According to the Hak5 website, “since 2008 the WiFi Pineapple has been a favorite among penetration testers and security enthusiasts” because of its high performance, ease of use, and ability to be concealed. In fact, many Pineapple users would argue that the Mark IV is a must-have tool for pen-testers. The Pineapple, however, isn’t necessarily suitable for everyone. Although the Pineapple prides itself on its high level of automation and community-based support, some basic skill is still required to guarantee a user-friendly experience.
The WiFi Pineapple is designed to work primarily with Windows and Linux operating systems but Hak5’s WiFi Pineapple FAQ page states, “the WiFi pineapple is independent of OS and can be used with anything that has a TCP stack and a browser.” If you expect to connect the WiFi Pineapple to a Mac with no hassles, think again. Mac users will need to manually configure their network settings before they can access the Pineapple’s web-based control center. The good news- I’ve created a step-by-step video tutorial to walk you through the entire process. You can view the video here. The tutorial will teach you how to:
- Configure internet connection sharing (ICS) on your Mac. ICS is essential if you plan to use your Pineapple to perform man-in-the-middle (MITM) and other internet-dependent attacks. Without ICS, Pineapple clients will not be supplied with an active internet connection.
- Configure ethernet tethering on your Mac. Ethernet tethering is necessary because, in addition to supporting ICS, it is the only pathway to your Pineapple’s web interface. Without access to your Pineapple’s control center, your left with a shiny black box that does nothing.
Now, let’s take a look at the Pineapple’s features.
- 3G Mobile broadband and Android tethering
- Manageable through SSH
- Support for auxiliary WiFi adapters
- Web-based interface for easy management
- Expandable with community modules
- Community-based support
- Facilitated man-in-the-middle attacks
- Expandable storage
As you can see, the Pineapple has an arsenal of features under its hood. The possibilities seem endless, right? Well, not entirely. In respect to the widespread data limitations that many of us have so sadly fallen victim to, grandfather data plan holders are considered to be some of the luckiest people in the world. If you are lucky enough to have a grandfather data plan, however, this is actually bad news if you’re a Pineapple user. Why? The Pineapple only supports Android’s native tethering feature, which, as I’m sure you already know, cannot be enabled unless you have a limited data plan. Currently, there is no 3rd party application capable of enabling the Android’s native tethering feature, not even for root users. So, unless you are willing to sacrifice your unlimited data plan, you won’t be providing unlimited mobile bandwidth to your Pineapple clients any time soon. Wait! There’s good news. Although it’s less convenient, I’ve developed a workaround. Instead of tethering your Android directly to the Pineapple, you can use your computer to bridge the connection. Think of your computer as a sort of middle man. With the help of 3rd party tethering applications, such as FoxFi and PdaNet, sharing your Android’s internet connection with the Pineapple (through your computer) becomes very easy.
What makes the Pineapple unique? Convenience by means of consolidation. The Pineapple executes tasks that would otherwise require the use of multiple applications and hardware components. For example, a man-in-the-middle attack typically requires a computer, an operating system, two network adapters, a router with an internet connection, and a MITM script. The Pineapple consolidates all of these items into one unit, making it a powerful, feature-rich device.
By a standard of reliability and versatility, the WiFi Pineapple Mark IV is an exceptional tool. If you’re not a sucker for convenience however, you may find that there are other more cost-effective alternatives to the Pineapple. It just depends on your requirements and your budget. In addition, due to the lack of support focused on beginner needs, I would not recommend this tool to inexperienced users. Regardless of the issues highlighted during my review, I would argue that the Mark IV is a must-have tool for pen-testers.