1. API Tokens

The API Tokens module allows us to control pineapple modules through a REST API, sending messages in JSON format.

{“system”:”notifications”,

“action”:”addNotification”,

“message”:”Hello pineapple”,

“apiToken”:”myToken123"}

First of all, we need to install the APITokens module. As this is the first module we’ll use lets take a look at how to install new modules:

Open “Modules” in the left sidebar and go to “Manage modules”

The module manager allows us to install new modules from pineapple repositories or remove already installed ones. It looks like this:

Click on the “Get Modules from WiFiPineapple.com” button to see a list of available modules

Look for the APITokens module and install it

You can choose internal storage or SD card if you have one

We should see the recently installed module under the “Modules” tab. Now we have to generate a new token to use, lets call it “Test”:

Once generated we should grab the token and save it in a safe place (Remember it allows to run any module in the pineapple)

The token is not completely shown,but double clicking selects it all

Now that we have our token, let’s use it to send a notification to the pineapple. Do you rememeber the first message example? Well it actually works, but we need to know how to send it. I’ll be using the command line tool “curl”, but you can use whatever tool you want as long as it allows you to send a HTTP POST request:



-X POST \

-H “Content-type: application/json” \

-d '{“system”:”notifications”,”action”:”addNotification”,”message”:”Hello Pineapple!”, “apiToken”:”myToken123"}' \

“http://172.16.42.1:1471/api/" curl \-X POST \-H “Content-type: application/json” \-d '{“system”:”notifications”,”action”:”addNotification”,”message”:”Hello Pineapple!”, “apiToken”:”myToken123"}' \

curl — ssl -k \

-X POST \

-H “Content-type: application/json” \

-d '{“system”:”notifications”,”action”:”addNotification”,”message”:”Hello Pineapple!”, “apiToken”:”myToken123"}' \

“https://172.16.42.1:1471/api/" # If you’ve enabled https you have to use the following commandcurl — ssl -k \-X POST \-H “Content-type: application/json” \-d '{“system”:”notifications”,”action”:”addNotification”,”message”:”Hello Pineapple!”, “apiToken”:”myToken123"}' \

If everything went right we should see a response like this:

)]}’,

{“success”:true}

And the notification should appear in the dashboard:

Great! We can communicate with the pineapple, but how can we control the modules? Well, to know how to control the modules we need to understand the JSON we sent in the previous example:

First we need to tell what kind of module we’ll be using and its name “system”:”notifications”. The kind of the module can be “system” or “module”

Then we specify which action we want to perform with the selected module “action”:”addNotification”

After that we have to specify the parameters for that action, in our example it was “message”:”Hello Pineapple!”

Finally, we have to add our API Token to the JSON “apiToken”:”myToken123"

If you have read carefully there should be two things bothering you. The first one “How the heck do I know what is the kind of a module?”, this is the simplest to answer. The system ones are part of the pineapple’s “core” and there are only 4 of them:

Notifications (The one we have used in the example)

Authentication

Modules

Setup

Everything else is, surprisingly, a module kind of module.

The second thing you should be asking yourself is “How do I know what actions are available and what parameters is expecting?”. And sadly, to know which parameters are needed we have no choice rather than searching in the module source code.

As a quick tip to know what to look for, connect to the pineapple via our good old friend ssh and go to the /pineapple/module folder:

root@Pineapple:~# cd /pineapple/modules/

root@Pineapple:/pineapple/modules# ls

APITokens Configuration DWall EvilPortal KeyManager ModuleManager PineAP Profiling Responder SiteSurvey meterpreter tcpdump Advanced CursedScreech Dashboard Filters Logging Networking Pinegram Recon SSLsplit Tracking nmap wps Clients DNSMasqSpoof Deauth Help ModuleMaker Papers PortalAuth Reporting SignalStrength autossh p0f

Each folder is an installed module, let’s try to with the Clients module. Go to the module directory and enter the api folder:

root@Pineapple:/pineapple/modules# cd Clients/api/

root@Pineapple:/pineapple/modules/Clients/api# ls

module.php

The actions and parameters we can use for this module are inside the module.php file. This file exists in every module and contains a php class that extends SystemModule, this is mandatory for the pineapple’s engine to properly handle the modules. Take a look at the route() method:

Pay attention to the `$this->request->action`, that’s how the engine retrieves the `”action”` field in our JSON

There we have the available actions, now we just need the parameters. Take a look at the kickClient() method:

Here we can see that it access the $this->request->mac parameter, that’s how we know that it expects the mac address of the client to disconnect. Now, take a look at the getClientData() method:

Here we don’t see anything like $this->request->parameter, that’s because it doesn’t expect any parameters.

Well, now that we know how this module works, is time to use it. First identify the clients connected to the pineapple with the getClientData action:



-X POST \

-H “Content-type: application/json” \

-d ‘{“module”:”Clients”,”action”:”getClientData”, “apiToken”:”myToken123"}’ \

“https://172.16.42.1:1471/api/ curl — ssl -k \-X POST \-H “Content-type: application/json” \-d ‘{“module”:”Clients”,”action”:”getClientData”, “apiToken”:”myToken123"}’ \ # Output formatted and added some comments

{

“clients” : {

“stations” : { # Stations connected

“30:a8:db:xx:xx:xx” : “5970”

},

“dhcp” : { # DHCP asigned IPs

“30:a8:db:xx:xx:xx” : [“172.16.42.223”, “android-d37xxxxxxxxxxxxx”],

“” : []

},

“arp” : { # ARP table, may take some time to get updated

“30:a8:db:xx:xx:xx” : “172.16.42.223”,

},

“ssids” : []

}

}

Now, we’ll try to disconnect the client with kickClient:



-X POST \

-H “Content-type: application/json” \

-d ‘{“module”:”Clients”,”action”:”kickClient”, “mac”:”30:a8:db:xx:xx:xx”, “apiToken”:”myToken123"}’ \

“https://172.16.42.1:1471/api/" curl — ssl -k \-X POST \-H “Content-type: application/json” \-d ‘{“module”:”Clients”,”action”:”kickClient”, “mac”:”30:a8:db:xx:xx:xx”, “apiToken”:”myToken123"}’ \ )]}’,

{“success”:true}

Now we understand the modules internals. But not only that, understanding the API Tokens allows us to build our own bash scripts combining different modules and launch them automatically or on demand, something we’ll be using at the end of this guide.