Much needed plugins and features. My experience with Pwnagotchi

Firstly let me say, this is an amazing little device and is super fun to play with. However considering it’s nature it’s a very “noisy” device and approach.

 

As we go about our lives we’re often taking the same routes to get somewhere, or going into corporate settings, cities etc… By doing this we are capturing an enormous amount of handshakes, but here’s the problem.

 

The Pwnagotchi can and will constantly deauth clients even if a handshake was already captured. It will also keep associating to the same networks over and over again and each time it captures the handshake or PMKID for that SSID it overwrites the file.

 

It’s essentially creating a very noticeable attack being client side. Think of devices that are streaming content like a Chromecast, as soon as it looses connection the streaming stops and shows an error. If this repeatedly happens for someone they are going to know something is up.

 

There’s a few features I wish the Pwnagotchi had, that maybe some plugin developers can work on.

 

  • Pwnagotchi should automatically whitelist SSID’s once a complete handshake has been captured. So to ignore those networks and not keep deauth’ing those clients.

  • The ability to quickly disable/enable deauth with a button like the plugins panel. (Less hassle than entering the webcfg and trying to search all those settings on a small screen like your mobile). This way we can easily disable deauth if we’re going into somewhere we’d like to be a little quieter.

  • Some kind of handshake stats panel to show which handshakes were captured on which dates. To sort them and download only the applicable ones, not the old handshakes. This can help you keep track of what’s new, what you’re done with etc…You can already download handshakes directly with the handshakes-dl plugin, however the ability to delete handshake files would also be greatly useful. Especially if the SSID has automatically been added to the whitelist it won’t add the file back into the directory. This will keep your handshake directory much cleaner. You should also be able to remove the SSID from the whitelist here too.

  • It should be more clear what type of info was captured in the PCAP, often running the conversion tools I don’t easily know which one to use. If the PCAP has the PKMID or a handshake. Append capture file name with capture type, PMKID or HS. ex. “MyWiFi-as2X2-PMKID.pcap”.

 

I’d be interested in hearing your thoughts. Projects like this make me wish I learned Python instead of taking the Javascript route, otherwise I’d be building all these.

 

A big thank you to @evilsocket for this project and I can’t wait to see what it develops into.

 

Cheers

5 Likes

Are you sure about this? As far as I can see, pwnagotchi will skip the mac address if the handshake was already collected.

Not from what I’ve seen. It keeps sending association packets even though the PMKID has already been captured. I’ve assumed it sends deauths the same way.

1 Like

yeah, same check. I’ll have a look

Turns out the data gets only saved when pwnagotchi reboots on “blind” status. If you turn it off normaly or reboot, it will forget the already pwnded networks.

Interesting, what’s the “blind” status? Is that the known bug when it can’t find any networks?

exactly^^

I raised the same and was pointed to the webcfg plugin. Indeed, even if not quick like a button in the dashboard, works.