weyne/wifipineapple-wiki
1
0
Fork 0
mirror of https://github.com/hak5darren/wifipineapple-wiki.git synced 2025-10-29 16:59:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
wifipineapple-wiki/add_ssl.md
Rob Fuller 398e44f957 add SSL WebUI change
2014-10-31 14:30:55 -04:00

3.7 KiB
Raw Blame History

Change Pineapple Web UI to SSL

Why

Since the Pineapples are prone to attacks, individuals love to sniff the clear-text credentials as you log into the HTTP interface. This quick guide should walk-through users' on how to protect themselves via SSL...

Install Packages

opkg update
opkg --dest usb install libopenssl
opkg --dest usb install openssl-util

Create config files

mkdir -p /etc/ssl/certs
nano /etc/ssl/openssl.cnf

example contents openssl.cnf:

dir					= .

[ ca ]
default_ca				= CA_default

[ CA_default ]
serial					= $dir/serial
database				= $dir/certindex.txt
new_certs_dir				= $dir/certs
certificate				= $dir/cacert.pem
private_key				= $dir/private/cakey.pem
default_days				= 365
default_md				= md5
preserve				= no
email_in_dn				= no
nameopt					= default_ca
certopt					= default_ca
policy					= policy_match

[ policy_match ]
countryName				= match
stateOrProvinceName			= match
organizationName			= match
organizationalUnitName			= optional
commonName				= supplied
emailAddress				= optional

[ req ]
default_bits				= 2048			# Size of keys
default_keyfile				= key.pem		# name of generated keys
default_md				= md5				# message digest algorithm
string_mask				= nombstr		# permitted characters
distinguished_name			= req_distinguished_name
req_extensions				= v3_req

[ req_distinguished_name ]
# Variable name				Prompt string
#-------------------------	  ----------------------------------
0.organizationName			= Organization Name (company)
organizationalUnitName			= Organizational Unit Name (department, division)
emailAddress				= Email Address
emailAddress_max			= 40
localityName				= Locality Name (city, district)
stateOrProvinceName			= State or Province Name (full name)
countryName				= Country Name (2 letter code)
countryName_min				= 2
countryName_max				= 2
commonName				= Common Name (hostname, IP, or your name)
commonName_max				= 64

# Default values for the above, for consistency and less typing.
# Variable name				Value
#------------------------	  ------------------------------
0.organizationName_default		= Hak5
localityName_default			=
stateOrProvinceName_default		=
countryName_default			= UK
commonName				= pineapple

[ v3_ca ]
basicConstraints			= CA:TRUE
subjectKeyIdentifier			= hash
authorityKeyIdentifier			= keyid:always,issuer:always

[ v3_req ]
basicConstraints			= CA:FALSE
subjectKeyIdentifier			= hash

Prepare Certificates

cd /etc/ssl/certs

Make Private Keys

openssl genrsa -aes128 -out server.key 2048
openssl genrsa -aes128 -out ca.key 2048

Remove Password From Private Key

openssl rsa -in server.key -out server.key

Generate CA Certificate

openssl req -new -x509 -days 3650 -key ca.key -out ca.pem

Generate Certificate Signing Request

openssl req -new -key server.key -out server.csr

Self-Signed Certificate

openssl x509 -req -days 3650 -in server.csr -CA ca.pem -CAkey ca.key -set_serial 01 -out server.pem

Note: Don't forget to install the self-made CA certificate (ca.pem) into your browsers certificate store.

Nginx Configuration

Change /etc/nginx/nginx.conf to:

	server {
	        listen       1471 ssl;		# Port, make sure it is not in conflict with another http daemon.
	        server_name  pineapple;	# Change this, reference -> http://nginx.org/en/docs/http/server_names.html
                ssl_certificate     /etc/ssl/certs/server.pem;
                ssl_certificate_key /etc/ssl/certs/server.key;
                ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
                ssl_ciphers         HIGH:!aNULL:!MD5;

Note: don't forget to change the certificate and certificate key to as you've named them.

Then restart nginx

/etc/init.d/nginx restart