Intercepting web traffic using WiFi Pineapple Mark V with Burp Suite in virtual Kali linux

Introduction

A colleague got hold of a WiFi Pineapple Mark V, and I could borrow it for a couple of days, to play around with it.

After the initial goofing around with it, I wanted to go further, and intercept some specific traffic. Simply said, have the Pineapple connected to my laptop, pass all traffic straight through to the internet, except for port 80 and 443, which should go to BurpSuite, to do some stuff with it.

To connect the Pineapple to either Windows or Linux is rather straitforward, but when it comes to routing network traffic, I prefer Linux.

Shoppinglist

I already have a laptop with Windows 8 installed, and running Kali in VirtualBox.

• Laptop with Windows 8.1 Pro
• VirtualBox 4.3.20
• Kali Linux 64-bit 1.0.9a with lates updates
• WiFi Pineapple Mark V running firmware 2.2.0
• USB Ethernet dongle connected to the WiFi Pineapple (being an USB dongle itself is not important, my laptop just doesn't have any Ethernet ports).

Fixing the routing on the Windows host

When the Pineapple is connected to the laptop via the USB Ethernet dongle, the route table in Windows gets an additional default route to the Pineapple (see image below). This default route causes issues when you want to go to the internet. So first we have to get rid of this default route.

Open a command prompt in Admin mode ([WinLogo]+X).

First run route print -4 to see which adapters are there, and that there is a default route to the Pineapple.

Route table in Windows after connecting Pineapple via USB Ethernet dongle

Take note of the interface number of the adapter connected to the Pineapple. In this case it is number 24. The default route can be removed by running

route DELETE 0.0.0.0 IF <if>

where <if> is the interface number (24 in this case).

You'll also see other routes to the interface. I didn't experience any problems with these, but you can delete them as well by running:

route DELETE 172.16.42.0 IF <if>
route DELETE 172.16.42.124 IF <if>
route DELETE 224.0.0.0 IF <if>
route DELETE 255.255.255.255 IF <if>


Now the Windows host is configured.

Note: it is possible that the default route to the Pineapple interface is added in a later stage, i.e. when Kali is setup and running. In that case do the deletion of the route when this happens.

Setting up Kali

Kali is configured with default settings. Networking details are as follows:

Adapter 1 is enabled and attached to 'NAT'. Make sure that the 'Cable Connected' checkbox is on. Adapter 2 is enabled and attached to 'Bridged Adapter', with the correct adapter on the host computer that is attached to the Pineapple. Make sure that the 'Cable Connected' checkbox is on.

Now the virtual machine can be started.

When Kali is running, open a terminal and download the configuration script for the Pineapple:

wget http://wifipineapple.com/mk5/wp5.sh

and make it executable:

chmod +x wp5.h

Run the script with ./wp5.sh

I could work with the defaults, but had to change the interfaces: eth0 is connected to the internet and eth1 is connected to the Pineapple.

Pineapple Netmask: 255.255.255.0
Pineapple Network: 172.16.42.0/24
Interface between PC and Pineapple: eth1
Interface between PC and Internet: eth0
Internet Gateway:  10.0.2.2
IP Address of Host PC: 172.16.42.42
IP Address of Pineapple: 172.16.42.1

After this is done, the Pineapple can be accessed via http://172.16.42.1:1471/

Also check that the internet is still accessible by requesting a regular page.

When everything is working on Kali, we can try to connect a phone to the Pineapple, and check that it has internet access.

Connecting mobile device to the Pineapple

First we're connecting a mobile device to the Pineapple by selecting it's SSID. We'll leave the Karma stuff for later.

Check that the device can access the internet now.

Burp Suite

Start Burp Suite, and configure it, such that it listens to the IP address of eth0 (10.0.2.15 in my case) or eth1 (172.16.42.42) on port 8080.

Depending on the chosen adapter, configure the routine for port 80 (and optionally port 443)

iptables -t nat -A PREROUTING -i eth1 -m tcp -p tcp --dport 80 -j DNAT --to-destination 10.0.2.15:8080
iptables -t nat -A PREROUTING -i eth1 -m tcp -p tcp --dport 443 -j DNAT --to-destination 10.0.2.15:8080

or

iptables -t nat -A PREROUTING -i eth1 -m tcp -p tcp --dport 80 -j DNAT --to-destination 172.16.42.42:8080
iptables -t nat -A PREROUTING -i eth1 -m tcp -p tcp --dport 443 -j DNAT --to-destination 172.16.42.42:8080

It is also important to turn on 'Transparent Proxy Mode' in Burp Suite.

That's it. Burp Suite now intercepts traffic.