What this means is that an attacker is able to launch a “Man in the Middle” or Mi TM attack by inspecting the data that flow between the victim and any resources they’re accessing on the web.
The physical design of the Pineapple means that victims can connect to it via its Wi-Fi adapter and it can connect to a PC with an internet connection via the physical Ethernet adapter.
Of course if it’s a protected network they still need to have the right wireless credentials, but if it’s an open network then the Pineapple asks for no such thing, it just lets the device straight in whether the device it’s connecting to a legitimate access point or not.
So that’s how she works, a combination of simply providing an access point that victims connect to on their own free will or being tricked into connecting via Karma. The easiest way to access the device and get started with configuring everything is to tether it to a PC with two network interfaces.
This is all pretty much security people rhetoric designed to instil fear but without a whole lot of practical basis, right?
As it turns out, the Pineapple packs a much more subversive party trick to lure unsuspecting victims in…But it’s important because it helps us understand in very graphic terms what the risk of insufficient transport layer protection really is.The easiest way to think of the Pineapple is as a little device that sits between an unsuspecting user’s PC (or i Phone or other internet connected device) and the resource they’re attempting to access." The Wi Fi Pineapple Mark IV, powered by Jasager -- German for "The Yes Man" -- replies to these requests to say "Sure, I'm such-and-such wireless access point - let's get you online! So devices just randomly connect to the Pineapple thinking it’s a legitimate AP? The problem is that wireless devices are just too damn trusting.Once they establish a connection with an access point they happily reconnect to it at a later date.