
• Hak5 Cloud C2 Server
• Conduct Mobile Application Testing using WiFi Pineapple

Where to buy

Order the Wifi Pineapple from the Hak5 website.

Setup

See Connecting to the WiFi Pineapple on Windows.

❗ ALWAYS connect Wifi antennas before powering the Wifi Pineapple.

Once you’ve connected to the WiFi Pineapple and it has fully booted, you will be able to access the WiFi Pineapple Stager at http://172.16.42.1:1471.

Accessing the Dashboard

Connected to a PC

Access the dashboard at http://172.16.42.1:1471.

Connected to a power outlet

Find the IP address by scanning the network for port 1471 (replace 10.0.0.1-254 by your Wifi network IP range):

nmap -T4 -v -sT -p 1471 --open 10.0.0.1-254

Access the Wifi Pineapple dashboard at “http://<IP address found>:1471”.

Whitelist clients and SSIDs

• Click on PineAP Suite on the left menu.
• Click on the Filtering tab.
• Client Filter:
  • Click on Allow List.
  • Enter the MAC address of the client device that will be allowed to connect and click Add.
• SSID Filter
  • Click on Allow List.
  • Enter the SSID of the Open AP network, for example “Free Wifi” and click Add.
  • Enter the SSID of the Wifi network that provides the internet access and click Add. If you don’t, the Open AP network will accept connections but will not provide internet access.

Create an open access point (Open AP)

💡 Whitelist clients and SSIDs first.

• Click on PineAP Suite on the left menu.
• Click on the Open AP tab.
• Enter an Open SSID, like “Free Wifi”.
• Click Save.

Creating a campaign

Preparation

MAC address

It is recommended to use the Allow list to whitelist devices that can connect. Find the MAC address of your devices that will connect to the Wifi Pineapple:

• iPad: Open Settings -> General -> About. Scroll down to Wi-Fi Address to see the MAC address.

Create the campaign

• Click on the Campaigns icon in the left menu.
• Under the Manage tab, click on the + sign.
• Click on Begin.
• Enter a name for the campaign.
• Choose a campaign mode.

Reconnaissance – Monitor Only

Passively monitor client device and access point activity within a defined region of the WiFi environment.

• Configure your Monitor campaign:
  • Choose a scan duration (default = 30 seconds).
  • Click on Both for 2.4 GHz and 5 GHz.
  • Click Next.
• Configure Client Filter:
  • Click on Allow List.
  • Enter the MAC address of the devices that will be allowed to connect to the Wifi Pineapple network.
  • Click Add.
  • Click Next.
• Configure SSID Filter:
  • a

Client Device Assessment – Passive

Identify client devices susceptible to basic rogue access points or evil twin attacks. Uses a passive PineAP mode to mimic access points only upon direct request. Depending on filter configuration, client devices may be allowed to associate with the WiFi Pineapple.

Client Device Assessment – Active

Identify client devices susceptible to advanced rogue access points or evil twin attacks. Uses an active PineAP mode to broadcast an SSID pool, mimicking all access points listed. New access points may be dynamically added to the pool. Depending on filter configuration, client devices may be allowed to associate with the WiFi Pineapple.