WiFi Pineapple – A Hak5 Prodigy

The Wi-Fi Pineapple is a penetration testing tool that can help anyone automate a Man in the Middle Attack enabling them to steal your data by setting up rogue wireless access points. However, recently, there has been an increased use of the WiFi Pineapple in “Red Team Suit Auditing” which is an assessment done by the organization to demonstrate how hackers make use of different exploits to achieve their goal. A WiFi Pineapple is more common on public wifi networks which are unsafe and leave your personal data vulnerable. You can start protecting your online privacy by getting a PureVPN.

Secure Your Network

What Is Wi-Fi Pineapple?

The WiFi Pineapple was created as a pen testing device by hak5, a company known for its’ infosec technology store. The product was essentially developed to assist IT professionals to check if their networks are vulnerable. The Pineapple device, popularly known as the, Nano Basic is accessible on various platforms other than the Hak5 Shop, to anyone who can afford to spend $99.99 giving them the ability to pawn any or most internet connected devices around you.

Who knew a Pineapple was such a marketable commodity eh?

In this age, you can build the nano for as less as $25, or just use a raspberry pi that lets you enable monitor mode and packet injection.

A Pineapple device is very similar to a WiFi access point. The difference is that the device uses multiple radios when compared to an ordinary router which use a single radio making it more powerful and effective to execute complex network attacks.

These devices can be used to intercept and invalidate a legitimate AP (access point) forcing unsuspecting users to connect to a fake network set up by a third party. Once the user is connected, the hacker can gain access to all the personal data. This is a form of MiTM (man-in-the-middle-attack), where all the data passes through the man in the middle, in this case, the hacker. DNS Spoofing and session hijacking are the two common types of man in the middle attack used by hackers.

Fun Fact: The WiFi Pineapple gets its’ name due to the antennas attached to the nano device which provides additional gain when compared to other nano devices.

Pen Testing- How It all started!

WiFi was believed to be inherently flawed making it vulnerable to spoofing attacks, which is basically when a hacker impersonates a device to gain access to a users personal data. This vulnerability gave birth to the Pineapple device with the purpose being pen testing.

A pen test is an authorized attack of a system. Typically, a company will hire a pen tester to launch a hack on their systems in order to assess its strength and identify any vulnerabilities. Pen testing is part of a larger branch of testing commonly known as ethical hacking.

A WiFi Pineapple is an important part of a pen tester’s kit. It looks and works just like a standard WiFi router, albeit with greater range. In pen testing, the Pineapple will take advantage of the inherent weakness of WiFi networks to get users to connect to the Pineapple’s signal, rather than a legitimate network.

Most WiFi Pineapples also come with a set of software tools that a pen tester can use through their laptop, or even on an Android device. These tools are able to scan network traffic, snoop on users connected to Public WiFi networks, and identify weak spots in security protocols.

During a pen test, all of this is done with the permission of the company being ‘attacked’. Unsurprisingly, however, it did not take long for hackers to start using the same techniques to attack users and companies without being asked to. As a result, WiFi Pineapples are now commonly seen in many types of illegal attacks.

How Does the Wi-Fi Pineapple Work?

When a standard device connects to a WiFi network, it actually knows very little about the network it is connecting to. Unless you have installed a network sniffer, or other pieces of software that the average user is not likely to have, the only information your device sees is the ‘name’ of the network, also known as SSID.

Any time you connect to a WiFi enabled device, that device saves your network’s SSID number. Often, users like for the device to automatically connect to wireless service closest to you, leaving the auto-connect feature switched on.

Assume you ordered yourself a coffee from Starbucks and connected to “Starbucks WiFi” while you waited for it. Once you leave the café, your device will broadcast a signal to check if the access points in range are “Starbucks WiFi”. The same applies to any network you have connected to in the past as well.

How the WiFi Pineapple works is that it would scan all of the SSIDs, then re-broadcast these SSIDs to trick devices into thinking that they have connected to those access points in the past.

It is just like you confusing your friends twin sibling for them.

Well, it is not like our devices are dumb. If you are at a coffee shop like Starbucks and see an SSID name like “Starbucks WiFi”, you would not think to yourself that “Oh, maybe this is an attacker’s honeypot” either.

NOTE: The attacker is not even aware of what your device’s network SSID is. It is this nano device that collects all the information. These leaking SSIDs are collected and are then used to spoof networks.

Building a WiFi Pineapple – Try It Yourself!

There is a bunch of free downloadable modules on exploits of the Pineapple which you can download and install on your device.

Here is a very basic way of fooling your device and building a WiFi Pineapple. Take out your smartphone, and make a hotspot that has the same name as your home WiFi network. Now open the WiFi network menu on your laptop. Its possible that your device connected to the network that was not intended.

Because it only knows the name of the networks, and nothing else, your device thinks they are the same network. It might even try to connect to your phone using the password for your home network.

A typical WiFi Pineapple attack works in the same way. By projecting a fake WiFi network over a large area, some users will inevitably connect to the wrong network, and an attacker will harvest their data.

Moreover, Public WiFi Hotspots are not obliged to use WPA2, thus, many WiFi networks are not password protected in the first place.

But let’s say a network is password protected. Though the encryption used by WPA2 is pretty good, it only starts once you have authenticated and connected to a router or any other access point.

How easy is to launch a WiFi Pineapple attack?

A couple of years ago, it was very to obtain somebody’s login credentials. All you needed was a SSLsplit module.

But ever since browsers adapted HSTS to protect websites from downgrade attacks, the SSLsplit module has become relatively, irrelevant.

One example of the implementation of HSTS is when you are surfing on the web and are redirected to a webpage that says “Your Connection To This Site Is Not Secure”. It is basically encouraging safe browsing.

Such Efforts have made a WiFi Pineapple attack difficult in recent times, but not impossible.

Attackers who are smart and determined, may de-authenticate you from a particular AP, just like you may remove someone from your wifi network.

Once you are de-authenticated, you may be redirected to a login portal set up by the attacker, where he sits to eavesdrop on your credentials. This is commonly known as, ‘Evil Portal’ which a form of Phishing Scam.

They might wait for users to login to their internet banking system or social media accounts, and then use session hijacking to impersonate them. Or they might just gather information to be sold or used to blackmail their victims.

These are pretty standard types of attack that have been prevalent even in 2020. What’s concerning is almost anyone is able to launch sophisticated hacks and the Hak5 Nano Basic (Wi-Fi Pineapple) makes it easy to deploy these techniques.

How to Prevent Yourself From a WiFi Pineapple Attack

Protecting yourself against WiFi Pineapple attacks relies on two factors. One is the way you behave online. The other is the technical protections you have in place to avoid your data being intercepted and stolen.

Be Vigilant When Connecting Public WiFi Networks: Protecting against any form of cyber-attack, including those deployed via a WiFi Pineapple, requires knowledge and vigilance. You should be aware of the WiFi network you are connected to at all times, and should be able to spot vulnerable or suspicious networks.

Take the Starbucks example. If, for instance, a new unsecured network suddenly appears, especially one that shares the same network name, DO NOT connect to it.

Tip: Switch Off the Auto-Connect Feature on your device!
Do Not Blindly Enter Sensitive Information: Similarly, never send personal information over unsecured WiFi networks, or login to your social media accounts. Unless, that is, you want this information to be available to everyone connected to the same network.
Use Encryption: Because WiFi Pineapple attacks exploit some inherent flaws in the way that WiFi networks operate, they can be really hard to detect even for experienced users. It’s therefore also a good idea to protect yourself using a higher level of encryption than that used by even secure WiFi networks.

The best way to do that is to use a Virtual Private Network (VPN). The best VPNs use end-to-end encryption which means no one can decipher the data you exchange with a network. Even if you accidentally connect to a WiFi Pineapple, an attacker will not be able to read your data, or launch further attacks.
Make sure to use a Website that has HTTPS Encryption: Many websites use their own encryption to protect their users. This is denoted by “HTTPS” as opposed to “HTTP” on the extreme left of the URL in the address bar.

Secure Your Network

Frequently Asked Questions

How can I tell if I’m being attacked by a WiFi Pineapple?

Look for signs such as unexpected pop-up windows, slow internet connection, unresponsive web pages, and your device connecting to a network with an unexpected name.

Can antivirus software prevent a WiFi Pineapple attack?

Antivirus software may not necessarily prevent a WiFi Pineapple attack, but it can help detect and remove malware that may be installed on your device as a result of the attack.

What should I do if I suspect a WiFi Pineapple attack?

Disconnect from the network immediately, and avoid entering any personal information while connected to the network. Report the incident to the relevant authorities and seek assistance from a cybersecurity professional.

Cookie	Duration	Description
__stripe_mid	1 year	This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
__stripe_sid	30 minutes	This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
Affiliate ID	3 months	Affiliate ID cookie
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
Data 1	3 months
Data 2	3 months	Data 2
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
woocommerce_cart_hash	session	This cookie is set by WooCommerce. The cookie helps WooCommerce determine when cart contents/data changes.
XSRF-TOKEN	session	The cookie is set by Wix website building platform on Wix website. The cookie is used for security purposes.

Cookie	Duration	Description
__lc_cid	2 years	This is an essential cookie for the website live chat box to function properly.
__lc_cst	2 years	This cookie is used for the website live chat box to function properly.
__lc2_cid	2 years	This cookie is used to enable the website live chat-box function. It is used to reconnect the customer with the last agent with whom the customer had chatted.
__lc2_cst	2 years	This cookie is necessary to enable the website live chat-box function. It is used to distinguish different users using live chat at different times that is to reconnect the last agent with whom the customer had chatted.
__oauth_redirect_detector		This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality.
Affiliate ID	3 months	Affiliate ID cookie
Data 1	3 months
Data 2	3 months	Data 2
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_J2RWQBT0P2	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_12584548_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gat_UA-12584548-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjIncludedInSessionSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
PAPVisitorId	1 year	This cookie is set by the Post Affiliate Pro.This cookie is used to store the visitor ID which helps in tracking the affiliate.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
_app_session	1 month	No description available.
_dc_gtm_UA-12584548-1	1 minute	No description
_gfpc	session	No description available.
71cfb2288d832330cf35a9f9060f8d69	session	No description
cli_bypass	3 months	No description
CONSENT	16 years 6 months 13 days 18 hours	No description
gtm-session-start	2 hours	No description available.
isoCode	1 month	No description available.
L-k26wU	1 day	No description
L-KVHA4	1 day	No description
m	2 years	No description available.
newVisitorId	3 months	No description
owner_token	1 day	No description available.
PP-k26wU	1 hour	No description
PP-KVHA4	1 hour	No description
RL-k26wU	1 day	No description
RL-KVHA4	1 day	No description
wisepops	2 years	No description available.
wisepops_session	session	No description available.
wisepops_visits	2 years	No description available.
woocommerce_items_in_cart	session	No description available.
wp_woocommerce_session_1b44ba63fbc929b5c862fc58a81dbb22	2 days	No description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.