WiFi Pineapple Mark VII

WiFi Pineapple Documentation

The industry standard pentest platform has evolved. Equip your red team with the WiFi Pineapple® Mark
VII. Newly refined. Enterprise ready.

The e-book PDF generated by this document may not format correctly on all devices. For the
most-to-date version, please see https://docs.hak5.org

Setup
Setting up your WiFi Pineapple
Once you've connected to the WiFi Pineapple, this guide teaches you how to navigate the Setup wizard.

Once you've connected to the WiFi Pineapple and it has fully booted, you will be able to access the WiFi
Pineapple Stager at http://172.16.42.1.

The WiFi Pineapple ships with a slimmed down firmware called the stager. This approach enables you to
always have the latest firmware for the out-of-the-box set-up, due to the latest firmware being downloaded.

Getting the latest firmware via Over-The-Air

To start, begin by verifying that you are in the presence of the WiFi Pineapple. You can do this by pressing
the reset button in one of the ways described on-screen.
 Continuing withing the Setup by USB-C Ethernet option will still allow you to use WiFi to
connect to a network and download the firmware.

Next, connect to an Access Point you know the credentials to. Doing this will establish an internet
connection for the WiFi Pineapple, and the latest firmware will be automatically downloaded.
 Only WPA2 and WPA networks are supported in the stager.

After the connection is successfully established, the firmware will be automatically downloaded and flashed
to your WiFi Pineapple. Once the upgrade is complete, you will be able to access the WiFi Pineapple at
http://172.16.42.1:1471 again.
Uploading the firmware manually
As an alternative to getting the firmware over-the-air, you may choose to upload the firmware to the WiFi
Pineapple manually. This can be useful if you are having difficulties connecting to an Access Point, or if you
don't have one available.

To start, begin by downloading the latest firmware from the Hak5 Download Portal. The latest releases are
always at the top of the table, and highlighted blue.

Once the file is downloaded, verify the SHA256 sum with the one listed on the download portal.

If the SHA256 sum of the downloaded file does not match the one listed on the website, do not
upload it to the WiFi Pineapple, as it may be corrupted.

Next, you can upload it to the WiFi Pineapple by clicking the upload a firmware instead link on the
Network page.
After uploading, the file will be checked and flashed to the WiFi Pineapple.

Connecting to the WiFi Pineapple on Linux

This guide teaches the basics of connecting to the WiFi Pineapple on Linux-based operating systems.

Configuration via GUI

To configure the WiFi Pineapple's USB Ethernet interface, you can use the NetworkManager GUI commonly
included in Linux distributions.

1. Connect the WiFi Pineapple to your computer via the USB-C cable.
2. Once the device has fully booted, open your computers networking settings.

3. Find the new USB Ethernet device, and configure it to use the following IPv4 settings:
1. IP: 172.16.42.42

2. Netmask: 255.255.255.0
3. Gateway: Unset, or 0.0.0.0
 You may need to disconnect and reconnect the interface for your changes to take place.

Configuration via CLI

To configure the WiFi Pineapple's USB Ethernet interface via the command line, you can make use of the
ip tools commonly included in Linux distributions.

1. Connect the WiFi Pineapple to your computer via the USB-C cable.
2. Once the device has fully booted, open the Terminal emulator and run the following:

1 $ sudo ip link set eth0 down

2 $ sudo ip addr add 172.16.42.42/255.255.255.0 dev eth0
3 $ sudo ip link set eth0 up

Connecting to the WiFi Pineapple on Windows

This guide teaches the basics of connecting to the WiFi Pineapple on Windows.

The following guide is designed to work on Windows 11, although the same or similar steps
apply to Windows 10/8.1/8/7 too.

Configuration via GUI

Start by opening the Network & Internet settings in the Windows settings application. Scroll down to
Related settings and click More network adapter options.
In the new window, right click the adapter that represent your WiFi Pineapple and select Properties. Then,
select the text Internet Protocol Version 4 (TCP/IPv4), and then click Properties again.

In the new properties window, configure the following static settings:

IP Address: 172.16.42.42
Subnet Mask: 255.255.0.0
Default Gateway: Blank

Preferred DNS: 8.8.8.8

Alternate DNS: 8.8.4.4
 You may set your own preferred and alternate DNS servers if desired, but Google's DNS is
recommended.

Connecting to the WiFi Pineapple over WiFi

This guide instructs you on how to connect to the WiFi Pineapple's Open AP during setup.

The WiFi Pineapple serves an Open AP for you to connect to for the purposes of completing device setup.
The SSID of the AP is Pineapple_XXXX , where the 'XXXX' is the last 4 characters of the devices MAC
address.

After connecting to the AP, you will receive an IP via DHCP from the WiFi Pineapple.

Setup by USB Disk

The WiFi Pineapple may be provisioned "headless" — meaning without intervention interactively. This
means that you can take a fresh WiFi Pineapple Mark VII out of its box and set it up with the latest firmware
and your settings of choice without connecting it to a computer or smartphone.

Preparing the USB drive

Once prepared, the USB drive will be properly formatted and contain a config.txt file, an upgrade-x.x.x.bin
file, and optionally a device.config file (if using with Cloud C2).

Format the drive

The USB drive must contain only a single partition and be formatted as one of the following:

ext4
exFAT / FAT
NTFS
Download the firmware

Once your USB drive has been formatted with a supported filesystem, Download the upgrade file from the
Hak5 Download Portal to the root of the USB drive.

Make sure you keep the original name of the file (upgrade-x.x.x.bin).

It is best practice to validate file integrity by verifying the SHA256 sum of the download.

Create the config.txt

On the root of the USB flash disk, create a config.txt file using a standard text editor such as Notepad
(Windows), textEdit (Mac), or vim/nano (Linux) containing the below information. Make sure the txt file is
saved in ASCII format. Modify the settings as per your desired configuration.

1 # This file automatically configures the WiFi Pineapple.

2 # To enroll your WiFi Pineapple automatically, edit the below variables.
3 # Save as config.txt on the root of an ext4/exFAT/FAT/NTFS USB flash drive.
4 # Connect to the WiFi Pineapple USB host port before applying power for the
5 # first time. During firmware installation, the LED will flash Red/Blue.
6 # DO NOT DISCONNECT POWER DURING FIRMWARE INSTALLATION!
7 # For more information, visit https://docs.hak5.org
8 #
9 # General System Configuration
10 #
11 ROOT_PASSWORD="hak5pineapple"
12 HOSTNAME="pineapple"
13 TIMEZONE="utc"
14 #
15 # Wireless AP Configuration
16 #
17 MANAGEMENT_SSID="Pineapple_Management"
18 MANAGEMENT_PSK="AGoodWPA-PSKPassphrase"
19 MANAGEMENT_HIDDEN=1
20 MANAGEMENT_DISABELD=0
21 OPEN_SSID="Open"
22 OPEN_HIDDEN=0
23 COUNTRY_CODE=US

24 #
25 # Filters Configuration
26 #
27 CLIENT_FILTER="ALLOW"
28 SSID_FILTER="ALLOW"
29 #
30 # Hak5 Cloud C2 Configuration
31 #
 32 ENABLE_C2=1
33 #
34 # Software License Agreement:
35 # https://hak5.org/pages/software-license-agreement
36 #
37 ACCEPT_LICENSE=TRUE

Add the Cloud C2 provisioning file (optional)

In addition to the config.txt and upgrade-x.x.x.bin files on the root of the USB drive, a Cloud C2 device.config
provisioning file may be included.

To generate this file, create a new WiFi Pineapple device on your Cloud C2 instance, then navigate to the
device's overview page and click the Setup button from the description card.

Power on the WiFi Pineapple with the USB Drive

From a powered off state, place your USB drive into the USB Type-A port on the WiFi Pineapple, then
connect it to a power source. Once the device is fully booted, it will automatically mount and find the
upgrade file on the device. If the firmware file is valid, the device will then perform the firmware upgrade and
reboot as indicated by the flashing red/blue LED.

During the firmware installation process, as indicated by the red/blue LED status, DO NOT
disconnect the power source. Doing so will render the device inoperable.

Once the firmware has installed, you may connect to the WiFi Pineapple network and visit the web interface
at http://172.16.42.1:1471.

UI Overview
Introduction to the UI
An introduction to the WiFi Pineapple Web UI
Opening the User Interface
The management interface is available at http://172.16.42.1:1471 and is accessible from the USB Ethernet
connection and the management WiFi network configured during Setup.

Note the port in the URL: 1471. Without this port, you will get a blank page from the default
webserver!

Logging In
Upon browsing to the UI, you'll be greeted with the login page. The username is root, while the password is
the one you set during Setup.

Navigating the UI
Once you've logged in, you'll see the Dashboard. At the top of the page is the title bar, which includes the
current firmware version and buttons to view Notifications, view Informational Messages, or open the
Web Terminal. The context menu (three dots) holds additional, less common options.

WiFi Pineapple title bar

Notifications
Notifications are a way for the system or modules to indicate a change in status or other message. They can
have one of 5 notification levels: Info, Warning, Error, Success or Unknown. The messages are given a
preview for a brief time in the title bar
Click on the notifications icon to view all messages.

WiFi Pineapple notifications

Informational Messages

Informational Messages show you potential misconfigurations with your WiFi Pineapple, as well as telling
you potential fixes for them.

Example misconfigurations

Web Terminal

The Web Terminal offers a fully featured Bash shell on the WiFi Pineapple without needing to use SSH. You
can use it to completely manage the device, run tools, install packages and do anything else you would
expect from a Linux computer.
 The WiFi Pineapple web shell

Sidebar

On the side of the page, you will see the Sidebar. This sidebar houses convenient links to the system
modules, and downloaded modules can be added to the sidebar for speedy access. You can extend the
sidebar, showing the full names, by clicking the Show More button anchored at the bottom.
Dashboard
The Dashboard is the landing page for the WiFi Pineapple management UI, and provides at a glance
insights to the system and its services.

The WiFi Pineapple UI Dashboard shows an at-a-glance status of some of the components of the device.

WiFi Pineapple Dashboard

Cards

Along the top of the page, multiple cards show different system status numbers, such as CPU and RAM
usage, Disk usage and Client Stats. These stats automatically update when viewing the Dashboard.

Connected Clients

MAC Address, IP Address and Connected Time can be viewed for all clients connected to non-Management
access points. You can also kick a specific client by using the Kick button.

Some clients may automatically reconnect quickly. Client's can be denied association via the
Filters.

Notifications

Notifications are a way for the system or modules to indicate a change in status or other message. They can
have one of 5 notification levels: Info, Warning, Error, Success or Unknown.

Campaigns

The campaign status, name and type show a brief description of current campaigns, along with a toggle
button to enable or disable them.
Wireless Landscape

Brief statistics from the latest Recon scan provide an at-a-glance view without having to dive into details of
the scan.

News and Updates

Latest news and release notes from Hak5.

Campaigns
Campaigns allow you to create automated tasks to ease an engagement, with the ability to generate a report
at the end or on an interval.

Manage
Campaigns that have been created are listed in a table, showing the current status, name, creation date and
campaign type. You can enable or disable your campaigns with the Enable/Disable toggle, and edit or
remove them by clicking the "..." menu button.

Reports
From the Reports tab, you can download and delete the reports that have been generated by your
campaigns.
PineAP
PineAP is the center of the WiFi Pineapple's rogue access points, client management and filtering.

PineAP Settings
The main PineAP page is used to manage the PineAP Daemon settings and status. You can manage
individual daemon settings by selecting the Advanced tab, or you may select preset settings with the
Passive or Active tabs.

On the right hand side, you can find the current SSID pool. These SSIDs can be automatically collected in
the Passive and Active modes, or by selecting the "Capture SSIDs to Pool" option in Advanced. You can
use the field below and the Add, Remove and Clear buttons to manually add or remove SSIDs.

PineAP Settings

SSID Pool Capture

When "Capture SSIDs to Pool" is enabled, SSIDs seen passively (observed probe requests) and through
recon mode are automatically added to the pool of target SSIDs.

Broadcast SSID Pool

When enabled, the WiFi Pineapple will actively advertise previously seen SSIDs. This may be useful for
capturing clients looking for specific access points in their list of previous connections.

SSID Pool
When Broadcast SSID Pool is enabled, the WiFi Pineapple will advertise any SSIDs seen in the pool. This
can cause clients looking for those networks to connect to the WiFi Pineapple Open network.

The SSID pool can be automatically populated by Recon Mode when the SSID Pool Capture option is
selected, or SSIDs can be manually added to it.

Clients
The clients page provides two views for clients, split into connected clients and previous clients. From the
Connected Clients you can view information about each connected client, including MAC, IP Address and
the SSID they associated to, as well as the ability to kick them from the network.

Switching to the Previous Clients tab shows you a record of all previous associations to the rogue access
points hosted by the WiFi Pineapple. Clients that have not yet disconnected from the network have a
disconnect time of "Unavailable".
Filtering
The filtering page allows you to have fine control over what devices can connect to your WiFi Pineapple.
You can do this by combining two filters: the Client Filter and the SSID Filter, with two modes each: Allow
or Deny.

With the client filter you may limit the scope of engagement by choosing what devices may connect. Allow
only specific devices, or any device that isn't specifically on the deny list.

With the SSID filter you may specify the spoofed networks for which the WiFi Pineapple will allow
associations. Allow associations for only specifically listed SSIDs, or any SSID that isn't specifically listed.

Enterprise
The Enterprise tab allows you to configure a WPA-EAP Enterprise rogue access point. To begin, fill in the
form to generate the EAP configuration and certificates.

Enterprise, or EAP, WiFi authentication is typically used on corporate networks with per-user logins on the
network. It is protected by a SSL certificate, which must be created first.
 Enterprise certificate generation

Once the certificate has been generated, you'll see easy to use options to configure the rogue enterprise
access point, and view the challenge data any connected clients provide. Generating the certificate will take
a moderate amount of time while the WiFi Pineapple gathers random data.

The information in the enterprise certificate is arbitrary. Some WiFi clients show the user the data entered in
the certificate, while others may only show a certificate hash.

Properly configured WiFi Enterprise clients will reject unknown certificates, however many devices do not
offer proper configuration and may either blindly accept new certificates, or prompt the user to accept the
certificate.

Authentication Methods

When advertising an enterprise network, the WiFi Pineapple supports three authentication types:

1. Any
The WiFi Pineapple will allow a client with any authentication method to connect. If possible, the WiFi
Pineapple will inform the client it is allowed to connect. Clients connecting with EAP-GTC will connect
as normal and the user login saved, while clients connecting with EAP-MSCHAPv2 will receive an
error, but the MSCHAPv2 hash challenge will be captured and logged.
2. MSCHAPv2
MSCHAPv2 is the most common authentication method for enterprise clients. A MSCHAPv2 client
uses a hashed authentication method which does not disclose the password.
The WiFi Pineapple cannot answer the hash challenge without knowing the users password: A
MSCHAPv2 client will not be able to fully connect to the WiFi Pineapple access point, but the challenge
hash will be captured and logged, and can be processed offline to derive the user password.
3. GTC
GTC is a simpler authentication protocol. Clients using GTC will disclose the full username and
password, and will connect to the WiFi Pineapple as normal. The username and password will be
logged.

For maximum compatibility, leave the authentication method as Any. To try to force clients to use a more
vulnerable authentication method, switch to GTC. To capture hashes from clients which are configured to
only support MSCHAPv2, use MSCHAPv2 mode.

Access Points
The Access Points tab allows you to configure the other access points hosted on the WiFi Pineapple: The
Management AP, Open AP, and Evil WPA/2 AP.
Recon
Recon is the WiFi landscape scanning tool incorporated into the WiFi Pineapple.

Scanning
On the main Recon page, you can see an at-a-glance overview of the current wireless landscape, with a list
of discovered APs and their associated clients, unassociated clients, and clients that have gone out of range
in table form.

To change to a mobile friendly view, select the card button next to the table icon in the Access Points &
Clients card.
 Wireless Recon

You can change Recon settings, such as scan location and displayed table columns, by selecting
the Settings gear icon on the right side of the Settings card.

By clicking on an AP or Client in the list, a side menu will slide out from the right. From here you can select
options specific to the type of device you selected, such as capturing handshakes or cloning, or adding MAC
addresses to the Filters.

Access point details

Tagged Parameters

The tagged parameter views offers an in-depth look at the exact parameters advertised by the network.

Tagged parameters are included in the beacon packets which advertise a WiFi network, and contain
information about the encryption, channel selection, surrounding traffic, and more.

Example tagged parameters

Security Information

The security information panel offers a simplified explanation of the security options employed by the
network.

Example security information

Deauthenticating Networks and Clients

Deauthenticating clients sends a forged WiFi packet which indicates that the client is no longer authorized
on the access point.

The WiFi Pineapple can deauthenticate all clients on an access point, or specific single clients.

Deauthenticating a client can be used to migrate the client to another access point, such as the EvilWPA/2
Twin access point. It can also be used to cause a client to reconnect to a network, generating a WPA
Handshake.

Deauthenticating clients and networks is not possible when:

There are no clients on the network.

The client or network uses MFP, or Management Frame Protection. MFP is an extension to the WiFi
standards which is designed to prevent impersonation of an access point. This prevents forged
deauthentication packets from being respected by the client.
The client or network is on a restricted channel. The FCC and other regulatory bodies around the world
enforce extremely strict limits on part of the 5GHz band known as DFS / UNII-2 / UNII-2e which prohibits
transmission on these frequencies if not communicating with an access point.

An example warning when deauthentication is not possible

Handshakes
The Handshakes tab shows any captured handshakes. Handshakes are captured in PCAP and Hashcat's
22000 format.

Handshakes that list Recon Capture as the source show that they were captured during a Recon scan or a
Recon handshake capture.

Handshakes captured from the Evil WPA AP show as Evil WPA/2 Twin.

Handshake capture

You can change where the handshakes are saved on the WiFi Pineapple by clicking the Settings
icon.

Handshakes
Collecting and using WPA Handshakes.

Automatic Handshake Capture

Handshakes are part of normal WiFi traffic when a client joins or refreshes a network.

The WiFi Pineapple can automatically collect handshakes which are caught during a recon scan, with no
extra effort.

Automatic handshake capture can be enabled in the Recon panel.

 Handshake collection card

Direct Handshake Capture

A specific network may be targeted for handshake capture by selecting the network, then selecting "Capture
Handshakes" from the menu:

Capturing handshakes from a network

Directed handshake capture parks the WiFi Pineapple on the same channel as the target device and waits
for handshake packets. Remaining on the target channel increases the chances of capturing a complete
handshake.

Causing clients to reconnect by using the "Deauthenticate All Clients" option, or deauthenticating a specific
client, can increase the chances of capturing a handshake.
EvilWPA Handshakes

The EvilWPA access point clone is able to capture partial handshakes presented by a client, even when it is
not possible to fully authenticate the client.

These half-handshakes can be leveraged by hashcat to attack the original passphrase.

Modules
WiFi Pineapple Modules allow the interface to be extended to support new community built features or offer
front-ends to command line tools. A vast library of packages is also available.

Modules
Modules are typically contributed by the WiFi Pineapple community, and extend the functionality of the WiFi
Pineapple UI. Typically modules offer a graphical front end to existing tools.

Can't find a module for a tool you want? Check out the Packages section to see if there is a
command-line equivalent already! You can also help contribute to the module repository!

The main Modules page lists installed modules; to access the module click the corresponding card. To
uninstall modules, click the trashcan icon.

A list of installed modules

For a list of available modules that you haven't installed, or to view updates for installed modules, you switch
to the Modules tab. Here you can view the name, description, version, size and author of the module. To
install modules or update them, click the Install/Update button.
Packages

The packages tab allows you to browse a variety of available tools and drivers for your WiFi Pineapple.
These packages often contain a command line utility, which can be accessed via SSH or via the Web
Terminal.

Press the backtick (`) key on your keyboard or click the terminal icon in the upper right to open the
Web Terminal, or connect via standard SSH to access the WiFi Pineapple command line.
 Package settings

Settings
The Settings page allows you to modify aspects of your WiFi Pineapple, check for updates and customise
the user interface.

Settings
From the main Settings page, you can configure the password and timezone and button script. On the
second row of cards, you can view the currently mounted file systems and connected USB devices. On the
bottom row, you can check for software updates, change the UI theme and configure the device for Hak5
Cloud C².

Typical settings
Networking
The Networking tab shows easy to use cards for configuring a Client connection to another Access Point,
set the interface used for Recon as well as listing the current interfaces and routing table.

Typical Network Settings

Client Mode

The most common method for connecting the WiFi Pineapple to the Internet is to use client mode
networking. This allows the WiFi Pineapple to connect to an existing WiFi network as a typical client, in the
same fashion as a laptop or smartphone would.

Recon Interfaces

The recon interface is used by the WiFi Pineapple when scanning for WiFi networks and clients, and for
deauthing networks and clients.

The default recon interface is wlan1 , the built-in 2.4GHz WiFi radio.

When a compatible USB WiFi device, such as the Hak5 MK7AC Adapter is connected, the wlan3
interface will become available and can be used for scanning 2.4GHz and 5GHz channels.

USB Ethernet

When a compatible USB Ethernet device is connected, the settings interface will display options for
configuring a DHCP (default) or static IP address on the interface.
 Ethernet configuration settings

Advanced

The Advanced tab shows options to change the current update channel for opting into Beta firmware
releases. From here you can also access experimental features such as Censorship (hiding sensitive
information in the UI) and Cartography (2D or 3D map of Recon data).

Advanced Settings

Alternative Updates

To participate in the WiFi Pineapple Beta Program, select the "Beta" channel from alternative updates.
When new firmware is available, it will show up as an update in the beta channel!
Censorship Mode

Attempt to obfuscate MAC addresses, SSIDs, and other identifiable information in the UI. This option is
predominately for streamers, educators, and anyone taking screenshots or making presentations using the
WiFi Pineapple.

Remember - always be safe when broadcasting data which could be used to perform location lookups, such
as MAC addresses and unique SSIDs. Always review your content before streaming and posting to make
sure that no identifiable information is being shown despite censorship attempts.

Cartography Mode

Enable an optional view of network topology and connected clients, found in the Recon panel.

Hotkeys

Enable single-press hotkeys to navigate the web UI

Management Access

By default, the WiFi Pineapple allows access to the management interface (the WiFi Pineapple UI) and the
SSH server by default on all interfaces.

To prevent users on the Open and EvilWPA networks, or other users on the WiFi and Ethernet networks the
WiFi Pineapple is connected to, from accessing the management interfaces, they can be excluded here.

The management interfaces are always available via the USB-C connection and the Management wireless
network.

Hostname

Change the default host name of the Pineapple device. This changes the name as shown in the SSH and
web shells, and the host name used in DHCP requests sent in WiFi Client mode or over USB Ethernet.

Help
The Help tab is split into 3 sub-pages: Help & Information, Diagnostics, and Licenses.

The Help & Information page offers links to more resources like this and Hak5 community outlets.
The Diagnostics tab lets you generate a convenient diagnostics file that can be used to help troubleshoot
any issues you may be experiencing with your WiFi Pineapple.

Cloud C²
Connecting the WiFi Pineapple to Cloud C²

Cloud C²
Cloud C² makes it easy for pen testers and IT security teams to deploy and manage fleets of Hak5 gear from
a simple cloud dashboard.

Cloud C² is a self-hosted web-based command and control suite for networked Hak5 gear that lets you
pentest from anywhere.

Linux, Mac and Windows computers can host the Cloud C² server while Hak5 gear such as the WiFi
Pineapple, LAN Turtle and Packet Squirrel can be provisioned as clients.
Connecting to Cloud C²
Once you have Cloud C² installed and configured, adding a WiFi Pineapple to your server is simple!

1. Create a device in your Cloud C² instance following these steps

2. Download the device configuration file

3. Navigate to "Settings" on the WiFi Pineapple

4. Click the "Choose File" button in the Cloud C² card

5. Upload your configuration file

Uploading a Cloud C² configuration

WiFi Pineapple and Cloud C²

Once connected to a server, the Cloud C² service takes over most configuration and operation of the WiFi
Pineapple.

Typical operations such as starting, stopping, and viewing recon scans, configuring filters, etc, are managed
centrally by the Cloud C² server, and the local WiFi Pineapple UI is paused. The Cloud C² alert on the WiFi
Pineapple allows for basic network configuration.
 A WiFi Pineapple running under Cloud C²

Should you find it necessary to make changes to the WiFi Pineapple locally, the UI can be re-enabled by the
"Access UI" button.

Warning - The Cloud C² server will overwrite some configuration options, such as the PineAP
and Recon Scan controls. Local control of the WiFi Pineapple while connected to Cloud C²
should only be used for configuration changes that cannot be made remotely.

Disconnecting from Cloud C²

Your WiFi Pineapple can be unsubscribed from Cloud C² by clicking the "Remove Configuration & Reboot"
button.

If you are in Local UI Bypass mode, it can be unsubscribed by navigating to "Settings" and using "Remove
Configuration File" in the Cloud C² card.

Removing the Cloud C² connection from Settings

Developer Documentation
Developer Resources

The WiFi Pineapple developer documentation, for things such as Rest API usage, Python API usage,
Module development and more is currently available on GitHub.

Soon, they will be transferred to new sections here.

Contributing to the Module Repository
As mentioned in the WiFi Pineapple Mark VII Modules documentation, part of the process is forking and
cloning the WiFi Pineapple Modules Git Repository. Once you have developed your module idea, you are
encouraged to contribute to this repository by submitting a Pull Request with your module!

Reviewed and Approved pull requests will add your module to the WiFi Pineapple's module download site,
where they will be able to be downloaded directly from the WiFi Pineapple management interface.

WiFi Basics
Introduction to WiFi

In order to get the most out of the WiFi Pineapple, it’s best to have a basic understanding of some WiFi
principals. This will lay the foundation to mastering the PineAP Suite – the WiFi sniffing and injection engine
at the core of the WiFi Pineapple. Armed with this knowledge you’ll be equipped to execute a responsible
and successful wireless audit by following our recommended wireless auditing workflow.

The purpose of this section is not to be all encompassing on the low level operation of the IEEE 802.11
specification lovingly known as WiFi, but rather a crash course in the absolute basics necessary for
understanding the operation of PineAP and other WiFi Pineapple components.

Radios and Chipsets

Every WiFi radio is a transceiver, meaning it can transmit (TX) and receive (RX) information. Not every radio
is created equal, however, as their capabilities may differ significantly. Software support in particular may
inhibit an otherwise fine bit of silicon. In particular, modes of operation may be restricted either by hardware
or software.

For the most part chipsets from Atheros and Mediatek have excellent support, with a few Ralink and Realtek
chipsets having made a name for themselves in the infosec community as well. Radio chipsets typically
interface with a computer over a bus like PCI or USB. A WiFi radio is often called a wireless network
interface controller (WNIC or Wireless NIC).

On the other hand a SoC (System on a Chip) is a special WiFi chipset which combines the radio with its
own CPU. WiFi SoCs, unlike typical x86-based PCs, traditionally run MIPS or ARM based CPUs. While
lower in clock speed than their PC counterparts, they’re specifically optimized for high performance
networking. The WiFi Pineapple Mark VII is based on Mediatek MT7601U and MT7610U chipsets.

Stations and APs

Technically speaking in regards to the architecture of any wireless network, each component is referred to
as a station (STA). There are two categories of stations in an infrastructure mode WiFi setup — the base
station (access point) and station (client). Be aware of this terminology as it may come up in other programs
and documentation. Generally the WiFi Pineapple will refer to base stations as their more common name,
access point or simply AP, and stations as clients or client devices.

Transmit Power

There are four aspects which influence the overall transmission power of a WiFi radio. The first in the chain
is what’s being transmitted from the chipset or SoC natively. This is typically around 20 dBm or 100 mW and
is often expressed in the operating system as txpower.

Next is any given amplifier which will boost the source signal before it reaches the antenna. This additional
element to the chain is not necessarily integrated with the SoC, and thus may not reflect the actual txpower
determined by the operating system.

The final part of the chain is the antenna, which offer the gain as rated in dBi. Additionally, higher gain
antennas may be equipped, with 9 dBi being a common size for a standard omnidirectional antenna.

The total output power of this chain is expressed as EIRP, or equivalent isotropically radiated power. The
EIRP is calculated by adding the output power of the radio (plus any amplification) in dBm with the gain of
the antenna in dBi. For example a 24 dBm (250 mW) radio with a 5 dBi antenna will have a total output
power of 29 dBm (800 mW).

Local regulations will determine the maximum transmission power of any WiFi equipment. For example in
the United States the FCC states that a 2.4 GHz point-to-multipoint system may have a maximum of 36 dBm
EIRP (4 watts) while point-to-point systems may achieve much higher EIRP.

Antennas

Antennas impact how a signal is transmitted or received.

An antenna can not create power, it can only shape the signal. An antenna offers signal gains in one
aspect at the cost of other aspects.

Antennas are typically directional, where the signal gains are concentrated in one direction, or
omnidirectional, where the signal is optimized for reception from all directions.

The WiFi Pineapple ships with standard omnidirectional antennas. These are the most appropriate for
typical use cases where the goal is to detect access points and clients in the surrounding area.

Antenna Gains

Antenna gains are typically measured in dBi, or "dB over isotropic", a theoretical perfect antenna with no
gain.

The higher the gain, the more the signal is impacted.

 Remember - more gain is not always better! There is always a trade-off with signal gain!

Omnidirectional Antennas

Omnidirectional antennas are typically found on access points, WiFi interface cards, and of course the WiFi
Pineapple.

An omnidirectional antenna is designed to radiate in a roughly spherical shape.

As the gain of an omnidirectional antenna increases, the horizontal coverage increases but the vertical
coverage decreases.

Excessively high gains on omnidirectional antennas can be detrimental! Above approximately

9dBi of gain, the vertical range of the antenna can become so limited that clients and access
points more than a foot or two higher or lower than the device are invisible!

Directional Antennas

Directional antennas can be used to shape the signal in a specific direction. Typically directional antennas
cover an arc measured in degrees.

Directional antennas can be useful for targeting a specific device or area, but often are not the best solution
for general data gathering.

Channels and Regions

Radio spectrum is divided up into channels. In the 2.4 GHz spectrum there are 14 channels, with channels
1, 6, 11 and 14 being non-overlapping. As described above in terms of bandwidth, the first channel in the
802.11g protocol begins at 2.400 GHz and ends at 2.422 GHz for a total bandwidth of 22 MHz. The first
channel is then described as being centered at 2.412 GHz.

Channel availability is determined by region, with North America only having legal use of channels 1-11
while Europe and most of the world may use channels 1-13. Japan is special and gets access to all of the
channels including 14 all to itself.

The 5 GHz spectrum is much more complicated in regards to bandwidth and channel availability by region
with further restrictions on indoor/outdoor use. In the United States the FCC designates U-NII (Unlicensed
National Information Infrastructure) bands 1-3 available, with 45 channels in total operating in 20, 40, 80 and
160 MHz bandwidth.

The WiFi Pineapple Mark VII operates in the 2.4 GHz band, with optional support for 5GHz operation using
a supported USB WiFi device, while the WiFi Pineapple Enterprise operates in both the 2.4 and 5 GHz
bands.

It’s also important to note that similar to modes of operation, a radio can only occupy one channel at a time.
For this reason channel hopping is necessary in order to obtain a complete picture of the given spectrum.
When performing a Recon scan, the WiFi Pineapple will switch one of its radios into monitor mode to
passively listen on a channel. The radio will take a moment to note any data of interest on each channel
before moving on to the next.

Further information on WiFi channels, their regulatory domains, and how they are mapped, can be found on
resources such as Wikipedia.

Protocols

There are several WiFi protocols known by their letter designated IEEE 802.11 specifications, such as
802.11a, 802.11b, 802.11g, 802.11n, and 802.11AC. The differences are related to frequency (aka band or
spectrum), data rate (aka throughput or transfer speed), bandwidth, modulation and range.

Bandwidth is often confused with data rate. While there is often a correlation between greater bandwidth
and greater data rate, in terms of radio the bandwidth refers to the difference between the upper and lower
frequencies of a given channel as measured in hertz. For example, with the 802.11b and 802.11g protocols
the first channel will have a lower frequency of 2.400 GHz and an upper frequency of 2.422 GHz for a total of
22 MHz bandwidth, however the 802.11g protocol uses a more advanced encoding scheme allowing for
significantly faster data rates in the same amount of bandwidth.

Modulation also affects data rate, with the most common modulation types being OFDM or Orthogonal
frequency-division multiplexing and QAM or Quadrature Amplitude Modulation. In addition to being a
mouthful, these are digital encoding techniques used to cram a lot of data on a small amount of spectrum.
Typically newer 802.11 WiFi standards offer either improvements to the encoding scheme, or entirely new
encoding schemes.

802.11a and 802.11b were the first mainstream WiFi protocols, introduced in 1999. 802.11a operates in the
5 GHz band with speeds up to 54 Mbps while 802.11b operates in the 2.4 GHz band with speeds only up to
11 Mbps. Today, these networks are more rare to find, though when they are it’s typically indicative of aging
infrastructure.

Modern networks are usually 802.11n and 802.11ac, with data rates as high as 1800 Mbps, though typically
lower speeds are actually observed. As the WiFi standards evolve and new products make their way into
the marketplace, the common devices evolve.

Typically older devices are still able to use more modern access points via backwards compatibility: An
802.11n device can typically connect to an 802.11ac access point, but will only be able to do so at 802.11n
speeds. Not all newer standards are backwards compatible with all devices, however.

Modes of Operation

Most commonly a WiFi radio will operate in one of three modes: Master, Managed, or Monitor. Additional
possible modes (including ad-hoc, mesh, peer-to-peer, and repeater) and are both less common and outside
the scope of this quick guide.

An Access Point (or simply AP) will operate in Master Mode while client devices operate in Managed Mode.
Monitor mode, sometimes called RFMON for Radio Frequency MONitor, is a special mode that allows the
radio to passively monitor all traffic in the given area, and requires special support in the drivers and
firmware of the wireless device.

Keep in mind that not all radios have each of these capabilities and some radios have drivers that can only
operate in one mode at a time.

Logical Configurations

WiFi networks can operate in a number of configurations, from point-to-point, point-to-multipoint, and
multipoint-to-multipoint.

Point-to-point is simply a network of two. Multipoint-to-multipoint is where any node of the network can
communicate with any other and is often called an ad-hoc, peer-to-peer or mesh network.

The most common configuration is point-to-multipoint, where a central access point is host to numerous
client devices. This is also known as Infrastructure mode. An example of which might be a wireless router in
your home with several laptops, phones, game consoles and the like connected. For the most part, this is
the configuration we will be focusing on with the WiFi Pineapple.

MAC Addresses

Often called a physical address (PHY addr), the Media Access Control address (MAC address) is a unique
identifier assigned to each Network Interface Controller (NIC). Typically this address is “burned” into the
ROM of the network interface hardware, though often it may be changed via software.

MAC Addresses are formed by six sets of two hexadecimal digits (octets), typically separated by a dash (-)
or colon (:) and may be either universally or locally administered. For example, 00:C0:CA:8F:5E:80.

Universally administered MAC addresses are unique to each network interface manufacturer. The first three
octets represent the manufacturer or vendor as its Organizationally Unique Identifier (OUI). In the example
above, 00:C0:CA represents the OUI for ALFA, INC – a popular Taiwanese WiFi equipment maker. OUIs are
assigned by the Institute of Electrical and Electronics Engineers, Incorporated (IEEE). The vendor of any
particular OUI may be determined by checking the IEEE MAC database, or the Wireshark OUI Lookup Tool.
A database of OUI ranges is included in the WiFi Pineapple to display the manufacturer of devices.

Locally administered MAC addresses are typically assigned by the network administrator, replacing the
universally administered address burned into ROM. For example, one may set their MAC address to
DE:AD:BE:EF:C0:FE. This is sometimes called MAC spoofing.

Broadcast and Multicast MAC Addresses

Often with WiFi networks it is necessary to transmit the same bit of information to all stations. To facilitate
this, the WiFi specification includes a special broadcast address. Expressed as the MAC
FF:FF:FF:FF:FF:FF transmissions destined to this address are meant for all stations in the vicinity
While normally a WiFi interface is only concerned with traffic to and from its own MAC address, the default
behavior is to also listen for messages bound to the broadcast address. An example of which is a beacon –
a frame which advertises the presence of an access point. A beacon sent to broadcast will be “seen” by all
stations in the area.

Similarly, a multicast address is a special type of address which operates like a broadcast address for the
most part. Multicast addresses are used to set groups of devices which must communicate to many devices
simultaneously, or special services such as mDNS and other service discovery protocols.

SSIDs

If you’ve been using WiFi for a while – and if you’re reading this we'll assume you have been – you’ve
undoubtedly run across the term SSID. It’s the human readable “network name” associated with a WiFi
Network – like “Joe’s Coffee” or “LAX Airport Free WiFi” or depending on your apartment building, perhaps a
lewd comment directed toward neighbors. This “network name” is known as the Service Set Identifier. It can
be up to 32 characters long and may identify either a Basic or Extended Service Set.

The majority of WiFi networks are Basic Service Sets (BSS). That is to say a single access point with
multiple connected clients – be it laptops, tablets, gaming consoles or IoT coffee makers. Every station (both
clients and AP) in the BSS are identified by a Basic Service Set Identification (BSSID). The BSSID is
derived from the access point’s MAC address. Specifically the MAC address of the wireless NIC as the
access point may also have an Ethernet Network Interface Controller with its own unique MAC address.

Extended Service Sets are larger WiFi networks whereby multiple access points, each with their own
BSSID, all share the same SSID or “network name”. For instance a college or corporate campus may
require many access points to cover the entire property. In this case the SSID is called an ESSID for
Extended Service Set Identification, which facilitates client roaming.

A wireless client considers any access point with the same SSID to be part of the same network, and may
choose to connect to any of the available APs. This forms some of the fundamental basis of the Evil WPA
Twin attack.

802.11 Frame Types

WiFi frames come in three types, each containing several subtypes; control frames, data frames and
management frames.

Control frames simply allow data exchange between stations, with Request to Send (RTS), Clear to Send
(CTS) and Acknowledgement (ACK) frames facilitating communication with as little loss as possible. Frame
loss is in inherent part of WiFi and control frames are intended to best coordinate shared usage of the
available spectrum.

Data frames constitute the majority of WiFi communication, with the payload or frame body containing the
actual TCP, UDP, or other packets. Since the basic data frame has a limit of 2312 bytes, the actual packets
may be broken up into many fragments.
Management frames enable WiFi maintenance, such as advertising the presence of an access point as
well as connecting to or disconnecting from such access point.

802.11 Frame Structure

The meat and potatoes of WiFi. Essentially everything transmitted by a wireless NIC comes in the form of a
frame. They are the basic unit of most digital transmissions, and surround or encapsulate packets.

Frame Structure

A typical WiFi frame is broken up into several sections, consisting of a MAC header, payload and frame
check sequence

The MAC header contains a Frame Control Field which includes, among other things, the 802.11 protocol
version and frame type. Address fields including the BSSID, source and destination are also part of this
section.

The Payload or frame body contains the actual information (typically a data packet) of either a management
or data frame.

The Frame Check Sequence (FCS) concludes the frame with a cyclic redundancy check (CRC) sum of the
MAC header and payload. This is used to verify the integrity of the frame and is essential to fault tolerance.

Management Frames

To enable the joining and leaving of a Basic Service Set, management frames contain subtypes such as
beacon, probe, association, and authentication.

Beacon frames come in only one variety, and advertise the presence of an access point. They contain
everything a client needs to know about a network in order to connect, including the SSID, supported data
rates, protocol and other parameters pertinent to the APs modulation. Access points regularly transmit
beacons, typically several times per second, to the broadcast address.

Beacon frames are essential for network discovery. When a client passively scans for nearby access points,
it does so by listening for beacon frames. Typically this is done in conjunction with channel hopping,
whereby a client will listen on each channel for a brief period before moving on to the next.

Probe frames further network discovery and come in two variety, probe requests and probe responses.
Probe requests are transmitted by clients seeking access points. Probe responses are the access point’s
replies to these client requests.

When a probe request is transmitted by a client seeking an access point, this is considered active scanning.
The client will transmit to the broadcast address either a general probe request or a directed probe request.
The former simply asks “what access points are around” while the later specifies the particular SSID for
which the client seeks.

The probe response includes all of the basic information about the network also included in the beacon
frame.
Association frames come in five forms: the association request, association response, reassociation
request, reassociation response, and disassociation. Respectively, these can simply be thought of as “I’d
like to be friends”, “Ok, we will/won’t be friends”, “Remember me, I’m your friend”, “I do/don’t remember you”
and “Get lost, friend”.

Similar to probe frames, the requests are transmitted by clients while the responses by access points.
Disassociation frames in particular are sent by any station wishing to terminate the association. This is the
graceful way to ending an association, giving the station a heads up that the conversation is over and
allowing it to free up memory in the association table.

Authentication frames are similar to association frames in that they enable the relationship between client
and access point to form. Originally only two security states existed for WiFi – Open or Wired Equivalent
Privacy (WEP). The later is a broken and deprecated technology which has given way to more secure
schemes such as WPA2 and 802.1X. For this reason authentication frames are almost always open,
regardless of the security state, with the actual authentication handled by subsequent frames after the
station is both authenticated and associated. In this case a client will send an authentication request with the
access point sending an authentication response.

Deauthentication frames act similar to disassociation frames and are sent from one station to another as
a way to terminate communications. For example, an access point may send a deauthentication frame to a
client if it is no longer authorized on its network. When this unencrypted management frame is spoofed by a
third party, the technique is often called a deauth attack.

Frame Injection

It should be apparent that much of WiFi operation relies on trust, particularly with regard to the validity of
source and destination addresses. Given these values may be spoofed, it’s with the technique of frame
injection that various attacks may be carried out.

Simply put, frame injection is the process of transmitting any WiFi frame desired, regardless of an
association with any station. One example may be a beacon frame injected into the air with specific values
set to aid the penetration tester.

Another example may be a deauthentication frame with a spoofed source and destination address. Not all
radios and software support this ability. This technique is leveraged by the PineAP suite for a number of
attacks using the WiFi Pineapple hardware.

Association and State

With an understanding of management frames, we can explore the states of association. In this example
we’re looking at the steps necessary for a connection between a client and an open access point.

In the Unauthenticated and Unassociated state, the client seeks the access point. This is either done
passively by listening to the broadcast address for beacon frames transmitted by the access point, or
actively by transmitting a probe request.

Once the client has received either a probe response or beacon frame from the access point, it can
determine its operating parameters (channel, protocol, data rate, modulation details, etc). The client will then
send the access point an authentication frame requesting access. In the case of an open network, the
access point will send the client back an authentication frame responding with a success message.

Now the client is Authenticated and Unassociated. Next the client will send the access point an
association request. The access point will reply with an association response.

If successful, the client will now be Authenticated and Associated. At this point any additional security,
such as WPA2, may be negotiated. Otherwise in the case of an open network, the usual first network
interactions will occur. These are the same as in wired networks, and typically begin with obtaining IP
address information from a DHCP server on the host network.

In the case of the WiFi Pineapple, the client network is open and the DHCP server will assign new clients
with addresses in the 172.16.42.0/24 range

FAQ / Troubleshooting
MacOS Support

Starting with macOS Big Sur (macOS 11), changes to the driver model has broken support for the ASIX
AX88772 USB Ethernet ASIX chipset.

This is the chipset used by the WiFi Pineapple Mark VII for the wired LAN interface is accessible via the
USB-C port.

A driver is available for Apple macOS 10.9 to 10.15 from the manufacturer at
https://www.asix.com.tw/en/support/download

It is recommended to instead use a Linux or Windows computer when operating the WiFi Pineapple Mark
VII via the USB-C port. This does not impact operation from the Wireless LAN.
Alternatively, a virtual machine with USB-passthrough support may be used. Users have reported success
with VMware Fusion and Kali Linux on macOS 11 and above.

Because of recent changes to macOS's device driver model, macOS version 11 and above is not
supported.

Establishing an Internet Connection

Configuring a Client Mode Connection

You may use a radio on the WiFi Pineapple to connect to an external WiFi network, for getting an internet
connection or for communicating with other devices on that network.

To configure a client mode connection, navigate to Settings > Networking in the User Interface. You will be
presented with a card labelled Wireless Client Mode.
 While you may select other wireless interfaces for Client Mode, you are greatly recommended to
use wlan2, as it is dedicated for Client Mode.

After clicking the Scan button, a list of surrounding wireless networks will be listed for you. Select the SSID
you wish to connect to, and enter the SSID or PSK if required. Click Connect to start a connection.

If the connection is successful, you will be presented with the associated SSID and an acquired IP, if DHCP
is enabled on the network.

If you are required to set a static IP address, you must do so via the command line. Press the
 backtick (`) on your keyboard to open a Web Terminal.

The Wireless Client Mode configuration is automatically saved, and an attempt to reconnect will
happen every boot, automatically.

Configuring ICS on Linux

ICS, or Internet Connection Sharing, can be used to share internet from your computer to the attached
WiFi Pineapple, over it's USB-C Ethernet connection.

Turning on connection sharing with Linux is generally easy, and is further simplified with the wp7.sh script
available on the Hak5 Download Portal. The wp7.sh script will guide you through the setup process.

Getting Started

Start by opening the Terminal emulator for your Linux distribution. On Ubuntu, Gnome Terminal can be found
by searching for "Terminal".

Once the Terminal is open, get the WP7.sh script, and mark it as executable with chmod .

Once you've done that, execute the script as root, with sudo ./wp7.sh .
Guided Setup Mode

In this mode, the ICS script will try to automatically determine which interface is the WiFi Pineapple, and
what your current network settings are. To do this, press G on your keyboard and follow the on-screen
instructions.
Now you can press C to connect.

Note that you may need to toggle the USB-C Ethernet interface in your Network Manager before
the script will detect your WiFi Pineapple.

Configuring ICS on Windows

On Windows, Internet Connection Sharing is achieved by using Window's "Network Sharing" feature, by
sharing one internet-enabled interface to the WiFi Pineapples.

The following guide is designed to work on Windows 11, although the same or similar steps
apply to Windows 10/8.1/8/7 too.

Configuring the Internet facing interface

Start by opening the Network & Internet settings in the Windows settings application. Scroll down to
Related settings and click More network adapter options.
In the new window, right-click the Internet facing adapter, and select "Properties". In this guide, the
Internet facing adapter is the interface named Ethernet.

Once you're in the properties window, select the Sharing tab, and then check the box to allow other users to
connect. Then, select the WiFi Pineapple adapter and click OK.

Next, configure the WiFi Pineapple adapter by right clicking and selecting "Properties". In the new
window, select the text that says Internet Protocol Version 4 (TCP/IPv4) and select Properties.
Finally, set the adapters IP settings as follows:

IP Address: 172.16.42.42
Subnet Mask: 255.255.0.0
Default Gateway: Blank

Preferred DNS: 8.8.8.8

Alternate DNS: 8.8.4.4

You may set your own preferred and alternate DNS servers if desired, but Google's DNS is
 recommended.

After clicking OK to save the settings, your WiFi Pineapple will now be able to access the internet through
the USB-C interface connected to your computer.

Configuring a USB Ethernet Adapter

Some USB Ethernet Adaptors are supported out-of-the-box. For a reference of supported adapter chipsets,
look at the table below.

Manufacturer Chipset Description

ASIX AX88179 ASIX USB2.0 Ethernet 10/100

Realtek USB2.0 Ethernet

Realtek RTL8152
10/100

Realtek USB3.0 Ethernet

Realtek RTL8153
10/100/1000

Installing kernel modules for other chipsets

If your USB Ethernet adaptor has a chipset that isn't listed above, it is possible that an available driver/kernel
module is available for the WiFi Pineapple MK7.

You can check this by going to the WiFi Pineapple's Web Interface, and going to Modules > Packages, and
searching for the name of your chipset.

Password Reset
On firmware versions 1.1.0 and later, you may reset a lost password by holding the Reset button for 10
seconds or longer Upon success the LED will flash a rainbow colour sequence and reboot
After the device reboots, you will be able to login with the password hak5pineapple . You are strongly
advised to change this after logging in.

If the LED does not flash rainbow colours, the button was not pressed down long enough, or was
not pressed firmly enough to fully engage the button. Try using a pen cap or similar blunt solid
object to make sure the button is fully pressed!

Factory Reset and Recovery

To restore your WiFi Pineapple back to a factory state, or to recover from a bad configuration, you can
perform a Firmware Recovery.

The factory recovery method consists of using the device bootloader to flash the recovery firmware, and in
turn, the final firmware.

Video Tutorial

WiFi Pineapple Mark VII Recovery Tutorial

Preparation

To begin, download the latest recovery file from the Hak5 Download Portal.
Once downloaded, verify the SHA256 sum of the downloaded file, and make sure your WiFi Pineapple is
unplugged.

To start the process, hold down the reset button while applying power to the WiFi Pineapple.

The WiFi Pineapple status LED will flash RED.

After approximately three flashes of the LED, let go of the reset button and continue to the next step.

The LED should blink RED rapidly, and then remain SOLID RED. If the status LED changes to BLUE,
disconnect the power and repeat the process. Make sure the button is held in firmly, and release the button
after approximately three flashes of the RED LED.

Assigning a Static IP Address

Linux

Assign the WiFi Pineapple's interface a static IP address of 172.16.42.42. More in-depth instructions can be
found in the Linux Setup page.

Windows

Assign the WiFi Pineapple's interface a static IP address of 172.16.42.42. More in-depth instructions can be
found in the Windows Setup page.

New to static IP address assignments in Windows? Check this tutorial.

Uploading the Recovery to the WiFi Pineapple

Once a static IP address has been assigned, open your browser and navigate to http://172.16.42.1. You'll
then be greeted by a screen prompting you to upload a .bin image.

Be sure to navigate to http://172.16.42.1 with no port. To flash the recovery image you need to
access the webserver on the default port - trying to connect to the WiFi Pineapple UI on port 1471
will not work!
Select Choose file and then select the downloaded recovery file from earlier. After clicking Update
firmware, the device will begin flashing. Do not attempt to flash a normal WiFi Pineapple firmware now - it
won't work! You'll be able to flash the full firmware during the setup process once recovery is complete!

Do not unplug the device. Doing so will potentially damage your device. It will automatically
reboot once complete.

Once the process is complete, you will be able to set the device up again. See the Setup section for more
details.

Once the device has finished flashing, you will need to navigate to http://172.16.42.1:1470 to
complete the setup process, same as the first time you configured it!

WiFi Pineapple Beta Updates

The WiFi Pineapple has multiple update channels for its update mechanism. These channels allow you to
specify what type of firmware release you want to use on your WiFi Pineapple.

Currently, there are two update channels:

Stable
Beta - Pre-release updates that may be unstable, but may also contain new bug fixes, features and
more.

To manage your selected update channel, go to Settings > Advanced in the Web Interface.
Using the drop-down list and the Set Update Channel button, you'll be able to change the update channel.
You may set the channel back to Stable at any time.

Once you've picked an alternative channel, go back to the Settings tab and Check for new updates. If an
update is available, you will be presented with the option to update.
Compatible 802.11ac Adapters

The WiFi Pineapple Mark VII supports 802.11ac monitor and frame injection with a supported adaptor.

The WiFi Pineapple Enterprise comes equipped with 3 MT7612U 802.11ac capable radios, but you may
add more via USB if desired.

Adaptor Chipset

Hak5 MK7AC Adapter MT7612U

AWUS036ACM MT7612U

EP-AC1605 V1 (V2 is incompatible) MT7612U

Installing drivers for other WiFi Adapters

While the WiFi Pineapple has support for MT7612U and MT7601U devices out of the box, you can also
install drivers for a wide range of other chipsets, such as other MT76-based devices, ath9k and ath10k
devices, and some Realtek dongles.

To find drivers, you can use the Package Manager found in the Web Interface under Modules > Packages.
Search for keywords related to the chipset in your adapter.

Please be advised that only adapters based on MT7612U are confirmed to work correctly in all
circumstances, and other WiFi adapters may not work or have available drivers at all, or may only work
partially or cause unexpected behavior like crashes, reboots, etc. Not all WiFi cards or drivers are equal in
capability or performance!

More information about a specific adapter can usually found with resources such as DeviWiki.

Extras
MK7 LED Mod Installation

The MK7 LED mod is an add-on board for the Hak5 WiFi Pineapple Mark VII which adds some bling and
fun LEDs. Proceeds from the case help support Kismet development, too!

See the install instructions from https://www.kismetwireless.net/mk7-led-mod/.

MK7 Kismet Case Installation
The Kismet Special Edition case for the WiFi Pineapple Mark VII helps support Kismet development and
gives your WiFi Pineapple an extra flair.

See the assembly instructions from https://www.kismetwireless.net/mk7-kismet-case/.