The WiFi Pineapple is a wireless attack tool from Hak5, originally developed for penetration testing. It automatically creates fake wireless networks that disguise themselves as known networks. Smartphones and laptops connect without any user action because they continuously search for previously saved networks and the Pineapple responds to all requests. Once a device is connected, all traffic – passwords, cookies, unencrypted emails – flows through the attacker.
Creates a Wi-Fi hotspot with the same name (SSID) as a legitimate network. Devices automatically connect to the attacker's stronger signal.
Devices send probe requests for all saved networks. The Pineapple responds to ALL these requests, pretending to be every known network.
All traffic from connected devices passes through the Pineapple. HTTP traffic is immediately readable; SSL stripping can be applied to HTTPS.
Upon connecting, a fake login page appears ("Free WiFi – please sign in"). Entered credentials are sent directly to the attacker.
The Pineapple logs and analyzes all requests – which websites are visited, which apps communicate, which data is transmitted.
The Pineapple ecosystem offers numerous modules: DNS spoofing, deauth attacks to disconnect from real APs, WPA handshake capturing, and more.
Simulate how the WiFi Pineapple automatically attracts nearby devices. Start the attack and watch devices connect.
Smartphones and laptops save all Wi-Fi networks they've ever connected to. In the background, they constantly send probe requests – queries like "Is there a network named 'Swisscom-1234' here?". The WiFi Pineapple responds to all these requests, pretending to be the searched network. The device then connects automatically, believing it found a known, trusted network.
1. Disable auto-connect: Turn off "Connect automatically" for public networks (cafés, airports, hotels).
2. Turn off Wi-Fi when not in use: Disable Wi-Fi on mobile devices when you don't need it – no probe requests are sent.
3. Delete saved networks: Regularly remove saved networks you no longer use from your devices.
4. Use a VPN: A VPN encrypts all your traffic – even if you're connected to an evil twin network.
5. Enforce HTTPS: Use browser extensions or enable HTTPS-only mode to prevent unencrypted connections.