Dark

Stealing Data Over Open WiFi

The Modern Rogue
Views 179 486
98% 5 803 84

The data goes... through, the pineapple? *zooms in super-tight on face* *then zooms in super-tight on an actual pineapple* [whispers through squinted eyes] ...through the pineapple.
-----------------------------------------------------------------
Interview with Shannon ($10+ patrons):
patreon.com/posts/24521169
Unedited footage for this video ($5+ patrons):
patreon.com/posts/24821506
-----------------------------------------------------------------
Additional Information
The WiFi Pineapple is sold on Hak5's store
shop.hak5.org/products/wifi-pineapple
www.wifipineapple.com/
How a Wi-Fi Pineapple Can Steal Your Data (And How to Protect Yourself From It)
motherboard.vice.com/en_us/article/pa39xv/pineapple-wifi-how-to-mitm-hack
Websites Visited
kingofmouths.com
spacejam.com
bitchen.com
dustbrothers.com
-----------------------------------------------------------------
Thanks as always to Shannon for making the trip out to record these episodes, you can find more from her at
ruvid.net/u-hak5
ruvid.net/u-shannonmorse
ruvid.net/u-tekthing
twitter.com/snubs
instagram.com/snubs
-----------------------------------------------------------------
Scam Nation: ruvid.net/u-scamschool
Patreon: patreon.com/modernrogue
Discord (patron reward): discord.gg/modernrogue
MR Articles: themodernrogue.com
Outtakes & BTS: ruvid.net/u-scamstuff
Subreddit: modernrogue.reddit.com
Merch: shop.themodernrogue.com
Twitter: twitter.com/modernrogueshow
Instagram: instagram.com/modernrogueshow
Facebook: facebook.com/modernrogues
-----------------------------------------------------------------
Music used in this episode:
"Spacesuits" by Kupla
chillhop.bandcamp.com/album/chillhop-essentials-winter-2017
"Grandiose Soul" by Masked Man
chillhop.bandcamp.com/album/chillhop-essentials-fall-2018
"Vino" by Cap Kendricks
chillhop.bandcamp.com/track/vino
"All Us" by Nokiaa x nofeels
chillhop.bandcamp.com/track/all-us
Most of the music from the show: bit.ly/mrspotify
-----------------------------------------------------------------
This episode was made with the help of:
Brian Brushwood - host -- twitter.com/shwood
Jason Murphy - host -- instagram.com/captainmurphy
Brandt Hughes - camera operator / editor -- twitter.com/gatowag - instagram.com/gatowag
Bryce Castillo - camera operator / live audio engineer -- twitter.com/brycas
Shannon Morse - guest -- twitter.com/snubs

Entertainment

Published on

 

Feb 8, 2019

Share:

Link:

Download:

Loading link...

Add to:

My playlist
Watch later
Comments 544
The Modern Rogue
The Modern Rogue 2 months ago
It’s that time of year again: Mystery Box Jackpot season! Here's how it works: Our job is to make you feel like you absolutely won the jackpot when you open your Mystery Box. Each and every Mystery Box Jackpot always has more value in it than what you paid for it. 100% of the time. And if you’re not happy? 100% satisfaction guarantee! Wanna snag one before they’re all gone? www.scamstuff.com/products/mystery-box-99 We’re giving away a Mystery Box Jackpot ($99 value) to TWO winners of our weekly free giveaway at gimme.scamstuff.com (no purchase necessary, giveaway ends 2/14/2019) Congrats to the winners of last week’s Cutaway Handcuffs giveaway: Laurent Holin, David Guy, and Kristina Zavala (we will contact you via email within the next two weeks)
Rahim
Rahim Month ago
But does incognito work?
MercurialCorsair
MercurialCorsair 2 months ago
Why did you take down the fpe of this?
Setro
Setro 2 months ago
really wish one of my favorite channels didn't do this too but at least it's not directed toward children
Chuckaroo 123
Chuckaroo 123 2 months ago
Hi if you read this I think you should do a video on 3d printed guns it would be so cool
Paracosmonaut
Paracosmonaut 2 months ago
Ask yourself. WWWDD, if he was a Rogue? Your concept is inspiring.
Glen Freeman
Glen Freeman Day ago
this weeks psa
Sir Jeffrey
Sir Jeffrey 14 days ago
This is always why I disable "auto reconnect" on my phone lmao... Sadly it doesn't fully help you...
ben flamini
ben flamini 26 days ago
Big oof
Shaun Beakley
Shaun Beakley 26 days ago
It's like wifi catfishing
Jsweizston
Jsweizston Month ago
This is why you don't leave that option on.. on your phone. You only connect at home and ignore all other wireless networks and do not search no matter what for external public wifi networks.
Peter Gardas
Peter Gardas Month ago
Once I launched a MITM attack at my local library and by a MAC adress I traced a phone that was looking at mature mom pornography. I look around the place and the only person with that brand was a little 8 year old boy sitting in the corner. Never went back again!
He Be a Knee
He Be a Knee Month ago
are we all gonna ignore the f-society sticker on brian's laptop?
kid
kid Month ago
I used to watch this guy do magic and follow along, now im getting into ethical hacking and...... i stumble into this dude again like 6 years later
Will It Snap?
Will It Snap? Month ago
WHAT IS A PINAPPLE!?!?!!?
whatsthe point
whatsthe point Month ago
Shit i just wanted to learn how to not get fucked by wify but now im smrt
random guy guy random
Watching this on public downtown wifi
†XΞZIAN†
†XΞZIAN† Month ago
i purposefully leave open a shit ton of weird sites just incase i ever do connect to a pineapple so the only thing someone knows about me is i'm seriously fucked in the head and probably need help and their pineapple also gets spammed with sites
The Meme Doctor
The Meme Doctor Month ago
Keyboard Cat Never Forget
Finn Dane
Finn Dane Month ago
Each video i get more of a feeling that you guys do this in russia where you pay the local corrupt police
Eric
Eric Month ago
I ordered my upgrade!!! Cannot wait for it to get here. Big upgrade from my mark 5
GyroMurphy
GyroMurphy Month ago
The shirt she's wearing means I love her
yaksher
yaksher Month ago
If your website sends passwords in plain text, you need to be banned from web design.
Eric
Eric Month ago
ATTWireless, COMCAST, ATTXXX(XXX being some three digit numbers), and any other common AP name, would be better than a business name, if those places are not near. If you are in a public area, then just pick a place and name the wifi after it. Maybe add GUEST in the name. INN_GUEST, QUICKSTOP_GUEST. This is what you would name your own wifi_pineapple ssid. No one really needs a wifi pineapple to do this, you can get a usb wifi antenna that is capable of promiscuous mode and an everyday use Linux build, pen-testing Linux distro or a couple of windows tools, Linux is better, and do the same thing. Remember, your wifi pineapple has to have a stronger signal than the other signals in the area before people's devices will connect automatically! The tool/script she is using to gather images from users, I have gotten images from people surfing Facebook, the fun part, you can change the images, so if they want to see an image, you can inject your own image! RICKROLL!!!
Eric
Eric Month ago
hahah, my professor was not too happy when demonstrating this in class.
Eric
Eric Month ago
injections!
Eric
Eric Month ago
Blah blah blah, stop running out of pineapples so I can upgrade my mark v.
ASAP BAPE
ASAP BAPE Month ago
Kids at my school think inspect elemint and editing as html is hacking
ASAP BAPE
ASAP BAPE Month ago
You right you right
Eric
Eric Month ago
You can find useful stuff in inspect elements, as for editing the html code, nope. But it is fun to change what people say and screen shot it! hahaha!!!!
Snuffleufugus
Snuffleufugus Month ago
Next video should be what software you can do to counter a hacker with these kinds of devices
Eric
Eric Month ago
No program. If you want to protect yourself from this type of an attack, use a VPN, do not allow your devices to connect automatically to open wifi.
xtreme6492
xtreme6492 Month ago
You talk a lot of shit, you should show us how to do that, not talk bullshit.
The Modern Rogue
Can you clarify?
Hunter Gibson
Hunter Gibson Month ago
Is this free to do
MaXplosion1
MaXplosion1 Month ago
I can now find out these things and NOT be on a government list
Derby Mods
Derby Mods Month ago
Test Nord VPN against the pineapple
Derby Mods
Derby Mods Month ago
The NCIS bit was hilarious, because smashing keys removes viruses.
officer401
officer401 Month ago
1:48 "If I run that through 'the' Google" Dad just give me the keyboard.
Dan Singh
Dan Singh Month ago
I like raspberry pi with pineapple on the side
Ina Bothwick
Ina Bothwick Month ago
Dan Singh well played
Dark King
Dark King Month ago
I don’t mind people knowing which sites I visit while I’m out not like I’m gonna login to my bank account but the thing that I would really hate for other people to have are my personal photos. I guess this thing can’t steal those?
Dead End
Dead End Month ago
If you use https you'll be fine.
Garrett H.
Garrett H. Month ago
NordVPN of course
Peter Hansen
Peter Hansen Month ago
Doesn't work, if you connect using certificates, but most people don't use those. It is taking advantage of the fact that most people want convenience, not security
Caleb Forster
Caleb Forster Month ago
You guys should have a podcast
The Modern Rogue
agreed.
Dennis Dueck
Dennis Dueck Month ago
14:04 when did this change I know for sure that just not to long ago that you could leave a known pw protect wifi with and "evil AP" with no pw but same SSID and it would connect/could get the pw threw an uncompleted 3 way hand shake and script it to auto update it's pw
Keith nunya
Keith nunya Month ago
There is some hotness under those big nerd glasses and that flannel shirt
Bob Rossy Boi
Bob Rossy Boi Month ago
I can’t believe pineapples steal our data. I need to eat mine fast.
Lukas T
Lukas T Month ago
Now, if you are on ecrytped websites only and have the VPN active and stuff, is it saver than mobile data? I feel like the cell phone provider can easily get my data I sent via their provided network?
Dead End
Dead End Month ago
If you tunnel your stuff it shouldnt matter
Virolaxion
Virolaxion Month ago
Dust Brothers... legends
Alex N
Alex N Month ago
somebody still does not use https everywhere?
Joey Pereira
Joey Pereira Month ago
5:22 ****Wink****
SpaceMarshmellow
SpaceMarshmellow 2 months ago
She looks like a stereotypical video game hacker. Rainbow hair, a million laptop stickers, and a flannel over top of a somewhat nerdy tshirt
BIGDRILL
BIGDRILL 2 months ago
The thing with VPN's is that you are merely shifting your traffic into another location. The VPN owner could still be tapping into all of your unencrypted HTTP- and DNS-requests. *Here's a few useful tricks to keep you reasonably safe on the internet* - Don't connect to open or public wifi unless you really have to. If an attacker gains physical access to the (legit) wifi access point that is hosting your signal, then they can read all of your unencrypted internet traffic. - Use Two-factor authentication and a password manager with a strong master password. It does not have to be cryptic, something like "MyFavouriteMovieIsSomethingAndMyCatIsOld" works just as good. Just make sure it's something that can't be "social engineered", i.e., extracted from your social media / internet presence through guesswork and investigation. - Use a DNS-provider that supports DoH (DNS over HTTPS), e.g. Quad9 (9.9.9.9) or Cloudflare (1.1.1.1). This is important because whoever hosts your internet can still see your request metadata (what & when) if you are not careful about this. - Ask or force your web browser to always request everything via HTTPS. The websites that don't support HTTPS should be avoided like the plague. - Use a privacy-focused web browser if you are genuinely concerned about your privacy. Websites can still identify you using a technique called "browser fingerprinting". This means that any website that really wants to identify you can do that if you are using a "generous" web browser like Google Chrome, even if you are using "incognito mode", a VPN and HTTPS. Use amiunique.org/ to see if your browser fingerprint is identifiable. - Use a VPN that respects your privacy and does not sell your traffic logs. Try to look for a VPN that has had its codebase vetted by a reputable cybersecurity company. Remember, they can also access your unencrypted internet traffic.
crusher194
crusher194 2 months ago
I was kinda hoping for an actual pineapple
Kats
Kats 2 months ago
It should be known that the vast majority of websites nowadays utilize HTTPS which added a layer of RSA encryption onto the standard HTTP protocol. RSA is an encryption scheme explicitly designed to prevent man-in-the-middle attacks from seeing the data you send and receive. It can still see the basic HTTP request to the website, but it won't be able to see any of the content, neither web pages or login credentials.
stir fry Cantonese noodle special part 2
This is quite an ineffective way, just run Kali Linux n run a lil wireshark sniffer between your router, n even encrypted sites aren't that safe
Marshie420
Marshie420 2 months ago
you guys should do a video on getting high on benadryl, it's insane
MCMH2000
MCMH2000 2 months ago
Sweeeeeet... Hak5 on modern rogue...
Trevor
Trevor 2 months ago
Wow you can see cookies for shit that's not https. Too bad everything is https. Literally nothing to be worried about.
Varlshunger
Varlshunger 2 months ago
You guys should make a video about images meta data. Using images meta data you can determine exactly where someone took there last selfy via the GPS saved into the image file when it was taken and also the direction it was taken in, as well as the time and date of course. Theres methods to remove them and I think all this information about this security hole is useful for everyone to know. Also there's a great story about the US military and uploading images of there new war planes going wrong because of image meta data.
Marshall Kell
Marshall Kell 2 months ago
this is why I always turn wifi off unless I'm home, lmao. I knew my paranoia would come in handy one day.
zer0c00l
zer0c00l 2 months ago
Why did I just find this channel?
Jason Murphy
Jason Murphy 2 months ago
Welcome!
Branom Braydon
Branom Braydon 2 months ago
This channel is a godly creation. Great music in the background, two great dudes doing stupid shit... Yeah, basically any guy's wet dream
Peter Banham
Peter Banham 2 months ago
Random and stupid question, where would I get it? XD
Dylan Evans
Dylan Evans 2 months ago
WHATS A PINEAPPLE
Marvel Lover
Marvel Lover 2 months ago
You should have a monthly magazine that people can subscribe to like hot rod, I know you have the daily articles but I would love to have a modern rogue magazine to sit and read in random places
diggtech
diggtech 2 months ago
The following phrase is for Jason. All stress is self-induced, it's in your mind, you don't need it, lay it down. Panic is contagious, but so is calm, stay calm, do your work. Slow is smooth, smooth is smart, smart is straight, straight is deadly.
Turk Sandwich
Turk Sandwich 2 months ago
dustbrothers.com is pretty funny. I haven't seen a website like that in a while.
ุุ ุ
ุุ ุ 2 months ago
2late
Nathan Huisman
Nathan Huisman 2 months ago
7:40 HA! TRY CHANGING YOUR MAC ADDRESS.
Nathan Huisman
Nathan Huisman 2 months ago
my favorite attack is ARP-spoofing
humphrey707
humphrey707 2 months ago
So basically you can do like that one thing done i black mirror with the black mailing
GameMR
GameMR 2 months ago
"This video is sponsered by Nord VPN"
Underwood Industries
You did an episode on cigars, do one on pipe
Macho Sancho
Macho Sancho 2 months ago
Hey, wtf happen to the modern rogue world headquarters? I was pretty stoked about that.
Brandt Hughes
Brandt Hughes 2 months ago
We've been shooting at HQ for months. ... this video that you commented on is at HQ.
Acid Beard
Acid Beard 2 months ago
5:35 the ip is right there no blurring
crackrocks75
crackrocks75 2 months ago
im really glad i stumbled upon this channel, i subbed when you only had 2 to 3 videos on your channel. each month i wait in excitement for another episode lol
Darksamich 11
Darksamich 11 2 months ago
I love all her anime stickers on the laptop. I’m not brave enough to publicly display deep down I’m a filthy weeb.
Luis Erb
Luis Erb 2 months ago
" it is, what it needs to be"
idiotproof90
idiotproof90 2 months ago
Stealing is a sin. So are sexual jokes, lust, and pornography
Pro Games
Pro Games 2 months ago
Honestly thanks for making this shit easier will make my job a lot better, have to get my hands on some of this equipment
Connor linchet
Connor linchet 2 months ago
"for your fire starter vids idea" *plant food packets(like the ones you get when you buy flowers from a store) and antifreeze* its a thing and iv seen it done and holy crap i was amazed
John Smith
John Smith 2 months ago
I remember how shocked I was when I first saw a movie advertised and the ad included a website that was just about that one movie. I wish I could remember what movie it was, but I was blown away and part of me could not believe in something SO cool and big being done for just one movie.
Nathan Jones
Nathan Jones 2 months ago
Is it weird to have a little bit of a youtube crush on Shannon Morse? It's probably weird
chicken
chicken 2 months ago
that girl loves stickers.
Anthony Wyse
Anthony Wyse 2 months ago
So for those not educated in IT. If you use a free WiFi make sure you use a trusted VPN. I'm sure it's been commented but just putting it out there again. Also you pretty much should never use an open WiFi if you can help it. Use your phone or get a hotspot for remote work especially.
Trace Vendetta
Trace Vendetta 2 months ago
I just wanted to say the editing of the video is so impressive!!
Koty Wilkinson
Koty Wilkinson 2 months ago
I love hak5
Peter Murphy
Peter Murphy 2 months ago
I'm fairly sure Brian was singing Aristocats - Scales and Arpeggios at the beginning
TheLiasas
TheLiasas 2 months ago
that smile is so hot
DasVERMiT
DasVERMiT 2 months ago
6:14 - I have a pen... I have pineapple... UH... *PineapplePen!*
Luke Turner
Luke Turner 2 months ago
I'm guessing Tor vs a Pineapple is also effective protection
Willisthehy
Willisthehy 2 months ago
You guys should make a ultimate modern rogue course, where you put all your modern rogue knowledge to the test. Like you have to find dead drops, take down people with martial arts and nunchucks, get ride of the meat of the thing they stacked in rye, parkour, set and find bugs, find and place hidden cameras, try to solve a crime, all the things that you have ever covered in modern rogue just in a course
RedWolfe
RedWolfe 2 months ago
Penetration testing ( ͡° ͜ʖ ͡°)
Wizball
Wizball 2 months ago
ayyy so cool that snubs came on the show!
Parker Voltaire
Parker Voltaire 2 months ago
I love that Mr. Robot sticker you have Brian
KEEPMOVN
KEEPMOVN 2 months ago
Imagine if julius cesar or genghis khan knew about this. O lord help us all
NochSoEinKaddiFan
NochSoEinKaddiFan 2 months ago
She looks so happy, I think she loves her job :D I like her! And it is a good think to refresh the fact that these risks are out there and pretty easy to set up once you know the basics.
Charles Sloat
Charles Sloat 2 months ago
this episode made me paranoid. never gonna use wifi without vpns ever again.
Jason Murphy
Jason Murphy 2 months ago
It's pretty alarming, right?
HALAVLUV
HALAVLUV 2 months ago
9:11 "Oh! Those are certificates from the site you're in" some time later "Oh! That site was secure! Who could've known?"
JW
JW Month ago
+HALAVLUV thanks :)
JW
JW Month ago
+HALAVLUV I appreciate the response, but I'm actually a software dev with a focus on security, so I'm well versed in assymetric encryption :) I was just wondering why the requests weren't visible at all, although, as we've discussed, it must just the pineapple/module config
HALAVLUV
HALAVLUV Month ago
Guess it's a configuration of the device. Even if it was visible there would be no realistic way for it to decrypt the messages, so you wouldn't be able to see anything except for the IP address and maybe the domain of the site. If you find this interesting you should read about asymmetrical encryptions (Don't let the name scare you, it's actually interesting)
JW
JW Month ago
+HALAVLUV sorry, to clarify, I understand that. But I'm just confused as to why the encrypted requests themselves weren't visible. Or is encrypted content not displayed when using dwall (sort of makes sense)?
HALAVLUV
HALAVLUV Month ago
+JW That's because when you have a VPN on and you're visiting a website, you're not the one that connects to it. Your VPN connects to the site for you, and then sends you the web page it found. The conversation between you and the VPN is encrypted, so if the pineapple would catch encrypted traffic, you'd see that Brian's phone is only talking to TunnelBear's servers.
Keksm28
Keksm28 2 months ago
I was just listening to 8D audio and regular audio sounds weird now
Totally Someone
Totally Someone 2 months ago
Everytime she smiles while talking about this makes me feel less safe and more scared
Raven
Raven 2 months ago
Someone comes bursting through the door "im here for the starbucks"
Tom Kord
Tom Kord 2 months ago
14:35 TIL the 'M' in MKULTRA stands for Murphy.
Tom Kord
Tom Kord 2 months ago
+Jason Murphy Cheers. It was that or 'Murphchurian Candidate.'
Jason Murphy
Jason Murphy 2 months ago
Heh. I like that.
The Flaps
The Flaps 2 months ago
Are you guys planning any more stuff with anthony? I feel like it would be appropriate for a modern rogue to fight with a saber, or rapier.
Jason Murphy
Jason Murphy 2 months ago
We're shooting something next month!
Alex Unofficial
Alex Unofficial 2 months ago
I’m sorry, but I just screamed when Brian made that NCIS reference.
deathstramy
deathstramy 2 months ago
The google
Joel Ottwell
Joel Ottwell 2 months ago
Just thought id say it, but the modern rogue is the of the few things that brings REAL joy into my life
D H
D H 2 months ago
First minutes of the video im wondering why 2 creeps & 1 are in a basement with exposed insulation
Next videos
5 Outrageous Con Men
20:30
How to Copy a Face
38:47
Views 633 000
USB Drive That Steals Files
16:16
Order Whiskey Like a Gentleman
26:28
Laminar Flow DISAMBIGUATION
09:18
Types of Crushes
17:26
Views 855 527
Will It Muffin? Taste Test
14:45