WiFi Pineapple is archaic and uses python2. What you are looking for is very much doable, and there are tons of different ways to go about it. If I were to hypothetically write a book about someone gaining access to a device
Arp cache poisoning:
The best method would be to poison the ARP cache, performing a MiTM (man in the middle) attack combined with DNS poisoning. This way when the user types ie google.com, you respond with your own website. The user will see google.com on their machine, but a website your are hosting yourself. Then the next step is to gain a foothold by directing the user to a website he is likely to visit and download something from. You can see which website a user visits but not the data cause it's encrypted.
You pick some nice malware for user to download, and at that point you will have full control over everything.
This is just one method and pretty easy, you can also scan the ports of the user device and see if a vulnerable service is running there to gain a foothold. Or maybe an old Windows version etc.
Dns poisoning is basically how the
China firewall works. They make sure only approved websites can be viewed within China.
I would also NEVER use a Chinese made device nor download Chinese software / apps on the device since a lot of them are backdoor-ed. Just today a major Chinese e-commerce app turned out to be backdoored. US-made device have backdoors too but there is a lot more backlash from the public in the US about
privacy invasion. Apple for example is quite serious about privacy (not really) in PR, and the way Musk is anti-government would lead to immediate incarceration in China.
I personally use Huawei laptops though, it depends on your threat-model. I would also use Huawei phone but not for
crypto. I would NEVER use a Chinese router, routers are extremely dangerous if invaded by an advanced attacker for the reasons above. You can play for almost god.
The same DNS spoofing method can be done far higher up the hierarchy and exploited in a maddening amount of ways. If you live in a nation that does not have strong controls on their secret service you must assume they can gain access to your devices whenever they want if the costs warrant it. This used to be a small problem only, cause many countries had poorly trained secret service, but these days any idiot can buy top-notch nation-state-grade tools from for example Israeli firms.
Examples:
1.
Fog Reveal - Wikipedia
2.
The UK Government Knows How Extreme The Online Safety Bill Is
3.
EFF Urges Appeals Court to Re-hear Case over Trump’s X Account
4.
Proposed UN Cybercrime Treaty Threatens to be an Expansive Global Surveillance Pact - THIS IS UN LEVEL SURVEILLANCE
: Despite repeated civil society objections, the
zero draft of the Convention is looking less like a cybercrime treaty and more like an expansive global surveillance pact.
China Examples:
1.
https://grizzlyreports.com/we-belie...nt-security-threat-to-u-s-national-interests/
2.
China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies
3.
https://www.cnn.com/2023/04/02/tech...re-cybersecurity-analysis-intl-hnk/index.html
4.
Chinese hackers exploited years-old software flaws to break into telecom giants
https://www.bloomberg.com/quote/16667Z:US
Also never forget the US stopped
tax evasion in Switzerland from US persons by basically planting malware in the entire internet infrastructure of Europe to uncover the names of Americans with accounts.
The United States Government's Pursuit of Swiss Banks who Assist American Tax Evaders
You can also take steps to reduce risk of someone accessing your wifi. A good password is enough in most cases, but many routers have functionality for only allowing certain devices to connect. Once you have whitelisted all of your own devices, you can block anyone else from connecting even if they know the password. If you have guests that need wifi, set up a guest network for them (disable/change password when guests leave).
MAC address is incredibly easily spoofed, and actually exactly how handshake capture attack occurs.
Do anyone know any software or service that help me on this ?
There is Routersploit, easiest way to get started it to get a router and install OpenWRT, Pineapple is basically this. But you need to be a technical person to perform an attack, Pineapple is a fun tool but more for the hobbyist.
Default settings in modern operating systems are good enough in most cases.
Current Windows is still exploitable through bootloader attack ie. BlackLotus. Windows and Linux are not safe operating system, best is to use Qubes OS on a Chinese-made laptop imo. Depending on threat model of course.
A good password is enough in most cases
This is true, long password is hard to crack. New model of router + good password will keep most people out.
