Your phone constantly shouts: "Is 'Home-Wifi' here? Is 'Starbucks' here?". The Wi-Fi Pineapple answers "Yes!" to everything. This is a Karma Attack.
Evil Twin
1. Scout: You see "Starbucks Free WiFi" (Open Network).
2. Clone: You create a network with the same SSID "Starbucks Free WiFi" but stronger signal.
3. Deauth: You kick users off the real one.
4. Capture: They reconnect to you.
5. Phish: You serve a fake login page "Please login with Facebook to access the internet".
1. HSTS (The Defense)
In the past, you could strip SSL (SSLstrip) and read passwords in plain text.
Now, HSTS (HTTP Strict Transport Security) forces browsers to use HTTPS.
So the Pineapple can't easily see traffic content (unless the user ignores certificate warnings).
However, Captive Portals (the login page) rely on redirecting traffic, which is still a prime attack vector for credential harvesting.
2. Modules
The Pineapple is modular.
Occupineapple: Floods the air with thousands of fake AP names to confuse scanners.
Nmap: Scans the connected victims for open ports.
Protection
Turn off Wi-Fi when not using it. "Forget" saved networks you don't use often. Use a VPN immediately upon connecting to Public Wi-Fi.