Learn How To Sniff Wireless Passwords With Pirni (Man In The Middle Attack)

The thing about the iPod Touch and the iPhone is that they are great portable hacking devices. To the naked eye the iPod Touch/iPhone looks like nothing more than an ordinary mp3 player/cellphone however that is just an understatement to its full potential. Once your iPod Touch/iPhone is jailbroken you have access to your whole file system meaning that applications generally associated with laptop/desktop hacking can be ported and used on the iPod Touch/iPhone. This opens up a whole lot of possibilities for network sniffing, port scanning and much much more! In this tutorial we are going to take a look at one of these programs called Pirni.

What is Pirni?

Pirni is an application that was ported to the iPod Touch/iPhone to be used as a native network sniffer. Pirni is so useful because it gets past the iPod Touch’s/iPhone’s WiFi hardware limitation of not being able to be set into promiscuous mode (a mode that allows a network device to intercept and read each network packet that arrives in its entirety).  To get past this limitation Pirni comes with an ARP spoofer that successfully routes all the network traffic through your iPod Touch/iPhone, records it to a dump file and then uses packet forwarding to send it to it’s normal recipient (ie. the router). What this basically means in simpler terms is that all the traffic on a specific network comes through your iPod Touch/iPhone before it reaches the router. This meaning that if we sniff the network long enough, another user connected to the network could enter in an unencrypted password and you could then retrieve that password after looking through your dump file.

Pirni Graph

Using Pirni

Pirni is an application that does not have a GUI (Graphical User Interface) and it requires a program called Terminal to run and be used. Terminal is basically an application that allows you to give your iPod Touch/iPhone simple commands. Below I am going to go through the steps of installing and using Pirni… **Note this is a technical tutorial and is not recommended for users new to computers. Please also note that this tutorial is for educational purposes only. It is illegal to sniff a wireless network that is not your own. Use and Follow this Tutorial at your own Risk.

Step 1) - The first thing you are going to need to do is install a program called Mobile Terminal on your iPod Touch/iPhone. This program is available through cydia, so open up cydia and type in terminal into the search tab. Once you find Mobile Terminal on your search Results install it to your iPod Touch/iPhone.

 

Step 2) - Once you have installed terminal the next application you are going to install is Pirni. Type pirni into the search tab and once it appears on your search results click it and install it to your iPod Touch/iPhone. Once Pirni installs you will have installed everything you need to begin sniffing wireless networks…

Step 3) - Before you launch terminal and begin sniffing you will need a few pieces of information on your wireless network; the network’s ip address and the router’s ip address. You can find out this information by launching  Settings and clicking  Wifi then clicking on the arrow next to Your wireless network’s Name. Once you find the information you are looking for which is the IP Address and the Router IP Address write it down on a piece of paper so you remember it.

Step 4) - Now that you have the required information you are ready to begin the process of sniffing with Pirni. The first thing you need to do is open up Terminal; so do this now by finding Terminal on your springboard and clicking it to launch it. **Note Terminal sometimes takes a few times to actually load. If you click the Terminal application and it opens and closes then simply click it again until it fully launches. Once you get Terminal up and Running you are going to need to login as a a root user to gain full access to your iPod Touch/iPhone. Type in the following commands and please note they are all case sensitive so copy them exactly as shown…

su

alpine (alpine is the default password. If you have not changed your password then use alpine)

Once you have gained root access continue to step 5…

Step 5) - Once you are logged in as the root user you can begin using Pirni. To initiate Pirni you are going to need to enter in a line of commands replacing whats in red with your network specific information.

-s: Specifies the IP-adress you want to spoof, this is where the Router IP Address goes.

-d: Specifies the target you want to perform MITM on, this is where the IP Address of your network goes.

-f: Specifies the Berkley Packet Filter so that pirni only collects interesting packets. This is very good if you want to filter out specific packets – such as FTP, SMTP or HTTP. If no -f options is supplied, all packets will be captured.

-o: Specifies the dumpfile where all the collected packets end up. This is a pcap dump format, that most traffic analyzers can handle.

pirni -s 192.168.0.1 -d 192.168.0.128 -f “tcp dst port 80″ -o log.pcap

Once you enter the Commands Pirni will initiate and begin collecting packets. A packet is a formatted unit of data carried by a packet mode computer network. For example, every Web page that you receive comes as a series of packets, and every e-mail you send leaves as a series of packets. Pirni collects these packets and records them into a readable dump file that can be analyzed at a later date on your computer. In order for Pirni to collect something interesting you are going to need to visit a website that doesn’t use an ssl encrypted connection. Leave your iPod Touch or iPhone alone collecting packets and go to a website that doesn’t use an ssl encrypted connection and login to that website. An example of this kind of website would be Hawkee.com this website does not use an ssl encrypted connection while handling logins. If you want to test out Pirni to see if you can get a password register an account up with Hawkee.com and login to your account while you are sniffing your network. Once you are done scanning the network drag your finger across the screen in a diagonal direction and this will stop pirni correctly. **Note it is important to close pirni this way to avoid errors while analyzing your dump file later on.

Analyzing your Dump File

Now that you have sniffed the packets on your network you now have to analyze the dump file created by Pirni. To do this you will need to get the dump file off your iPodTouch/iPhone by using a program called Winscp. This program allows you to access the files on your iPod Touch/iPhone. To use this program you will need two things; open ssh installed on your iPodTouch/iPhone and Winscp installed on your computer…

 

Step 1) - Download openssh to your iPod Touch/iPhone by going into Cydia and typing in openssh into the search panel. Once you see openssh on the search results click it and install open ssh. Once open ssh has been installed exit Cydia and continue to step 2…

Step 2) - The next thing you need to do is install a program called winscp to your computer. This program will allow you to take files off your iPod Touch/iPhone with an easy to use GUI (Graphical User Interface).

Download Winscp (Direct Link)

Once Winscp Downloads to your computer install it by following the easy to use steps of the installer…

Step 3) - Once Winscp has finished installing double click the winscp.exe to launch the program. You will be presented with a window like the one depicted below…

Once you get Winscp up and running you are going to need to enter in some information  into Winscp. The first thing you need to enter is the Host name which is your networks IP Address. This is the Address that you wrote down earlier you can find it inside Settings > Wifi >Your Network Name Tab. The next thing you need to enter is the Username this is always left as root. The last piece of information you need to enter in is the password the default password if you haven’t changed it is alpine. If you have changed your password then enter your current password in the password field now.

Once you enter in the required information click the Login Button. The first time you login it will take awhile to load just be patient and wait it can take up to five minutes. The first time you login you will also get a warning message that will appear simply hit the ok button to the warning message. When you successfully login click the / button on the top right hand corner of the screen…

Once you click the / Button (Which is the Root Directory Shortcut) the next thing you are going to do is click the User file directory as shown below. This is where all your dump files are saved and stored through Pirni…

Once you are inside the User File Directory you should now see your log file. Drag the Log file to your Desktop and then Exit Winscp as you are now done using the program. Winscp is a useful program if you need to access your iPod Touch/iPhones internal File Structure. Now that you know how to use Winscp you can use this useful program anytime you want.

Step 4) - Now that your Log File has been successfully transferred to your computer you are now going to need to download an application that will analyze the dump file called WireShark.

Download WireShark (Direct Link)

With WireShark successfully downloaded to your computer double click the setup.exe and install it to your computer. When it asks you if you want to install WinPcap click no because you will not need this functionality while analyzing your dump file.

Step 5) - Now that WireShark is installed double click the WireShark.exe on your Desktop to start the program. Once the Program is up and running you are going to need to open your log file. Click the Open Button in the middle of the screen and then locate your log file which should be on your Desktop.

Once you locate your Dump file and load it into WireShark you will now see a screen with a bunch of packets displayed. These are all the Packets that you captured while you were sniffing your network. If you have never seen packets before all of this information will mean nothing to you and seem confusing. If you research a little bit online about packets you will find these packets are a lot more interesting however if you are new to this whole thing then the search tool will be your friend. Click the Magnifying glass on the top of the screen and it will bring up a search window.

Once the Search window comes up you will be presented with three options Display Filter, Hex Value and String. Click the String Option and then type in password into the search field and click the Find Button. The Search Tool is a great tool to find interesting information in your dump file. With the search tool it will quickly scan through all your packets and will find a match to what you are searching for. It defiantly beats looking through hundreds of packets till you find something interesting. With the search tool you can simply type in keywords that would be of interest to you like password,username,login,email and it will try to find a match. **Note not all dump files will contain interesting information like passwords,usernames etc… It all depends on what users connected to the network you are scanning are doing.

Once you click the find button you will be directed to the packet that contains the password string or the string that you typed into the search field. If you look at what is highlight you can see that you have successfully found the username and password to your hawkee.com account. If this was performed on an unknown network you would have successfully sniffed a password that you can then do what you want with. WireShark is a very powerful tool for analyzing packets if you go to their Website you can learn a lot about packets and other analyzing techniques not discussed on this tutorial.

As you can see your iPod Touch or iPhone can be transformed into a powerful password sniffing device. With Pirni you can have a powerful password sniffing program hidden within your iPod Touch/iPhone. You can have your morning coffee at starbucks while sniffing its wireless network without anyone knowing or suspecting a thing. There are many other useful hacking programs on the iPod Touch/iPhone, and I will write more tutorials for programs like Ngrep and TCP Dump in the future if enough interest is given. As always if you require any help with this tutorial please feel free to post your questions/comments in the comments section below.

Please Share your Experience using Pirni and if you had any luck sniffing up any passwords!

Don't forget to follow iJailbreak.com on Facebook, Twitter and Google+. Be sure to check out our partnership page where you can get mentorship on starting your own business online.
  • hammurabi

    how do you know what website/program a certain user/pass goes to?

  • StanHell

    Hello hammurabi to tell which program/website the user entered the information in you need to look at the first few packets above or underneath the packet that had the passwords in. You should see a url in those packets and that will be the website the user entered his username and password in. If you have anymore question please feel free to ask!

  • Ozaal

    I have different question. If I want to catch a packet coming from my own iPhone (like a action performed in an online game) and send it out repeatedly, how would I go about doing that?

  • StanHell

    Hello ozaal that is a very interesting thought. At the moment I am not aware of how to do this however I as well would be interested in this, so I will look into this and possibly write a tutorial for it. I will keep you posted if I find out anymore information. Thanks StanHell

  • issac212

    can you have more then one dump file on your ipod at a time? What i mean by this is can you perform multiple scans before reading the files on wireshark?

  • StanHell

    Hello issac212
    The answer to your question is yes you can and it is an easy thing to do! If you wanted to save different log files, which I do all the time. Simply change the name of your log file from log.pcap to whatever name you wanted to like for example log2.pcap or hourscan.pcap or something like that. As long as you change the name of your output file your other log files will not be deleted. If you have anymore questions please reply back! :)

  • issac212

    yeah one more. i keep getting this message on mobileterminal saying “couldnt look up IPv4 network number and netmask for en0″ could you help me?

  • StanHell

    Hey issac212 hmmm I have never really seen that error before.
    Can you please elaborate on what you are doing when you get that error? Thanks!
    To avoid errors make sure you are connected to the network you are doing the pirni sniff on and that you have entered the right IP address’s etc

  • Issac212

    Well actually I was going to try to sniff the network at my school to get the wep password. Do you need to be connected to wifi to use pirni?

  • Issac212

    I also found this other app on cydia called tcpdump. It seems to be the same as pirni except you can view the packets right on mobileterminal! I need some help with the commands to enter in mobileterminal so you should check it out.

  • StanHell

    Hey there issac212
    Unfortunately the only thing with pirni is that you do need to be connected to the network before you can sniff it. So you will need to find your school network password first by asking someone in your school. I do know about TCP Dump and if you are interested I could write a tutorial on it for sure. Give me a couple days and I will write it. Thanks StanHell

  • Issac212

    Ok thanks I will be checking back later for your tutorial

  • StanHell

    I found out that TCP Dump is becoming outdated. However I found another tool that is a lot better and I have wrote a very detailed tutorial on it. Check it out here:
    http://www.podzombie.com/2010/02/expanding-your-knowledge-of-network-hacking-on-the-ipod-touchiphone-with-pirni-derv/

  • mroportunity

    Hey is there a different way to view the wifi network’s ip adress and router information? When i go into settings>Wifi and the click on the arrow everything is blank.

  • guest343

    Pirni is no longer available through Cydia. I want to know if there is any alternate way to install pirni. Thanks

  • guest

    Pirni Pro is now available. Do we follow the same protocol with wireshark?

  • StanHell

    Hello there,
    yeah you follow the exact same protocol. I am actually working on creating a tutorial for Pirni Pro so you can expect one soon. but follow the same steps for analyzing with wireshark!

  • Joshua

    Thanks!! very helpful… just what i was looking for.
    BTW new GUI pirni is out (called Pirni Pro 1.1.8).
    It costs money from BigBoss (at cydia) so if u want it for free, need to add this source:
    http://cydia.myrepospace.com/HackStor/
    basically it has all the same functions (source+dest IP, BPF Filter for port or protocol filtering like -f, option to change dumpfile name+directory) except a new option that maybe the CLI version has and i just dont know about it – show captured usernames and passwords right on the iphone/ipod, using regex (common username and password fields) that u can add yourself.

  • Joshua

    edit: didn’t see ur last post lol

  • John

    hey i was wondering if you would be able to transfer cookies to your computer from the captured pirni packets, let me know yeah?

  • JoseCaos

    yeahhh!!!! i just want to thank you about this tutorial, very usefull!
    great you found me on tweeter! (twitter.com/mixfuckedup) now im a fan of your really cool site! everything went ok with my test-sniffing! :D
    saludos desde la ciudad de mexico!

  • KyleKIR

    Hey StanHell… I just found this blog today.. hope your still on it lol… anyways I just found Pirni Pro as well on my itouch before finding this blog.. I was playing with it some did you ever make that tutorial on it? (Pirni Pro) if so can you tell me where I can find it.. I’m new to all this so I don’t know too much yet.. but I did keep finding my user names for like facebook and stuff.. thats about it. Oh and about Rexgex I don’t really understand it much yet either.. it seems the 3 options it gives you are all for a certain site? is there a way to make your own rexgex or w/e to like find passwords of facebook,hotmail,yahoo,myspace.. any of that… if that makes sense.. lol

    anyways hope any of this made sense.. I’m trying to learn it.. and I will with some help :) thanks

  • KyleKIR

    ohh.. and if possible.. could you possibly teach us how to do other hacking type things on our ipod/iphones.. like other tools to use.. or other things u can do with it.. to gain information…anything. thanks again

  • KyleKIR

    okay okay okay.. I’m writing again… forget everything I said above.. I’m starting over.

    I read your other blog (after posting the ones above) about Pirni-Derv… does that have anything to do with Pirni Pro? I’m kinda confused to be honest..

    and I thought about doing all you said in Pirni-Derv. but then again.. its a loot to do.. and what for.. really I don’t know cause I don’t know what information I could potentially be getting off open networks.. and you have to re type all those commands and stuff every time you want to sniff a neetwork? seems crazy isn’t there an easier way?

    I don’t know but neways I’m still playing with Pirni Pro.. by itself.. viewing the packets in “Ifile” I tested it with that site you mentioned “hawkee.com” and it worked even showed up on live feed.

    anyways what else can I do with pirni pro beisdes going through that whole pirni -derv thing? and I still want to know.. is there a way to obtain better passwords and stuff like yahoo,facebook,hotmail..over a open network from your itouch? cause I don’t know how many sites there are like hawkee that.. just show the password that people actually use daily.. like they would fb,myspace,hotmail,yahoo and so on.

    also I’d still like to know as well… can you teach us other hacking type things we can do over our itouch/iphones .. like anything cool u can do with bluetooth? or anything.. idk get phone numbers, phone calls.. anything cool u can teach I’d like to learn.

    thanks a lot for reading all this.

    Kyle

  • StanHell

    Hello KyleKIR I will start writing the tutorial for Pirini Pro Today, Pirni Pro is a great application and does in fact have most of the functionality Pirni-Derv has. The only thing it cannot do is intercept cookies, like Pirni-Derv can. I will tweet when I have written the tutorial and email you. Thanks for your interest! :)

  • StanHell

    And for the other hacking tutorials, you bet I can. Until I write them you can check out Nmap and metasploit – Metasploit can take over someones computer under the right circumstances! I will write one for metasploit soon as well!

  • KyleKIR

    Hey StanHell, Thanks a lot.. I don’t have twitter so I don’t think I’ll be getting that notification.. but I’m looking forward to that email so I can know when its up and ready to be read.

    as for the other hacking tutorials I’ll be looking forward to those as well and in the mean time i’ll read about the 2 you posted for me..

    thanks a lot.

  • StanHell

    Well here we have it, it took me almost all day to write but it is finally done! Here is the new tutorial for Pirni Pro!
    http://www.podzombie.com/2010/07/network-hacking-the-easy-way-with-pirni-pro-tutorialregex-strings-list/
    Tell me your thoughts on it. StanHell

  • Evox

    Hello stanhell,
    I am glad to finally find a tutorial on this. All extremely easy when used to doing this on my computer.

    If you would like help compiling a guide/tutorial with tcpdump or even a full tutorial on pentesting with the itouch/iphone, please let me know, as i have a lot of info i can share.

    Great Website by the way!

  • KyleKIR

    Hey Evox, If StanHell would like could you possibly both do the tutorial/guide on Pentesting and tcpdump.. I’d like to learn about them both and how to use them.. really I don’t know what they are or what they do.. but I want to learn.

    Thanks a lot

  • StanHell

    That would be great Evox,
    I have contact you and hope to hear from you soon. :)

  • Clarkey

    how do you stop pirni in mobile terminal OS4 compatible becasue sliding your finger dosent do anything.

  • Beck

    Why don’t most blacks have internet? The did online seaches to find white people during the L.A. riots.

  • http://www.sohu.ro Andrei Piele

    Hey (author), thanks for bringing freshness in this topic. I have read a lot of articles but nothing with the recent updates about this topic. Your article came as a great help.

  • http://www.losreyes-magos.com reyes de oriente

    To the point and written well, thanks for the post

  • http://www.oi-torpedo.com/ torpedo gratis

    I agree, ty for sharing this..

  • CFA level

    Thank you, nice post! Just the thing I had to have.

  • http://ealtamira.com posicionamiento web

    TY a ton for putting this up, it was very informative and helped me very much

  • http://www.melbournelaserclinic.com.au/ Laser Hair Removal

    Thanks for the helpful info! I wouldn’t have found this on my own!

  • http://www.squidoo.com/gateopener/ gate operator

    Thanks for the helpful information! I would never have discovered this on my own!

  • http://www.rajpromotions.com/facebook_promotion.html facebook marketing

    I just added this feed to my favorites. I enjoy reading your posts. Thank you!

  • http://neweggcodecoupon.com Newegg free

    Thank you for posting this, it was very handy and told me immensely

  • http://www.fapturboforexea.com/buy-fapturbo/ fap turbo

    TYVM, great job! Exactly the stuff I needed to get.

  • n8

    Great info thanks
    this is easily the best source
    of information on the subject I could find
    currently on the web.
    Cheers

  • Pingback: Learn How to Install MobileTerminal for the iOS4.1Firmware!

  • Pingback: Expanding Your Knowledge of Network Hacking on the iPod Touch/iPhone with Pirni-Derv | iJailbreak - Apple iPhone, iPod Touch, iPad and Apple TV Jailbreak, Unlock, Cydia News

  • Pingback: Here is What’s Coming Up In Pirni Pro 1.1.9! [Update Coming Soon] | iJailbreak - Apple iPhone, iPod Touch, iPad and Apple TV Jailbreak, Unlock, Cydia News

  • blaaaaaa

    hey when i wanna read my dump file it awayls gives me an error
    (pcap: File has 858929202-byte packet, bigger than maximum of 65535)

  • Alvaro Zevallos Miranda

    my bro, i have a problem with terminal it just doesnt work. Should i reinstal this aplication?

  • Soyaka

    Same for me ):

  • Haranksh2

    pirni command doesn’t exsist
    any help?
    mostafa.helmy.orange@gmail.com

  • Jonjomate

    Ive got a Version of Pirni with GUI. And also, you can Set RegExp to Filter passwords and usernames live. So Way better than this. :DD Its Called Pirni Pro. It costs around 3 or 4 Dollars on Cydia. I think its free on xsellize.

  • slimmer

    If you have ifile or winscp go look for mobileterminal-426.deb on a file hosting site. install it through file and reboot your device, once done mobile terminal should work with iOS 4+, at least it did for me

  • Aquestion

    I think there is a stupid case which is:
    - Finding ip adress: In order to work pirni for pick packet process, we need ip adress.
    If we are not connected to any network, we can not see ip adress of related modem.
    If we are connected, there is no reason to hack it.

  • Mocha80

    I think most of the people interested in this page for hacking someones wifi user name and password. Unfortunatelly with this method; the only thing that u can get is hacking “modem user name, password” + “connected other users’ web page user name,password (such as facebook and yahoo mail…)”.
    Example: McDonalds and similar social places have common wifi network for all their users. Once you connect to their wifi network, u may do the things listed above ;)

  • ..!..,

    @ Aquestion if u are on another internet and u send me a message for example and i have pirni up i will collect your ip address so i can ddos attack you or whatever else i may want to do to your network… just saying there is a reason to get someones ip addy and its not worthless

  • ..!..,

    also as long as u have wireshark and ssh u dont need win. i just open the log and it automaticly opens through wireshark

  • Alverooddone

    When I go into winscp there is no log.pcap file. Can anyone help me

  • snakes

    I can analyze the pcap file and found some passwords. problem is to filter it. shure you can use find a paket and type some words but its works not 100% and many passwords are decrypted.

  • Pingback: How To: Install MobileTerminal On Jailbroken iPhone 4S And iPad 2 — jailbreakjunkie.com

  • Phoenixnoab670

    I have a problem i downloaded winshark but it won’t open So i used cocao packet sniffer or something like that. Then I search under packet string and tyep password but there are. o passowrds that show up. Nothing shows up.

    Also if I found an ip address should i enter pirni -s (my ip address -d (there ip address)?
    Finally do you have to be connected to the wifi your trying to hack?

  • Max Gichtin

    Pirni command doesn’t exist?

  • Fly

    user=(.*)&pass=(.*)& for some passwords. Works fine on email adress from a not https website.