It’s that time of year again: Mystery Box Jackpot season! Here's how it works: Our job is to make you feel like you absolutely won the jackpot when you open your Mystery Box. Each and every Mystery Box Jackpot always has more value in it than what you paid for it. 100% of the time. And if you’re not happy? 100% satisfaction guarantee! Wanna snag one before they’re all gone? www.scamstuff.com/products/mystery-box-99 We’re giving away a Mystery Box Jackpot ($99 value) to TWO winners of our weekly free giveaway at gimme.scamstuff.com (no purchase necessary, giveaway ends 2/14/2019) Congrats to the winners of last week’s Cutaway Handcuffs giveaway: Laurent Holin, David Guy, and Kristina Zavala (we will contact you via email within the next two weeks)
Man. I used to use cain and abel back in the day to man in the middle. I wonder if it still works. Also, I built my own bash bunny with a raspberry pi zero after watching the last video you guys did on this.
I'd like to present an Epic Rogue Quest Concept to you. A Next Level Reality Show Concept to make the outdated model obsolete. I'll buy the beer for a virtual presentation.
A vpn can be more secure, but you're also shifting all your traffic to a server that you should trust. They can do the same thing as the pineapple. Luckily all important login portals are https so that doesn't matter. Just use a known good VPN for torrents or streaming content that's Geo restricted.
@@BuddyJesus Yep... most sites are HTTPS so you have to do a little more work lol. Really using MTM and having either your own SSL certs or using phssing websites/login portal to get username/passwords is what you have to do. Can do this HTTP stuff using wireshark... lol.
How did this not become a super long ad for Nord VPN?! That would've been a perfect segway. "What can we do to protect ourselves?" "Apparently use a VPN" "Speaking of which *commences pitch for Nord VPN*"
@@denism8494 its probably better this way, id rather have a product like that priced through the roof, instead of everyone being able to buy one, keeping them out of most ppls hands, limiting the chance bad ppl get their hands on them, and you average joe citizen doesnt really need one anyway
@@menofwar-os1wi if a bad person cannot afford this they probably also dont have the knowledge to use one. They aren't as simple to use as this video makes out, the limiting factor is not the price, it's the knowledge required. I am poor af, and I am an average person, however I also aspire to have a career in cyber security, therefore I would benefit by having one of these. I'm not saying hurr Durr gimme expensive shit for cheap, I'm just saying the actual value is inflated by videos like this that make it seem like a one stop piece of equipment that does everything and turns you into a 1337 H4X0R
@@denism8494 i can see your point of vieuw and understand what you are trying to tell me, and i mostly agree, but wouldnt said knowledge be obtainable through some googling? (and good luck with your carreer in cyber security)
CUZ IM A MODERN ROUUUUGE!! A little Mason Jurphey in my life A little Ryan Bushwood by my side A little bit of Grant is all I need A little bit of B-Rice is what I see A little bit of Scamming in the sun A little Modern Rouging all night long A little bit of Dresspants here I am A little grilled cheese makes me your fan *NAILED IT!!*
Jason screaming about net neutrality will always be the greatest moment on the show. I've caught myself at work trying to find that gif to just leave it on the computer as I'm leaving, so when the next person unlocks it, they are terrified lol
Brian and Jason THANK YOU for having Shannon on the show. I am learning more watching your show than I did attending high school during the summer. Thanks dudes. . . .A special shout-out to Nord VPN; to which I am a proud customer.
You guys should make a ultimate modern rogue course, where you put all your modern rogue knowledge to the test. Like you have to find dead drops, take down people with martial arts and nunchucks, get ride of the meat of the thing they stacked in rye, parkour, set and find bugs, find and place hidden cameras, try to solve a crime, all the things that you have ever covered in modern rogue just in a course
@@pluto8404 It left me whelmed. Like, it did it's job of being a search term. But why not go bigger or go for a complete curveball? Like, grilled cheese smoothie, reverse grilled cheese, grilled cheese without bread or something else absurd... Something that would make any sane person re-read that to make sure it says what they think it says. Basically, what these guys do best, leave their experts concerned or confused.
@Danny when I say overpriced I mean the hardware itself. The majority of the software on the pineapple is community made. I also have a rubber ducky and that's also overpriced
@@Honosklouker Not to mention most modern network cards can't do this either. This is why if you want to make your own (Or one of the related "products" to the full pineapple) you need to buy an old card. And most of the networking companies have sneakily replaced the chips in their products with newer models that do not support promiscuous mode either. So basically, either you'll pay some guy on the internet whatever price he's managed to gouge up for his old network card, or you buy one of these.
It should be known that the vast majority of websites nowadays utilize HTTPS which added a layer of RSA encryption onto the standard HTTP protocol. RSA is an encryption scheme explicitly designed to prevent man-in-the-middle attacks from seeing the data you send and receive. It can still see the basic HTTP request to the website, but it won't be able to see any of the content, neither web pages or login credentials.
True, It's disappointing to see a Hak5 employee grinning when asked if this device can intercept anything, instead of taking the opportunity to clarify this essential point. It's a disservice, really.
My dad is a Computer technician contractor and he harps on me all the time about being careful on public Wi-Fi and never leaving my laptop unlocked unattended
I mean leaving your laptop unlocked and unattended should be common sense not to do, you shouldn't need to be a technician contractor to know that. Then again, I see so many people not bother using passcodes on their phones, so maybe you do.
The reality is: HTTP telnet or other easily crackable non-hash sites/services are NOT common. 99% of your services are HTTPS. Real hackers do Phishing, not sniffing.
14:04 when did this change I know for sure that just not to long ago that you could leave a known pw protect wifi with and "evil AP" with no pw but same SSID and it would connect/could get the pw threw an uncompleted 3 way hand shake and script it to auto update it's pw
I'm considering buying a wi-fi pineapple, and I have been waiting for this episode for SO LONG! Could you guys also do an episode on cracking WEP security?
@@colton9496 That's fair. I know nobody uses WEP, and you can do this with a wifi adapter in monitor mode, but I think WEP's insecurity is a good lesson towards updating your security, and they can go into detail without being too harmful because nobody uses it.
The following phrase is for Jason. All stress is self-induced, it's in your mind, you don't need it, lay it down. Panic is contagious, but so is calm, stay calm, do your work. Slow is smooth, smooth is smart, smart is straight, straight is deadly.
But when you're traveling to a foreign country you really don't have a choice unless you're willing to pay crazy amounts for a prepaid sim with unlimited data. That's why a VPN is a good thing to have.
@@jojo60rules But we're in 2019, not in the first days of https or 'encryption'. Hackers are evolving and they *can* steal your data now even without notifying you. It is much more dangerous to do it now than like in 2010.
It's a good idea to avoid it at all costs, moreso If you have sensetive data on your device or plan on using it for banking or to order online. The real problem isn't just having some script kids with a Pineapple or other system sniff out your data, more advanced MITM attacks exist where the actual portal is spoofed. Then popular websites you may use are also replicated. Imagine logging into Starbucks but Infact you are logging into someone else's machine. If you look around some places you might see a person with a notebook computer in a dark corner looking over his shoulder 👀 while they are sniffing out traffic or running a fake AP.
She looks so happy, I think she loves her job :D I like her! And it is a good think to refresh the fact that these risks are out there and pretty easy to set up once you know the basics.
"for your fire starter vids idea" *plant food packets(like the ones you get when you buy flowers from a store) and antifreeze* its a thing and iv seen it done and holy crap i was amazed
Gross. Everyone who's actually interested in doing something like this without paying for an overpriced device If you have an android. Root it and install cSploit. It's an app you can steal data, and a lot more with. It's a penetration testing tool. I'm saying this because you *totally* shouldn't be using it for illicit purposes. If you have a laptop. Even better! Dual boot linux on it and get a wifi adapter that supports monitor mode. This is very powerful.
I remember how shocked I was when I first saw a movie advertised and the ad included a website that was just about that one movie. I wish I could remember what movie it was, but I was blown away and part of me could not believe in something SO cool and big being done for just one movie.
the wifi pineapple was my favorite system on hacking the system too! It's what got me into watching Brian and Jason, it's also what got me into magic tricks, and of course the modern rogue! love this episode!
Hi loves the pineapple .iam thinking of going on holiday in my camper .what is the distance that I can pick up a Wi-Fi .also could I watch tv through somebody’s Wi-Fi ? because I have a stick for streaming
I am pretty sure of all the people who watched this, half got spooked and changed a lot of their info on their devices and the other half went and got the pineapple.
Get some cover plates for those outlets lol. It's great they put your PEX above your electric! ,,,😮 Sorry I'm an electrician, it bugs me. At least they used GFCI outlets.
Not really... There's a version of this for 3/4g called a ISMI catcher. More or less a fake cell phone tower that does the exact same thing. You may have heard them referred to as stingrays. They can also be used to intercept sms.
@@faint525 You can't intercept traffic with them on 3/4G networks. you can only track devices and know when calls are made and sms are sent but not to who or where since that's still encrypted.
@@faint525 There is NO 3g/4g IMSI cather. Only IMSI catcher there exist is 2g ONLY. 4g (and 5g) will make attacking carrier wireless network even more difficult with MU-MIMO and beamforming so whatever data you are getting could only be catched very close to a straight line beetween cell tower and your device
Last year at the end of February I basically did a man in the middle ‘attack’ although I wouldn’t really call it attack. So it was during the beast from the east (I’m British) and my WiFi wasn’t working that week, but the WiFi of my neighbour was, and on the Apple IOS select WiFi page you can view and even edit different nearby WiFi routers which can connect to. So I came up with the genius idea of maybe I could connect to my neighbors WiFi without the passcode by edit different parts to be identical to my router, and changed my router to be one digit off of what it was before. It worked I got connected and had internet, but then I wasn’t really expecting it to work and put it back immediately because I didn’t know what had happened, but for about 5 minutes I got internet again by bypassing the WiFi next door. I had managed to gain full access to their router.
Well, I can carry out the same attack with my regular rooted android phone or a kali linux laptop. It might be a bit messy to get all those scripts and extended range but that's for sure you shouldn't be that excited over these attacks. You can set up a captive portal easily with fluxion and a kali linux machine. The pineapple is just great for those who wants a shitton of range with easily accessible scripts and can carry it around. In short, you can achieve the same results with a regular laptop running kali and a good network card that supports packet injection and mon mode with a good range.
It sucks that VPNs are so expensive. I would use NordVPN if it were indeed $2 a month. But you have to get the 3 year plan that's almost $400 up front. I dont have that much money to spend at once. Nord is biting themselves in the ass by doing that. NOBODY would use the other overpriced VPNs if they would just charge $2 to $5 a month, contract free.
You could just make your own for that price. Get a cheap server and run the Road Warrior VPN script ( first link in Google). It's faster as it's just you on it and it's encrypted. However you do lose some annoymousity from hiding in the crowd.
You can also quite easily setup your own home VPN using a linux machine and forwarding the correct port on your gateway. A plus of this is if you have a home media server you can access it from anywhere with decent speed and security.
Serious question: besides running VPN software is there anyway to detect a device such as this and prevent these devices from doing all this stuff from the network side? Lets say that there is a family business which doesn't have the financial ability to run the properly secure wifi network devices or wifi security software that will pseudorandomly generate network security keys but they still want to provide wifi connection to their customers...
Any https traffic you won't be able to attack via MITM. also if your access point doesn't support wpa2, it's time for an upgrade. You can eBay an Enterprise grade Cisco access point for 30$, then run it in autonomous mode (meaning no WLC)
@@colton9496 wouldn't that mean I have to understand the Cisco CLI commands? Also I understand the https thing but I was really looking for ideas on how to detect these devices...
1:28 The pineapple (Ananas comosus) is a tropical plant with an edible multiple fruit consisting of coalesced berries, also called pineapples, and the most economically significant plant in the family Bromeliaceae.
13:49 the past searches killed me. I’d like to think that when he looked up Jason Murphy screaming, he couldn’t find it so he then looked up Jason screaming gif modern rogue. 😂😂
Littering mobile devices with stickers isn't just a style thing. It's also an anti theft measure. It lowers the value in mutliple ways: 1. easier to recognize (very bad for stolen goods) 2. cheap stuff is more often full of stickers (so the perceived value goes down) (new expensive business laptops will rarely have stickers because the user often doesn't own them) 3. it will look more used (which lowers the price of anything) And i probably still forgot one or two. If potential thief has the choice this laptop will be more likely left behind.
It’s that time of year again: Mystery Box Jackpot season! Here's how it works: Our job is to make you feel like you absolutely won the jackpot when you open your Mystery Box. Each and every Mystery Box Jackpot always has more value in it than what you paid for it. 100% of the time. And if you’re not happy? 100% satisfaction guarantee!
Wanna snag one before they’re all gone? www.scamstuff.com/products/mystery-box-99
We’re giving away a Mystery Box Jackpot ($99 value) to TWO winners of our weekly free giveaway at gimme.scamstuff.com (no purchase necessary, giveaway ends 2/14/2019)
Congrats to the winners of last week’s Cutaway Handcuffs giveaway: Laurent Holin, David Guy, and Kristina Zavala (we will contact you via email within the next two weeks)
Man. I used to use cain and abel back in the day to man in the middle. I wonder if it still works. Also, I built my own bash bunny with a raspberry pi zero after watching the last video you guys did on this.
Stop honeydicking us lol! When she said “honeypot” I about died
I'd like to present an Epic Rogue Quest Concept to you. A Next Level Reality Show Concept to make the outdated model obsolete. I'll buy the beer for a virtual presentation.
Ask yourself. WWWDD, if he was a Rogue? Your concept is inspiring.
Hi if you read this I think you should do a video on 3d printed guns it would be so cool
Welcome to the barely legal show.
Dude she's like 32
bubbathedm man i was NOT talking about that i was talking about hacking.
XD but still. You do realise she's like 32..
@@user-cf3so7mi2o she got dp;),and welcome to NSA watchlist Hiya Interpol too ;)
Legal Adjacent.
This video was sponsored by Nord VPN
ORLY?
8 minutes ago... man I came so close to god
so happy to see you supporting these guys. They have been pioneers on youtube since the start with Scam School.
you make vids demonized WHY WWHHHYYYYYYY
And pornhub
"For the uninitiated, what is a pineapple?" - Mr Brian Allen Brushwood, 2019
"Is a pineapple an instrument?"
Doesn't it need a pen, or something?
It's what you call a guy with incredibly overdone spiky hair?
Guybrush Threepwood
@@rlee1185 omg yes
1:48 "If I run that through 'the' Google"
Dad just give me the keyboard.
No son i wanna do it, now how do you spell the first letter in man?
fancy seeing you here
Wait you watch the modern rogue?!
I didn’t know you watched this
12:53 350,000 unread emails, why won't you answer me Bry???
Damn
I thought my 200 unread was bad
Holy shit thats alot of unread emails, you'd think hes trying to set a record or something
Lol and the Taco Bell app next to the Health app
search history: blairwitch, khaaaaaan, jason murphy screaming, jason screaming gif modern rogue, grilled cheese | lmao
“Does a vpn make you safer?”
**Proceeds to only use secure sites to test theory
“Wooooooow it’s not being detected”
Zac Chapman you’re right https is encrypted
Would have been nice if she showed SSLsplit, or something to handle proxying HTTPS connections. The majority of sites today have moved to HTTPS.
A vpn can be more secure, but you're also shifting all your traffic to a server that you should trust. They can do the same thing as the pineapple. Luckily all important login portals are https so that doesn't matter.
Just use a known good VPN for torrents or streaming content that's Geo restricted.
Wasn't Nord VPN hacked?
@@BuddyJesus Yep... most sites are HTTPS so you have to do a little more work lol. Really using MTM and having either your own SSL certs or using phssing websites/login portal to get username/passwords is what you have to do. Can do this HTTP stuff using wireshark... lol.
7:37 - Brian: I'm not comfortable with sharing the names of my devices, that used to be me.
7:41 - Shows the MAC address of the phone.
How did this not become a super long ad for Nord VPN?! That would've been a perfect segway.
"What can we do to protect ourselves?"
"Apparently use a VPN"
"Speaking of which *commences pitch for Nord VPN*"
cause it is actually a super long ad for wifi pineapple. notice the sales links in the desc? hak5 are cool but overpriced.
@@denism8494 its probably better this way, id rather have a product like that priced through the roof, instead of everyone being able to buy one, keeping them out of most ppls hands, limiting the chance bad ppl get their hands on them, and you average joe citizen doesnt really need one anyway
@@menofwar-os1wi if a bad person cannot afford this they probably also dont have the knowledge to use one. They aren't as simple to use as this video makes out, the limiting factor is not the price, it's the knowledge required. I am poor af, and I am an average person, however I also aspire to have a career in cyber security, therefore I would benefit by having one of these. I'm not saying hurr Durr gimme expensive shit for cheap, I'm just saying the actual value is inflated by videos like this that make it seem like a one stop piece of equipment that does everything and turns you into a 1337 H4X0R
@@denism8494 i can see your point of vieuw and understand what you are trying to tell me, and i mostly agree, but wouldnt said knowledge be obtainable through some googling? (and good luck with your carreer in cyber security)
Denis Mcdougall exactly this
If I'm ever in the Austin area, I'm totally knocking on the door of the MR compound and asking "Excuse me, is this the Starbucks?"
And they open the door and throw a Manhattan at you.
TWO ONE TWO
@@zaxtonhong3958 Hey, free drink! They can keep the vermouth and the bitters and just throw the bourbon at me, I won't complain.
“This is a lab environment”
*Bare insulation in the background*
Zac Chapman that is because its a bare insulation testing lab. You should watch their video comparing rock wool with fiberglass. 20 minutes of gold.
I'm taking a security class right now, and this channel has given me so many good ideas for projects.
How did the classes go?
@@AngelusNielson Pretty well thanks, I did a presentation on the dark web. Thanks for reminding me of that class
@@NathanScott Not a problem! Glad you had fun.
loving those google searches. "khaaaaaan", "jason murphy screaming", "jason screaming gif modern rogue", "grilled cheese"
CUZ IM A MODERN ROUUUUGE!!
A little Mason Jurphey in my life
A little Ryan Bushwood by my side
A little bit of Grant is all I need
A little bit of B-Rice is what I see
A little bit of Scamming in the sun
A little Modern Rouging all night long
A little bit of Dresspants here I am
A little grilled cheese makes me your fan
*NAILED IT!!*
Rian Rushwood was the fake name Brian used in an earlier ep
A play on his actual name, Brian Brushwood
@@StrokeMahEgo fact fail.
StrokeMahEgo woosh
Rogue.
AHHHHHHHHHHHHUH!
Jason screaming about net neutrality will always be the greatest moment on the show. I've caught myself at work trying to find that gif to just leave it on the computer as I'm leaving, so when the next person unlocks it, they are terrified lol
Brian and Jason THANK YOU for having Shannon on the show. I am learning more watching your show than I did attending high school during the summer. Thanks dudes. . . .A special shout-out to Nord VPN; to which I am a proud customer.
Shannon is great! We hope to do more with her soon.
You guys should make a ultimate modern rogue course, where you put all your modern rogue knowledge to the test. Like you have to find dead drops, take down people with martial arts and nunchucks, get ride of the meat of the thing they stacked in rye, parkour, set and find bugs, find and place hidden cameras, try to solve a crime, all the things that you have ever covered in modern rogue just in a course
13:48 Are we just gonna ignore Brian's search history?
Oh. My. God.
He searched for grilled cheese. What a sicko
@@pluto8404 It left me whelmed. Like, it did it's job of being a search term. But why not go bigger or go for a complete curveball?
Like, grilled cheese smoothie, reverse grilled cheese, grilled cheese without bread or something else absurd... Something that would make any sane person re-read that to make sure it says what they think it says. Basically, what these guys do best, leave their experts concerned or confused.
jason murphy screaming gif
whoops this isn't google
Some Jason Murphy issues
Mad props to Brandt for somehow making Jason singing Mambo No. 5 the most unsettling thing I've seen all year.
Haha, I aim to please
The description perfectly fits what I thought when I saw the thumbnail thing while the video opened
Why does no one else seem at all concerned that one of Brian's most recent searches was, "Jason Murphy screaming"?
NathanielCF My safe place song is Mambo Number 5. Brian’s safe place song is me screaming.
I love when two of my favorite UA-cam channels do a cross over episode. It's like when the Harlem Globe Trotters guest star on Scooby Doo
WHEN JASON STARTED SINGING LOU BEGA!!!
Jason just became the favorite. Brian will have to try harder now, lol
The Wi-Fi Pineapple is overpriced tho. I have a nano and I love it but still its still overpriced. Love Hak5 too
Root your android device and download cSploit.
@Danny when I say overpriced I mean the hardware itself. The majority of the software on the pineapple is community made. I also have a rubber ducky and that's also overpriced
@@ScibbieGames can't use monitoring mode with modern android phones sadly.
@@Honosklouker Not to mention most modern network cards can't do this either. This is why if you want to make your own (Or one of the related "products" to the full pineapple) you need to buy an old card. And most of the networking companies have sneakily replaced the chips in their products with newer models that do not support promiscuous mode either.
So basically, either you'll pay some guy on the internet whatever price he's managed to gouge up for his old network card, or you buy one of these.
I have the mark 5, old, but still a goodie, with a 16dbi yagi. But then again, the same thing can be done on a linux machine with an usb alfi antenna.
“How many things did you infiltrate?”
*”Everything.”*
It should be known that the vast majority of websites nowadays utilize HTTPS which added a layer of RSA encryption onto the standard HTTP protocol. RSA is an encryption scheme explicitly designed to prevent man-in-the-middle attacks from seeing the data you send and receive. It can still see the basic HTTP request to the website, but it won't be able to see any of the content, neither web pages or login credentials.
True, It's disappointing to see a Hak5 employee grinning when asked if this device can intercept anything, instead of taking the opportunity to clarify this essential point. It's a disservice, really.
My dad is a Computer technician contractor and he harps on me all the time about being careful on public Wi-Fi and never leaving my laptop unlocked unattended
Listen to him.
Bet you don't cover up your webcam with tape
I mean leaving your laptop unlocked and unattended should be common sense not to do, you shouldn't need to be a technician contractor to know that. Then again, I see so many people not bother using passcodes on their phones, so maybe you do.
Stop being a dumbass and he'll stop calling you one.
@@spencershaw7818 he does, he just uses transparent tape.
12:01
Shannon: What is king of mouths?
Brian: I don't know what you're talking about
The reality is: HTTP telnet or other easily crackable non-hash sites/services are NOT common. 99% of your services are HTTPS. Real hackers do Phishing, not sniffing.
Real hackers pop RCEs and 0days
Real hackers have the patience to wait for the 1% to occur.
The "For the uninitiated , what is a pineapple ? " part made my day . SUBSCRIBED !
14:04 when did this change I know for sure that just not to long ago that you could leave a known pw protect wifi with and "evil AP" with no pw but same SSID and it would connect/could get the pw threw an uncompleted 3 way hand shake and script it to auto update it's pw
These have slowly creeped their way into my favorite MR episodes.
Everytime she smiles while talking about this makes me feel less safe and more scared
This is some costly production featuring multiple cameras and studio lights! You are raising the bar.
I'm considering buying a wi-fi pineapple, and I have been waiting for this episode for SO LONG! Could you guys also do an episode on cracking WEP security?
Nobody uses wep, and just buy a WiFi adapter that supports running in monitoring mode. No need for this junk.
@@colton9496 That's fair. I know nobody uses WEP, and you can do this with a wifi adapter in monitor mode, but I think WEP's insecurity is a good lesson towards updating your security, and they can go into detail without being too harmful because nobody uses it.
The following phrase is for Jason. All stress is self-induced, it's in your mind, you don't need it, lay it down. Panic is contagious, but so is calm, stay calm, do your work. Slow is smooth, smooth is smart, smart is straight, straight is deadly.
You guys brought the weaboo back! Nice 😄
i love herrr she seems so nice (and of course scary powerful with hacker knowledge)
@@lisdmon6538 I really hope you are joking about her hacker knowledge LOL
Brian’s never left though?
it's spelled "webelo"
@@MexieMex How would you classify 'hacker knowledge' ?
So glad yall did a collab with Hak5's Shannon
That hotspot honey pot with man in the middle is yearning for some penetration testing... Perhaps there's even a backdoor involved!?
I like how they were happy with how the VPN stopped the Pineapple, when they were already only looking at websites with HTTPS
I never connect to public wifi. It seems pretty ridiculous to do that in 2019.
Agreed. Thank you unlimited data.
But when you're traveling to a foreign country you really don't have a choice unless you're willing to pay crazy amounts for a prepaid sim with unlimited data. That's why a VPN is a good thing to have.
Why? If anything it's much safer to do it in 2019. Every modern website has https. All modern browsers warn you if that's not the case.
@@jojo60rules But we're in 2019, not in the first days of https or 'encryption'. Hackers are evolving and they *can* steal your data now even without notifying you. It is much more dangerous to do it now than like in 2010.
It's a good idea to avoid it at all costs, moreso If you have sensetive data on your device or plan on using it for banking or to order online.
The real problem isn't just having some script kids with a Pineapple or other system sniff out your data, more advanced MITM attacks exist where the actual portal is spoofed. Then popular websites you may use are also replicated. Imagine logging into Starbucks but Infact you are logging into someone else's machine.
If you look around some places you might see a person with a notebook computer in a dark corner looking over his shoulder 👀 while they are sniffing out traffic or running a fake AP.
Keyword here DO NOT use wifi you do not pay for and have secured. If I am away from home I run EVERYTHING on my unlimited cell data.
Are y'all going on tour ever?
That dude needs to chill out on the caffeine. Let the lady speak for f*cks sake! I can't imagine how uncomfortable she probably feels.
When's the arm wrestling episode?
She looks so happy, I think she loves her job :D
I like her! And it is a good think to refresh the fact that these risks are out there and pretty easy to set up once you know the basics.
"for your fire starter vids idea"
*plant food packets(like the ones you get when you buy flowers from a store) and antifreeze*
its a thing and iv seen it done and holy crap i was amazed
This video had more tips in simple hosts commentary then my IT lessons in highschool.
6:14 - I have a pen... I have pineapple... UH... *PineapplePen!*
You guys are so much fun to watch and learn.Thanks
Gross.
Everyone who's actually interested in doing something like this without paying for an overpriced device
If you have an android. Root it and install cSploit. It's an app you can steal data, and a lot more with.
It's a penetration testing tool. I'm saying this because you *totally* shouldn't be using it for illicit purposes.
If you have a laptop. Even better! Dual boot linux on it and get a wifi adapter that supports monitor mode. This is very powerful.
Or just use tshark. Although this has more uses for MITM than just capturing packets over an open network.
Specifically get Kali linux for stuff like this. It comes with a ton of tools for this kind of thing preloaded.
Install magisk, then the nethunter module. Will be completely useless because script kiddie.
Zanti is another option for android.
I just use wifikill so the wifi is faster for me
I remember how shocked I was when I first saw a movie advertised and the ad included a website that was just about that one movie. I wish I could remember what movie it was, but I was blown away and part of me could not believe in something SO cool and big being done for just one movie.
Just watched the other hacking eps, glad to see another!!!
I just wanted to say the editing of the video is so impressive!!
Damn is it just me or is she super touchy feely with Brian
You say that like most women who watch this wouldn't be
What woman wouldn't be with Brian
@@moombadoomtrooper8590 why you gotta discriminate
Jason's wife will cut a bitch. It's just safer.
I like to imagine them reading these comments
This was super informtive and very well explained. Good show.
you dont need a pineapple to do mitm... i mean, not that i would know...
I mean the pineapple does make it nice and pretty, heaven for script kiddies
And this is why I have carburetors and CB radios🤣
WHAT IS A PINAPPLE!?!?!!?
the wifi pineapple was my favorite system on hacking the system too! It's what got me into watching Brian and Jason, it's also what got me into magic tricks, and of course the modern rogue!
love this episode!
what episode is that? i wanna watch it too!
@@Givisba it wasn't an episode! it was their netflix special a few years ago
Commenting b4 i watch, bet its nord vpn. As first comment, i stand corrected
Great on camera chemistry. Nothing but good vibes
thanks!
I'm guessing Tor vs a Pineapple is also effective protection
Basically pretending to be a cat. Maybe I should let my black cat Jinx sleep on the keyboard LOL
Her laptop is the Kawaii hotspot
Kawai-fi?
HM01 you deserve my like. just take it
HM01 Ohhhhh I got your name lol
Cut/Fly/RockSmash/firethrower
That’s how my charizard was.
Hi loves the pineapple .iam thinking of going on holiday in my camper .what is the distance that I can pick up a Wi-Fi .also could I watch tv through somebody’s Wi-Fi ? because I have a stick for streaming
😂😂😂the ending!!👌🏼👌🏼👌🏼 thought I was the only one who sings Mambo #5 to myself to calm down & go to my happy place 😂😂😂😂😂
I am pretty sure of all the people who watched this, half got spooked and changed a lot of their info on their devices and the other half went and got the pineapple.
Get some cover plates for those outlets lol. It's great they put your PEX above your electric! ,,,😮 Sorry I'm an electrician, it bugs me. At least they used GFCI outlets.
Shannon and Brian .... hak5 and scam school from the revision 3 days on the same set. My two favorite shows of all times!!
So using standard 3 or 4g is safer than wifis?
Not really...
There's a version of this for 3/4g called a ISMI catcher. More or less a fake cell phone tower that does the exact same thing. You may have heard them referred to as stingrays. They can also be used to intercept sms.
@@faint525 You can't intercept traffic with them on 3/4G networks. you can only track devices and know when calls are made and sms are sent but not to who or where since that's still encrypted.
@@faint525 There is NO 3g/4g IMSI cather. Only IMSI catcher there exist is 2g ONLY.
4g (and 5g) will make attacking carrier wireless network even more difficult with MU-MIMO and beamforming so whatever data you are getting could only be catched very close to a straight line beetween cell tower and your device
She looks like a stereotypical video game hacker. Rainbow hair, a million laptop stickers, and a flannel over top of a somewhat nerdy tshirt
“This thing looks dangerous”, dude it just looks like a router
Yeah but why would you bring a router to a public place xD
The other day I found a USB on the side of the streat. If I didn't see the last episode, I would've plugged it in, thanks Modern Rouge!
Just buy a raspberry pi and a mon mode wifi adapter, it’s way cheaper.
Help me out bro, I have no idea about any of this but I need help :(
azainho makahue if you want to learn then learn linux and python 3 first, after that learn a bit of networking and make a lab.
OMG. You got Shannon Morse on your show??
Ok. You're a REAL show now!😂😂
I just might subscribe. 😎
Did Brian leave his bartending job or is he a hacker on the side?
I’m a legitimate hacking bartender.
Glad to see Shannon back, and a very informative video! Very scary!
Wireless: 0
Wired: 1
Flawless Victory
(Except not mobile)
And no radiation and wired is faster!
Last year at the end of February I basically did a man in the middle ‘attack’ although I wouldn’t really call it attack. So it was during the beast from the east (I’m British) and my WiFi wasn’t working that week, but the WiFi of my neighbour was, and on the Apple IOS select WiFi page you can view and even edit different nearby WiFi routers which can connect to. So I came up with the genius idea of maybe I could connect to my neighbors WiFi without the passcode by edit different parts to be identical to my router, and changed my router to be one digit off of what it was before. It worked I got connected and had internet, but then I wasn’t really expecting it to work and put it back immediately because I didn’t know what had happened, but for about 5 minutes I got internet again by bypassing the WiFi next door. I had managed to gain full access to their router.
I just need my wifi adapter and my linux machine 🤐
How do you do that?
True
I just need my android phone.
u can basically make your own pineapple thing
if you're interested
just reply and i'll contact you
u can install it on a drone and let it go
Excellent video. Love this sort of content. Keep em coming.
Well, I can carry out the same attack with my regular rooted android phone or a kali linux laptop. It might be a bit messy to get all those scripts and extended range but that's for sure you shouldn't be that excited over these attacks. You can set up a captive portal easily with fluxion and a kali linux machine. The pineapple is just great for those who wants a shitton of range with easily accessible scripts and can carry it around. In short, you can achieve the same results with a regular laptop running kali and a good network card that supports packet injection and mon mode with a good range.
Kali script kid? 🤦♂️
A friend of mine did this on the school. He didn't get expelled... I miss that principal
Wouldn’t this be more of a rouge AP attack since it isn’t really exploiting anything besides the SSID name
As they always say -- it's R-O-G-U-E, there's an OG in Rogue
SPELL IT RIGHT
I love that Jason's calm place is mambo no.5 XD
It sucks that VPNs are so expensive. I would use NordVPN if it were indeed $2 a month. But you have to get the 3 year plan that's almost $400 up front. I dont have that much money to spend at once. Nord is biting themselves in the ass by doing that.
NOBODY would use the other overpriced VPNs if they would just charge $2 to $5 a month, contract free.
You could just make your own for that price. Get a cheap server and run the Road Warrior VPN script ( first link in Google).
It's faster as it's just you on it and it's encrypted. However you do lose some annoymousity from hiding in the crowd.
Mullvad is $5 a month.
I use NordVPN, but you could get the free BearVPN for situations like these when you are on public wifi.
You can also quite easily setup your own home VPN using a linux machine and forwarding the correct port on your gateway. A plus of this is if you have a home media server you can access it from anywhere with decent speed and security.
Serious question: besides running VPN software is there anyway to detect a device such as this and prevent these devices from doing all this stuff from the network side? Lets say that there is a family business which doesn't have the financial ability to run the properly secure wifi network devices or wifi security software that will pseudorandomly generate network security keys but they still want to provide wifi connection to their customers...
Any https traffic you won't be able to attack via MITM. also if your access point doesn't support wpa2, it's time for an upgrade. You can eBay an Enterprise grade Cisco access point for 30$, then run it in autonomous mode (meaning no WLC)
@@colton9496 wouldn't that mean I have to understand the Cisco CLI commands? Also I understand the https thing but I was really looking for ideas on how to detect these devices...
YOOOOOOOOO
GURT
Just thought id say it, but the modern rogue is the of the few things that brings REAL joy into my life
I can see employers do this to employees who think they can hack into their works WiFi and fuck around
1:28 The pineapple (Ananas comosus) is a tropical plant with an edible multiple fruit consisting of coalesced berries, also called pineapples, and the most economically significant plant in the family Bromeliaceae.
Space Jam website was literally the first thing that came to my mind for extremely outdated websites.
Shannon:"Even the websites you visit" *SMILES LIKE A MANIAC*
13:49 the past searches killed me. I’d like to think that when he looked up Jason Murphy screaming, he couldn’t find it so he then looked up Jason screaming gif modern rogue. 😂😂
I can confirm that Hotspot Honeypot Man in the Middle is a safe search in normal and images.
I ordered my upgrade!!! Cannot wait for it to get here. Big upgrade from my mark 5
Love the Legend of Zelda shirt and all the hacking skills.
Also great stickers on the laptop.
Littering mobile devices with stickers isn't just a style thing. It's also an anti theft measure.
It lowers the value in mutliple ways:
1. easier to recognize (very bad for stolen goods)
2. cheap stuff is more often full of stickers (so the perceived value goes down) (new expensive business laptops will rarely have stickers because the user often doesn't own them)
3. it will look more used (which lowers the price of anything)
And i probably still forgot one or two.
If potential thief has the choice this laptop will be more likely left behind.
The funny thing is that a lot of modern hacking, to my knowledge, is actually social engineering at the bar and on the street
Ayeee old school Scam School
Only a serial killer would play Hearthstone on a vertical phone, Jason