I wanted to do a quick write-up on what exactly the WiFi Pineapple® is. I’ve had a lot of emails asking for more detail, and I figured this would shed some light in the most effective way.
Hak5 advertises it as “The industry standard pentest platform has evolved. Equip your red team with the WiFi Pineapple® Mark VII. Newly refined. Enterprise ready.” -but that doesn’t really tell you what it is or what it does
What it really is, is a device that is basically a small router, that has a litany of pentesting tools built into it. There are a few versions of it that I’m aware of, but the two main ‘model lines’ are the tetra and the nano. The nano is only 100 bucks and does most of what the tetra does, but with smaller antennas it is greatly limited in range.
If you are looking for a fun gadget/toy get the nano, if you are looking to do some real pentesting, go ahead and splurge on the tetra. You don’t want to be limited when you are trying to do actual work.
I have screenshots of a list of pre-loaded modules that have a wealth of support in the forums and github communities. This should show you a pretty good picture of the breadth of the pineapple.
As you can see, there is an incredible utility to the pineapple. You can do fairly benign things like internet speed tests, or fairly nefarious things like create a man in the middle attack.
So if normal people can purchase these, what can I do to protect myself from nefarious use?
A very natural next question I typically get when explaining the wifi pineapple to someone is, ‘How on Earth can this be legal? How can I protect myself?’
Answer 1.) It is for made for legal pentesting, but you can’t control someone from using one in your Starbucks.
Answer 2.) It is up to you to adequately protect yourself and your data.
I plan on writing up some scenarios of common instances where people might use a pineapple, the effects, and the ethics in the coming weeks. In the meantime, check out this link to get some information on protecting yourself with a VPN.