Stealing Data Over Open WiFi

Stealing Data Over Open WiFi

>>Dude, there was a lot of great things about doing the show, Hacking the System. And we did that segment
on the WiFi Pineapple, and the biggest bummer is that we went to such lengths to make sure that even if somebody went frame by frame, everything was accurate and correct.>>It was legitimate hacking code.>>Right? And then,
of course the comments are like, “They showed a screen and typing and said the word ‘hacking’,
and therefore it’s bogus.”>>Darren, from Hak5,
went out of his way at DEF CON this year to tell me.
>>Yeah.>>He’s like,
“No, no, it was all real. I assure you.”
>>Every single bit of it was exactly accurate represented. Which to be honest, makes
me want to flip the table and go full NCIS on this. [laughs] Like why bother to
present anything accurate? Just bash keys and be like,
“Hack, hack! We hack.”>>I love that you’re idea of hacking is basically pretending to be a cat. [hysterical laughing] [to the tune of Keyboard Cat]
♪ Do, do, do, do… do do-doo do. ♪ [light vinyl static]
♪ ♪>>robot voice:
Using the WiFi Pineapple.>>All right, we’re
here with Shannon Morse from Hak5 and TekThing. Shannon, thanks for joining us.>>Thanks for having me.>>Dude, my favorite segment
we did on Hacking the System was the one about the WiFi Pineapple. And now, this will be the first time I actually get to experience first hand interacting with one.>>This thing just looks dangerous. This is the WiFi Pineapple.>>SHANNON: Yes.>>It looks like something
that should not be near any of my technology.>>One of my favorite
things that had happened at DEF CON was where our friend, Glitch, came up and showed us,
opens up a case and there is a drone with
a WiFi Pineapple built in.>>Awesome, so awesome.>>For the uninitiated,
what is a Pineapple?>>So the WiFi Pineapple is basically a hot spot honey pot and
it’s a man in the middle attack for wireless.>>That sounds like the sexiest
porno I’ve ever heard. [laughter] [through laughter]
>>The hot spot honey pot man in the middle.>>You know, I could say
that it is techno lust. [laughter]>>Give us some more
appropriate terms we can Google. [hearty belly laughs] Because if I run that through the Google…>>I’ve never thought about that,
but you’re probably right. [laughter]>>One thing that I noticed
about what you just said, is you used a lot
of terms that are common to confidence games, and scams,>>Yes.
>>-man in the middle, honey pot, things like that. And so, a lot of cross over there.>>Yes, definitely.
>>Tell us how this works.>>So you know how whenever you go home or you go to a place that
you’ve connected to previously, your phone automatically
connects to whatever known network is out there?
[Jason’s vocalized affirmation] Well, the WiFi Pineapple is going to play a man in the middle to
that kind of scenario. So whenever you’re going
out with your device and your device is
looking for some network that you’re familiar with already, like your home network Brian.
>>Right.>>It’s like, Brian’s home network; you go home, your phone automatically
starts sending out these pings all over
the place, looking for this home network.>>And I assume, your phone, as long as you have WiFi turned on, your phone is constantly saying like,
“Hey, where’s home WiFi?”>>It is, yeah.
>>”Are you home WiFi? Are you home WiFi?” And then the Pineapple says,
“Yeah, that’s me.”>>Yeah, you may be far, far away from home and you’re looking for Brian’s home WiFi and then my WiFi Pineapple hears you say “Brian’s home WiFi,”
hears your device say it. And then it replies back and it says, “Oh, that’s me! You should connect to me.”>>Okay, so at that point, I would imagine by itself, you would just be connected to a node, and you wouldn’t
be connected to the Internet. But because we said man
in the middle, I assume we’re saying that this is the connection
>>Exactly.>>and it just relays everything. And so what? [stammers]
You can save all the data that goes through. You can watch everybody do everything… as they’re doing it?>>Oh yeah.>>That’s a sinister smile
of a hot shot honey pot. [evil laugh]>>Does it connect automatically? Or does it say, “Oh, this is Brian’s WiFi” and you say yes, I want
to connect on that. How do you get deceived exactly?
>>SHANNON: No, I– So one of the
really fun things with this is I can go ahead and
start up a little device called Pine A-P. And this is going to track
all of the different pings that’s happening in the
wireless all around us. So if your phone is looking
for coffee shop WiFi and yours is looking for
Brian’s home network WiFi then it’s going to pick on both of those. We call them SSIDs; so
this is an identification for the access point.>>SSID is what the WiFi hot spot announces itself to be right?
>>Exactly, yeah.>>Whenever you pick a
silly name for it, got it.>>Yeah, and any time it sees it, it’s going to add it to this awesome little pool that I have currently
tracking what’s going on in the WiFis around us.>>BRIAN: Wait a minute, hold on,
let me get my phone. So if I turn on WiFi right now…>>Okay.
>>There we go. And it says,
searching for WiFi networks. Is it giving you anything
right now of interest?>>Let’s see, T-Mobile wing man.>>No, that’s not me.>>OTA, there’s a lot in here.>>BRIAN: Wow, there’s awful lot in here.>>SHANNON: Starbucks,
so these are all different SSIDs that your phone is currently
trying to connect to. It’s things that your phone has previously connected to in the past
and it’s looking for those.>>I would imagine that if you
just left the Pineapple on, especially in a busy area,
everybody’s phone is constantly saying, like
“I’m looking for this WiFi.”>>Now–>>They’re shouting out, who they’re–
>>Ooh. If you set this up in a city, you can get hundreds in your SSID pool, it’s crazy.
>>[hushed tone] Holy cow.>>Now are these just phones and laptops or do you have like IOT devices on here as well?>>Oh yeah, IOT devices, if
those are sending out pings, I’ll pick those up too.
>>Everything?>>I’ll pick up tablets, laptops…
>>Anything looking for a WiFi.>>JASON: Wow.
>>Yeah, your desktop computer. If your camera has WiFi turned on and is
pinging for an access point, it’ll find that too. And I should preface
this by saying of course you know Hak5 sells this product and we don’t condone using
it for illegal purposes. And I am in a lab environment
here with you guys. You have told me, “It’s okay, you can hack me.”
>>JASON, distant: Science, it’s just everywhere.>>And we should talk about,
there is such a thing, white hat hacking,
>>Yes.>>-penetration testing. The only way to know
whether or not your locks are secure is to try to break your own locks.>>Exactly.
>>And this is an important tool.>>And that’s what this is used for,
it’s used for penetration testing by experts that go out and get hired by companies. And it’s also used by me
for educational purposes. That’s why I’m here.>>Okay, so let’s do an experiment, just to see how terrifying this is.>>Okay.
>>Can you pretend to be Starbucks?>>Yes I can. So I can go ahead and turn this on so it accepts clients. Like, I currently have
two clients connected.>>Tell me at least one of
these is this other computer and not me.
>>Yeah. I do have this
computer currently set up. And let me go ahead and log in here. So, I have connected to
Starbucks in the past. My WiFi Pineapple knows that. So if I go ahead and
look through my wireless options up here, I see that I have indeed connected to Starbucks WiFi here. And I am currently connected
to the WiFi Pineapple.>>Okay, so in this case–>>So there’s obviously
not a Starbucks around here.>>Yes, no, definitely, nobody coming here looking for Starbucks.
>>No.>>I love the gravity of that warning. “No one come here looking for Starbucks. [gravely]
You don’t understand!”
[sinister strings]>>So to set it up
really easily right now, I’m going to go ahead
and change my open SSID over here, which is basically changing my WiFi Pineapple into
an open access point that you would normally
find at like a coffee shop. So I’m going to call it…
>>Whatever coffee shop, no particular coffee shop of importance.
>>SHANNON: [feigning naiveté] No! No particular one, specifically. So it’s going to go ahead and restart the wireless radios on the device. And then in a couple of seconds, maybe a couple minutes, you’ll notice that it says Starbucks WiFi.>>[gasps] There it is. There it is! Okay, so now I’m going to,
aw geez, all right. So look, I’m on Starbucks WiFi.
>>Yeah, Totally.>>See, and I’m not even careful. I just look at it and say,
“Starbucks WiFi, great. “Oh, you’re going to hack me?
How many bars do you have. Okay cool.”>>[laughs] Okay so
right now, I’m connected what looks like to Starbucks,
even though there’s no Starbucks. But actually, it’s the WiFi Pineapple, which is just relaying everything through, what, the local WiFi?>>Yeah, basically. So I have
my laptop connected to your open WiFi here, or your
[emphasis] password protected WiFi I should say here. [laughter]
>>That was the most
audible quote-y fingers I have ever heard.>>SHANNON: I’m sorry!
>>Your password protected WiFi.>>I mean, how is it that
I walk into this room and I’m like, “Hey, do you have WiFi here?” And Brian hands me the thing from his ISP.
>>BRIAN: Not anymore!>>Not any more, by the
time anyone sees this we’ll have changed the
passwords to good passwords.>>It’s like, here’s the
default WiFi password.>>No, it will be “good passwords”
will be the actual password.>>Okay so Brian, so this is
a very rudimentary example but are you “Brian seven plus?”>>[ashamed] Okay, yes.
>>Okay.>>This is my–it’s not a
seven plus, it’s a newer phone. [frantic]
Also, I’m not comfortable with sharing all the names of my devices, yes! That used to be me!
I’ve also changed that. [laughter]
>>JASON: Exactly.>>It looks like I am currently connected on one of those WiFi access points that I was pinging out, one
of the ones in my pool.>>Okay.>>And you are connected
to Starbucks WiFi, which was the open AP
that I set up on this one.>>Oh this is wild, so
both of these two devices think that this has a different name?>>Yes, exactly.
>>This one thinks it’s called–>>Starbucks, and yours thinks
it’s Starbucks WiFi.>>This is amazing.>>It is whatever it needs to be.>>Yeah.
>>Okay, here let’s see what you can find out about me as I just surf around as a normal person.>>Okay, well hold on, I
need to actually turn on the attack to be able to do that. So I can do a whole bunch
of different modules on the WiFi Pineapple. And the one that I’m
running is called DWall. And this was made by,
I believe, Sebkinne. So, if I turn this on…>>BRIAN: So DWall does what?
It basically pays attention to all the traffic and… [trails off]>>So DWall is basically
going to make an owned wall of information that is
coming from whatever is connected to the WiFi Pineapple.>>Oh, so it’s just saying,
“Here’s everything we found.”>>Yep, so DWall picks
up any kind of data that is passing through. If it’s unencrypted,
it can pick up cookies from different websites if those are not protected correctly.>>BRIAN: This is bad!
>>It can even pick up websites that you’re visiting.>>Uh okay, all right,
well can you see what website I am visiting right now?>>Okay, so I just
started listening on this. So I’m going to go ahead
and let that run for a bit. And then I’m also going to go ahead and open up some websites on
my computer over here as well. So, in a few minutes, we
should probably start seeing a whole bunch of different
websites on the DWall module.>>JASON: We’re starting to get something.>>SHANNON: Oh yeah.
>>BRIAN: Wait, we’re getting stuff?>>;; Oh! these are certificates
from one of the websites that probably that you’re currently visiting.>>Oh wow.>>So we’re seeing that
actual certificates from the website. Which means that, it’s probably a very fairly secure website.>>Will it be able to tell us that Brian is actually playing Hearthstone
right now? Because…>>[flustered] I’m not admitting
one way or the other. [laughing] Here, I’m leaving a very important message on my favorite website. I just posted a comment. ♪ ♪ It says it was successfully posted.>>Okay, I didn’t see it,
which probably means that that website is encrypted.>>Agh, it is. It has the “S!”
We talked about this!>>JASON: Ah, yeah.
>>Good, okay.>>It’s got a lock on there. you beat me!>>[laughing] I spent a lot of time making sure my website was secure.>>I definitely called
you a huge nerd though. [laughter]>>On my post from like July?>>Yeah, all right, here we go. I’m going to go to–
>>SHANNON: Oh! Look at that.>>BRIAN: What, what, what?>>SHANNON: Okay, so I just went to this website
that I know is unencrypted, it’s uh… I don’t know if I should call them out.>>I don’t know if you should
call this one out either. But this was…>>[chirp] .com? [wry laughter] [through laughter]
>>Did you just go to [chirp] .com?>>JASON: Is that real‽>>Yes, it’s–>>Look! I picked up the pictures
from the website, too.>>They’re friends with Frank Muller,
the great audio book reader.>>Oh!
>>From 15 years ago before he had his accident. This was the last time I checked that. It looks like his last update was 2003.>>And it looks like So either your phone
is pinging for Facebook in the background or maybe
there’s a Facebook cookie on this site.>>Oh wild!
>>JASON: Yeah…>>There’s a Word Press
cookie on my computer. So there’s a Word Press
cookie on this website that I’m currently using.
>>Probably that one, yeah.>>>>Oh my god!
[laughter] Have you seen the Dust Brothers website?
>>What in the world?>>These are the music
producers from Fight Club. Their website is frozen
in time, it’s amazing.>>Oh, that’s incredible.>>It’s like we found a time capsule.
>>This is awesome! I can’t believe you’re
able to see all of this.>>And it’s just scraping…
>>That’s hilarious.>>-pictures and stuff.
>>Oh yeah, it’s scraping images from all these different websites. Now it’s not going to catch all of them depending on what kind of like encryption and security you’re using. But it’s going to catch quite a few, as we’ve noticed.>>Now what other types
of information can you get from– you can get passwords,
sensitive information?>>I can get user names and passwords. I can set up a captive portal, kind of like what you
would have to sign on to whenever you go to a hotel and you have to sign on with your room number. I can track that information and I can make my own captive portal
that looks just like it. And then I can find
out what room you’re in and what your last name is. Because you’d put it in thinking that it was the actual captive portal.>>Okay so at this point, we’re all sufficiently scared, we all undestand you can get all everything. Here’s what I want to know. We’ve said for a long time, that
using a VPN is a good idea.>>Yes.>>I want to know if a
VPN will make me safe. So I’m going to hit quick
connect on this VPN and…>>What is>>JASON:>>Yeah, it came from your phone.>>I don’t know
what you’re talking about. [laughter] I actually literally don’t know.>>JASON: Justin. [laughter]
>>BRIAN: Oh it is Justin Robert Young! [laughter]>>That’s awesome.>>All right, so right now, it should be connecting to the VPN.>>Okay.
>>I assume, since this is slower, maybe it takes longer to establish
the VPN connection, or? I guess, maybe…>>That’s true.>>Maybe I already have to have
the VPN turned on before…>>What’s happening here
is your phone is talking to the WiFi Pineapple, thinking that
that’s the access point. My WiFi Pineapple is
connected to the Internet over my computer. My computer is connected
to the actual access point.>>So here’s what I’m going to do. I’m going to disable WiFi for the moment and just get the VPN going. Now the VPN is going over the LTE.
>>Okay.>>Now I’m going to switch back to having WiFi on. And I’m going to select
[murmured] Starbucks WiFi. So this is me knowing that I’m going into a scary neighborhood.
>>Okay.>>And it says I’m connected.>>It says you’re connected.>>I think it merits
mentioning that the way you utilize the Pineapple
can in some instances be terribly illegal.>>Oh, of course, just like you know, you shouldn’t murder somebody
with a kitchen knife.>>I mean…
[laughter]>>Hey! So, what website am I on?
Do you know?>>SHANNON: I don’t know, I don’t see it.
>>BRIAN: Yes!>>SHANNON: It looks like your VPN is working.>>How about, now!>>SHANNON: Nope.
>>BRIAN: Really‽>>Just, Dust Brothers and King of Mouths. [barely audible] That’s all I see.
>>BRIAN: Oh my gosh! [laughter]>>It’s working.>>You all missed out on the fact that I’m on the Space Jam site.>>SHANNON: Oh, dope! Oh that’s amazing.
>>Wait, like the actual… working site? For the movie Space Jam?
>>Yeah!>>Yep, that’s still alive right now, and looks like it definitely
teleported from the past. So you’re not seeing anything
I’m looking for right now?>>SHANNON: No, I don’t see any of it.>>And what are the best
practices that we could use to protect ourselves
from something like this just as individuals?>>Apparently a VPN.>>Yeah, dude.
This is my only take-away, is, “A-ha! I feel safe.”>>One of the most important parts is just don’t connect to open WiFi. Because if you’re not
connecting to open WiFi, this isn’t going to catch you. Now if I know the password
to a password protected wireless access point, then I could you know,
track what you’re doing. But, that makes it a lot more complicated.
>>This is going to be advanced stuff that we do when you come back in the future. But in the meantime,
where can people see so much more of your amazing stuff?>>Well you can follow me on Twitter. I’m at SNUBS, S-N-U-B-S or you can check out Hak5. H-A-K-5.ORG.>>Right on.
>>Yeah.>>I’m going to go burn
everything that plugs in, [laughter]
that has a battery, that charges.>>No, no. We talked about this,
we talked about this.>>JASON: I’ve been training some–
>>We talked about this, I swear,>>JASON: -pigeons!
>>Go to your calm place, it’s fine. It’s fine, it’s fine.
The wires don’t have it out for you.>>[exhale] Okay.
One, two,>>BRIAN: [fading away]
Superman III was only a movie.
>>♪ three, four, five. ♪ [all other sound blurs and distorts]
[to the tune of Mambo No. 5]
♪ Everybody get in the car
so come on let’s ride, ♪ ♪ to the liquor store corner ♪ ♪ said she wants some gin and juice,
but I really don’t want to. ♪ — CC BY REV
MODIFIED BY BIZARRE MAGIC — [notably quieter]
>>Ah man. Oh wait, the Donnie Darko
site finally went down. What else is there? [laughing]>>Spent a lot of
time–the Blair Witch site.>>Oh yeah!
[whispering to himself]>>I spent a lot of time
on the Blair Witch site.>>Who didn’t?
>>It was ’99 and I was like,
“It can’t be real, right‽”>>I don’t see it!>>I hadn’t seen the movie, yet.

Related Posts

VB.Net DigitalPersona 4500 Biometrics custom GUI

Fingerprint verification Unregistered fingerprint Fingerprint enrollment process Choose count of finger sets to enroll DigitalPersona custom graphic user interface enrollment
Garage Door Won’t Move: Motor and Travel Troubleshooting

100 Replies to “Stealing Data Over Open WiFi”

  1. It’s that time of year again: Mystery Box Jackpot season! Here's how it works: Our job is to make you feel like you absolutely won the jackpot when you open your Mystery Box. Each and every Mystery Box Jackpot always has more value in it than what you paid for it. 100% of the time. And if you’re not happy? 100% satisfaction guarantee!
    Wanna snag one before they’re all gone?
    We’re giving away a Mystery Box Jackpot ($99 value) to TWO winners of our weekly free giveaway at (no purchase necessary, giveaway ends 2/14/2019)
    Congrats to the winners of last week’s Cutaway Handcuffs giveaway: Laurent Holin, David Guy, and Kristina Zavala (we will contact you via email within the next two weeks)

  2. a video of two grown men acting as degenerates and not letting the professional speak.. what a shame for your viewers that actually don't know what she means.

  3. you can do a lot more with just creating a sub net using an old router on a kali/parrot os system to capture form data (SET) and running etherape/ettercap to track activity ((just for pentesting purposes ofc))

  4. People are stalking me. I just want to get their cell phone's IP address from my cell phone. Is there an app for that?

  5. 7:37 – Brian: I'm not comfortable with sharing the names of my devices, that used to be me.
    7:41 – Shows the MAC address of the phone.

  6. if that thing listened to dns and not only http traffic she would know what sites they were visiting even if they were https.

  7. A lot of VPNs can be stopped by disabling UDP. I've seen at least 3 popular VPN clients that aren't smart enough to fall back to TCP, even if it's available.

  8. Damn i should buy watch dogs 1 and 2 then then new one… then learn java and python then do some stupid stuff and cool stuff but 90% stupid

  9. Can you do this for cell towers too to find and get info coming from phones or tablets I understand the pineapple I have one to test my devices but what about my phone I have an encryption system but I'm not too sure if it works for cell devices too

  10. “Does a vpn make you safer?”
    **Proceeds to only use secure sites to test theory
    “Wooooooow it’s not being detected”

  11. Watch from 8:50
    She has no idea, and needs to keep looking at his phone for clues.
    Then says she didn't see anything because it was a https website. LMFAO Useless

    Then tries to pull up some old website that is unsecure so she could show off some scripted skills.

  12. Well, I can carry out the same attack with my regular rooted android phone or a kali linux laptop. It might be a bit messy to get all those scripts and extended range but that's for sure you shouldn't be that excited over these attacks. You can set up a captive portal easily with fluxion and a kali linux machine. The pineapple is just great for those who wants a shitton of range with easily accessible scripts and can carry it around. In short, you can achieve the same results with a regular laptop running kali and a good network card that supports packet injection and mon mode with a good range.

  13. Sorta funny how the one person who looks like they're a poser and know nothing about Compsec, actually is the expert.

  14. a little driftnet gets the party started always, btw that was facebook pinging you… You started to use your internet and they were tracking you, thats kinda what they do ; )

  15. Bruh just buy a monitor mode wifi adapter for a tenth of the price and it looks nowhere near as suspicious

  16. So, for clarification, this only works on unprotected networks. If my phone has only saved wifi that use WPA2 I will NOT be vulnerable to the pineapple?

  17. My guess is her pineapple listens to http and https. Thats why she didn't get anything once he connected to VPN as VPN is using another port. How useful is this thing ? I mean man in the middle attack in this day and age, all of the reputable sites use https. Letsencrypt made https free. Unless you send fake certificates and a user is dumb enough to disregard browsers alerts, you will not see whats happening because of encryption.

  18. Do not allow this guy to make fools out of you, this is clearly fake. The one and only tool that worked for me is Feebhax! Do a google search to find it ! 🙂

  19. Shannon and Brian …. hak5 and scam school from the revision 3 days on the same set. My two favorite shows of all times!!

  20. They talk about space jam ACTUALLY working but that is also an encrypted site. This is just as useful as when the hack came out for the wep networks when 90% of people had already converted to wpa lol

  21. gaw, man, this reeks of an over produced morning news show. can we get rid of those guys and bring in a couple normal people who aren't obnoxious ninth graders ?

  22. Does she work for Hak5? If so this is pretty incorrect. The SSID being the AP sends out the broadcast, which the pineapple would see. Their Phone the client looks for these SSID Broadcast then say's oh your there I will connect to you. The pineapple has no way of knowing what networks are saved in my phone. facepalm

  23. That hotspot honey pot with man in the middle is yearning for some penetration testing… Perhaps there's even a backdoor involved!?

  24. this is pretty informative for noobs like me who couldn't understand what was going in that Silicon Valley episode (The one where they go to Hooli Con)

  25. By the way, you can use a technique called sslstrip to fool the client into thinking the server doesn't support https/ssl.The browser will then default to http and you can steal someone's google/facebook/whatever cookies

  26. Last year at the end of February I basically did a man in the middle ‘attack’ although I wouldn’t really call it attack. So it was during the beast from the east (I’m British) and my WiFi wasn’t working that week, but the WiFi of my neighbour was, and on the Apple IOS select WiFi page you can view and even edit different nearby WiFi routers which can connect to. So I came up with the genius idea of maybe I could connect to my neighbors WiFi without the passcode by edit different parts to be identical to my router, and changed my router to be one digit off of what it was before. It worked I got connected and had internet, but then I wasn’t really expecting it to work and put it back immediately because I didn’t know what had happened, but for about 5 minutes I got internet again by bypassing the WiFi next door. I had managed to gain full access to their router.

  27. Hotspot Honeypot Man In The Middle: Google Search
    Nothing sexual.

Leave a Reply

Your email address will not be published. Required fields are marked *