SSLsplit on WiFi Pineapple
Source MAC - by default, this is the MAC address of wlan0 on the WiFi Pineapple. This is the interface for which associations may be allowed and also hosts the Management Access Point. The MAC address of wlan0 may be changed from the Networking view. This MAC address may be set to that of a secondary WiFi Pineapple if desired. Mac n' Cheese Bites (8) 8.99 Jalapeno Poppers (8) 8.99 Garlic Cheese Bread Sticks (12) 9.99.Chicken Fingers - plain (6) 8.99.Chicken Wings - plain (10) 9.99.Add Buffalo, BBQ, Teriyaki or Honey Mustard for 1.00 Includes side of Blue Cheese or Ranch dressing with carrots & celery. Pineapple This project is a standalone Jupyter environment for doing data science using Python. It aims to include many useful working libraries and packages, while remaining super easy to install and use. Fixed an issue where MAC filters did not prevent an SSID, Probe, or Beacon Response from being logged, or executed. Logging; Added SSID and MAC modals to PineAP results, allowing for OUI lookups and note taking. Added the probe count to the downloaded PineAP.log. Fixed an issue where removing duplicates from the PineAP log removed the wrong.
Update: after this blogpost somebody made an Infusion for SSLSplit on the WiFi Pineapple. That’s great! You can still use the howto below, but the easier way is to install the Infusion via the Pineapple bar.
Recently I was asked by a client to do a penetration test on one of their mobile apps. Fun stuff. One of the things I always test is security of the communication channel. Often SSL over HTTP is used for that. The WiFi Pineapple is a great companion for this as it provides an easy way for setting up a wireless access point with some attacks on the communication, leaving your own pentest machine free for other attacks.
Jul 26, 2014 WiFi Pineapple and Mac OS X Internet Sharing » SSLsplit on WiFi Pineapple Update: after this blogpost somebody made an Infusion for SSLSplit on the WiFi Pineapple.
Default approach to analyze traffic is to become Man-in-the-middle between App and server it communicates with. This is easily done by configuring the mobile device with a proxy (if the App communicates via a proxy aware protocol and if it accepts the system proxy settings) or to redirect traffic using iptables on the Pineapple. Than have Burp or any other proxy tool run to intercept and modify the traffic. Nothing new here.
But what was special at this specific engagement was that Burp (or any other proxy tool I know) was unable to interpreter the traffic. Yes, the iptables redirection was working, yes the SSL-mitm worked without a prob. Burp showed the initial request, and wireshark showed the traffic being forwarded to the actual server the App wanted to communicate with. But nothing was happening after that. No data, nothing. After some tinkering the hypothesis was formed that the App used non HTTP traffic over SSL and our proxy tools don’t understand it.
This is where I learned about this great tool SSLsplit. Its a proxy tool able to do full SSL certificate forging, full HTTPS decode, but also able to just show the decoded TCP and SSL traffic if it cant decode it into HTTP. Exactly what I needed! I had some compiling issues getting it to run on my Kali pentest machine. Im sure these could be fixed but I just tried installing it directly on the Pineapple. Turned out it works like a charm. Here is what you need to do:
- SSH to your Pinapple and update the packages using opkg update
- Get the OpenWRT libevent2 packages (all 5) from the official mirror at http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages/
- Download the unofficial OpenWRT build of SSLsplit for OpenWRT at project Ghost on Github: https://github.com/ShaPOC/ProjectGhost/blob/master/software/sslsplit/bin/sslsplit
- generate the SSL certificate authority and key for SSLsplit to use.
- openssl genrsa -out certificate.key 4096
- openssl req -new -x509 -days 365 -key certificate.key -out certificate.crt
- Depending on the config of the mobile App you may need to import the newly generated certificate.crt onto the device.
- Know what non intuitive parameters SSLsplit requires:
- mkdir /tmp/sslsplit (make a working directory)
- mkdir /tmp/sslsplit/contentlog (make a directory for session logs inside the working directory)
- ./sslsplit -k certificate.key -c certificate.crt -D -l connections.log -S /tmp/sslsplit/ -L contentlog ssl 0.0.0.0 8888
- This starts sslsplit with:
- using the cert authority we just created, used for certificate forging
- debug output to the main screen (I found this useful, you may not)
- working dir /tmp/sslsplit, duping the actual content of the connections to /tmp/sslsplit/contentlog/
- decoding traffic that comes in a port 8888 as ssl
- Redirect the traffic we want to analyze to port 8888, with a simple iptables script
- root@Pineapple:~# cat pineburp_split.sh
#!/bin/sh
echo ‘1’ > /proc/sys/net/ipv4/ip_forward
iptables -X
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -p tcp -d @@SPECIFIC_DEST_IP@@ –dport 443 -j REDIRECT –to-ports 8888 (watch it, parameters –dport and –to-ports are double dashes but for some reason WordPress displays them as one).
iptables -t nat -A POSTROUTING -j MASQUERADE
- root@Pineapple:~# cat pineburp_split.sh
- Start your app and see if it accepts the SSL certificate. In my case it did (bad for the App, good for the pentester) and the content was dumped on the pineapple in /tmp/sslsplit/contenlog with a file per TCP sessions.
Full SSL decode. Awesome!
Introducing the new iMac, iPad Pro,
iPhone 12 in purple, AirTag, and Apple TV 4K.
View recent Apple events
Apple Event November 10, 2020
Introducing the new MacBook Air, 13‑inch MacBook Pro, and Mac mini, all with the Apple M1 chip.
Learn moreApple Event October 13, 2020
Introducing iPhone 12 and iPhone 12 Pro with 5G, MagSafe accessories, and HomePod mini.
Learn moreApple Event September 15, 2020
Introducing Apple Watch Series 6, Apple Watch SE, Apple Fitness+, the new iPad Air and iPad, and Apple One — the all-new Apple services bundle.
WWDC June 22, 2020
Announcing our biggest updates ever to iOS, iPadOS, watchOS — and the entirely reimagined macOS Big Sur.
Apple Event September 10, 2019
Announcing the new iPhone 11 Pro, iPhone 11, Apple Watch Series 5, and iPad.
WWDC June 3, 2019
Mac Os Mojave
Announcing upgraded operating systems for iPhone, Apple Watch, and Mac — and a brand new one for iPad. And introducing the new Mac Pro and Pro Display XDR.