Client side Phishing is the huge flaw in BYOD security.  Ok, I'll say it, as a security professional, I don't like BYOD.  It extends the attack surface, with very little if any real value.  But we all know C-levels and sales guys (and haxors) like to look cool with their shiny  iThingy...    iOS devices cannot be controlled to use only certain networks.  This makes them easy prey for WiPhising Attacks.  It's also where Cisco and Aruba lose visibility into wireless security.  AirDefense can enforce policies to keep sanctioned clients from using certain SSID's (guest networks for example) and provide visibility (real time and historical).   You can talk about it, but if you can demonstrate this attack, you will have clear competitive advantage. So let's learn how to phish. Method One -  Using the alfa AP51.  

Purchase AP51.  Currently in stock at www.data-alliance.net or www.amazon.com
Download firmware and flashing tool. (attached).
Disable all network connections except ethernet.
Make sure winpcap is installed and working (you do use wireshark, correct?)
Set static IP on ethernet to 192.168.42.42 mask 255.255.255.0
Connect via ethernet, but DO NOT power up AP51 yet.
run ap51flasher as administrator
click external and load the 2 openwrt files.
Select GO and plug in the Alfa.  Timing is critical if it appears stuck at:  Your IP is 192.168.0.0, then unplug the AP51, kill the flasher and start over.  I've had best success by powering up the AP immediately after the flasher says:  Reading rootfs... and Reading kernel file...
The AP will now use 172.16.42.1, so change your IP appropriately and browse to http://172.16.42.1/pineapple

PHISH ON.  Now you can set your AP to host a captive portal (hamster dance anyone?) or bridge to a valid network and sniff away.   If you've got this far, you probably can google or figure the rest out, but let me know how it's working for you.  Method Two is direct from a Linux Laptop using hostapd, if you're interested.  More to come... Kent