Can we get an user agent collector module ?

[minanagehsalalma]

Here's how it should be
1- get the clients from other aps connected to our pineapple using deauth/karma
2- grab their user agent from their connection requests(apps and sevices ) or using a captive portal page to get it faster
3- store their (device name - mac address - useragent - and the network name that they was connected to or their ssids prob requests ) in a db
4- it would be great if we could automatically rank the vunrablite status of the devices from the db..

Thanks .... would do you think of this idea ?

Edit: the objectives check list
1- do a network scan on the target network and save the clients mac and prob requests to a db
2- you got two options

• waiting for the client to connect manually
  Or

• karma attack ( deauth and replicate a probe network ssid )

3- they will land on the captive portal page

• catch the useragent headers and save it

• catch the ip and mac address of that device and save it with the headers

About number unfortunately i can't think of a way to automate it ...
I think we can leave to the user to manually perform it by searching the device model or os version for known vunrablites on the web.

[pidgy]

Not a bad idea. Do you know of any open databases that will return the vulnerability of a browser based on the UA?

If I were to design this module, I would use a captive portal that lets anyone through after they just land on it once. Store their metadata, and return.

[pidgy]

@foxtrot if you assign this to me I can probably put something together.

@minanagehsalalma you can choose the module name :)

[minanagehsalalma]

you can choose the module name :)

It's my pleasure.. what about UAC stands for user agent collector 😅?

[minanagehsalalma]

I would use a captive portal that lets anyone through after they just land on it once

Maybe not wait for them to land on a page but catch apps connection requests if possible to get the metadata even faster.
@foxtrot what do you think ?

[pidgy]

@minanagehsalalma You would have to wait for a request made over HTTP, which would take longer no?

If you drop them into a "passive" captive portal they would hit your HTTP page, then you can grab the metadata and redirect them to wherever they were going.

[minanagehsalalma]

You would have to wait for a request made over HTTP, which would take longer no?

Yup you are right ... But I am talking about in case of karma attack where the phone screen shouldn't be necessary turned on... So the apps in the background will do the trick I think.

[pidgy]

Ah I see, maybe it would be best to implement both, and neither if they are already captured.

[minanagehsalalma]

best to implement both, and neither if they are already captured.

I agree it can't be better.

[foxtrot]

Bare in mind that if you're trying to figure out client OS / Device type and not just strictly user agents, you can use more than HTTP requests.

[minanagehsalalma]

not just strictly user agents

I think most of the time user agent contains the client os but maybe not it's version. Incase of mobile device it's either Android or iOS and you can tell that from just the model name.

[pidgy]

I think the easiest way to do this would be a captive portal. The second they connect to your device you can serve a blank page, snag the headers, then close the portal/authenticate the client.

[minanagehsalalma]

I think the easiest way to do this would be a captive portal. The second they connect to your device you can serve a blank page, snag the headers, then close the portal/authenticate the client.

Yup that's the easiest way.

Although i don't think that capturing that header from apps requests is hard
Just like fluxion webserver tab

[pidgy]

@minanagehsalalma heres a small update on what I have working so far.

I have the module drop a portal that authorizes users right away, while grabbing some profile information.

I still have a lot of editing to do to make sure formatting looks good, as well as add some options like downloading these captures, etc. etc.