8 thoughts on “Phishing for Facebook logins with the WiFi Pineapple Mark V from HAK5 (Setup Guide)”

  1. Nice blog Joey! I recently picked up one of these and have quickly realized how powerful they are. One point I would like to add is that the Karma tool is only useful for attacking an open WLAN, however PSK-protected networks have their own flaws. A good idea to detect the presence of a pineapple is to create a WLAN profile on your device (if possible) named something like “Pineapple Nearby” and configure it for open security along with automatically connect when in range to detect its presence.

  2. Nice blog!
    I was wondering, is it true what Chris said about the Karma tool is only useful for attacking an open WLAN? What if you have the password for the wifi, to the university’s wlan for example? Can you then use Karma and the other tools mark V provides? Thanks!

    1. Hi Alex,

      Karma works by hearing a SSID and replying back as that with a open network. Karma does not have anything to do with spoofing passwords for a SSID. With that being said, if your university network requires a password … lets say you use WPA2, then your mobile device will know that password and auto connect anytime you are at the University. If you go to Starbucks and connect as a guest, you device will treat that as a lower priority assuming you connect more often to the University and its just a higher priority connection for you. If somebody launches a Karma attack while you are at Starbucks, Karma will see you are looking to see that your device is randomly beaconing for the University network and spoof that. Your device say “hey I’m at the university” and connect to that but it will show the university network connected and open … not running WPA2. Make sense?

  3. Isn’t the one on the left the mark V (5) and the one on the right is the mark IV(4)? You have the one on the right as the mark III (3)

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.