Evil Portal with Wifi Pineapple Nano

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

Summary

This documentation will show how easy it is to setup an evil portal, a fake website to receive credentials, with the Wifi Pineapple Nano. This is only for educational purposes and is illegal when used without permission.

Requirements

  • Wifi Pineapple Nano and included equipment
  • SD Card 8gb or above

The setup was tested on Kali Linux.

In order to complete these steps, you must have followed [[1]] for preparation.

Description

Step 1

In order to use the SD Card the right way, it must formated previously. This is done on "Advanced" -> "USB & Storage" drop down arrow in the right corner -> "Format SD" This will take couple of minutes. When it's done you can go to the next step.

Step 2

Go the "Modules" section, click "Manage Modules" then on "Get Modules from Hak5 Community Repositories" and look for the "Evil Portal" option. Click "Download" and enter the "Download to SD Card" option.

Now there will be the "Evil Portal" option listed in the Modules section.

To check if everthing works fine so far:

  • Enter a name for the test portal
  • Click "Create New Portal"
  • Activate new portal
  • Captive Portal Start
  • Start On Boot enable
  • Reload the page to prevent errors
  • Enter 172.16.42.1

The result will look similar to this:


Pineapple Evil Portal Test Portal.png

Step 3

Next, the pages with the realistic visuals must be downloaded. For this project the Evil Portals from https://github.com/kleo/evilportals.git are used. In the shell use the command:

Then transfer the portals either all of them or just specific ones to the Wifi Pineapple Nano.

  • Enter the folder where the portals are located
  • scp -r choose-portal root@172.16.42.1:/root/portals OR WHEN AN ERROR OCCURS scp -r -O choose-portal root@172.16.42.1:/root/portals


Now the preferred portal should be copied to the Nano.

Step 4

Enabling the new portals:

  • Go to the Modules section again
  • The new Modules are listed in the work bench
  • Deactivate or delete the test portal
  • Activate the new portal
  • Refresh the page
  • Enter 172.16.42.1
  • Enter the allowed client's MAC addresses in the white list

The Evil Portal is now ready.


Pineapple Evil Portal Google.png


You can see on the picture that when entering the IP address you will be redirected to the fake Google page. On the Tab the name "Google" appears.

Result

To see the entered credentials of the targets, click on "View" of the activated portal. There you will see a list of logs from the users.


Pineapple Evil Portal Logs.png


References