Jump to content

[Support] Portal Auth


sud0nick

Recommended Posts

I need some more details. Where is your captive portal? Is it on the Pineapple? If so, you shouldn't see it there. The point of the portal tab is to show you a captive portal on the AP that your client radio is connected to so you can authenticate if the auto authentication feature fails.

EDIT: I'm thinking that maybe you thought the Portal tab was supposed to show you your own portal as it would appear to a victim?

I thought Portal Auth can be tested with my own captive portal running via evilportal. After run portalauth my captive portal doesn't work properly. I will make a factory reset onto my pineapple and summit here...

Link to comment
Share on other sites

  • Replies 262
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

I thought Portal Auth can be tested with my own captive portal running via evilportal. After run portalauth my captive portal doesn't work properly. I will make a factory reset onto my pineapple and summit here...

Whoa! There is no need to factory reset. PortalAuth will allow you to clone a captive portal on an access point before authenticating with it. The cloned portal will be stored in your Evil Portal library to be used as your own. You can also attempt auto authentication with PortalAuth but the version currently released is unreliable. The next version will be better.

Link to comment
Share on other sites

Whoa! There is no need to factory reset. PortalAuth will allow you to clone a captive portal on an access point before authenticating with it. The cloned portal will be stored in your Evil Portal library to be used as your own. You can also attempt auto authentication with PortalAuth but the version currently released is unreliable. The next version will be better.

Yeah, i know but yesterday making that tests running evilportal and portalauth together my EvilPortal was working bad, even after a reboot so i thougth there is conflict between these two because when i make a login into the portal my captive portal doesn't redirect to the internet, reloads itself again and it's neccesary to make a second login and it is very annoying.

Now i don't know if can get both infusions together... Maybe was only my problem...

Link to comment
Share on other sites

This issue has nothing to do with Evil Portal or Portal Auth. If you can't get the portal to redirect it is a problem with your HTML or JavaScript code.

Nope, now is working fine and before too. I say this for help a make a best infusion, i like so much your infusion so that is my report... Sorry for give any proof of that but now is working fine after a factory reset :D

Edit: and i don't change anything in my html and php code, i thought was that.

Regards.

Edited by daniboy92
Link to comment
Share on other sites

Nope, now is working fine and before too. I say this for help a make a best infusion, i like so much your infusion so that is my report... Sorry for give any proof of that but now is working fine after a factory reset :D

Edit: and i don't change anything in my html and php code, i thought was that.

Regards.

The issue was most likely not the fault of Evil Portal or PortalAuth. If your portal wasn't displaying properly that is either a code issue or possibly a network issue on your Pineapple. Once the portal is copied PortalAuth doesn't interact with it anymore. The two infusions don't rely on each other to operate as PortalAuth simply creates a copy of a portal to the standard that EP requires then places it in the appropriate directory.

Link to comment
Share on other sites

Here is a quick update. The testing phase is still going strong. Unfortunately I have come across a couple of pages that PortalAuth will most likely never work with such as flash based portals. Cheeto came across one that uses a meta refresh to send the user to their login.php script. I am working now to make the script account for meta refreshes so the portal can be copied. A lot has been accomplished in the last week but there is still much ground to cover.

If anyone has any ideas of what else should be covered by the script please post them here so I can implement them.

Edited by sud0nick
Link to comment
Share on other sites

I just submitted v2.1 to the Pineapple Bar! There are a lot of updates with it and here is the modified change log!

[->] Removed Check Portal button. Refreshes can now be performed by clicking the refresh button in the top right corner of the small tile.
[->] Made the auto-authenticator more robust.  It now searches for more content and accounts for redirects, relative URLs, and meta refreshes.  *still in beta though*
[->] Made the portal cloner more robust.  It now searches for files based on relative URLs, accounts for redirects and meta refreshes, and now accepts multiple options for how a portal is cloned.
[->] Update the UI to include portal cloning options.
[->] Updated the configuration script.
[->] Modified the default InjectJS and InjectHTML files.
[->] Added an InjectCSS file.
[->] Added the ability to restore InjectJS, InjectCSS, InjectHTML, and auth.php files.
[->] Fixed a bug where the small tile displayed 'Captive Portal Detected' when the Pineapple is offline.  The new message displays 'Pineapple must be online to use PortalAuth'.
[->] Fixed a bug in the Portal Cloner that would add multiple login forms to the document.

A BIG thanks to Cheeto for helping me test the infusion and telling me where things could improve. A majority of the improvements are from the time you spent finding captive portals and testing the features multiple times. I'm incredibly grateful.

I still have plans for another feature for the cloner to fall back on in case a page's HTML is just so far out there that it can't be cloned properly. I want to be able to take a screenshot of the page and just overlay the current inject files on top of the image, however, currently all the methods to achieve this are not supported on the Pineapple. I will keep searching, though.

I will also be working on a video or a guide sometime in the near future to show all of the features and how to use them properly. I will display some of the methods to get a portal cloned as you may have to play with the settings depending on how the portal was built. Please stay tuned for that and as always let me know if there are any problems with this release.

Link to comment
Share on other sites

Looking forward to updating!

The Pineapple bar still has portal auth 2.0. Hopefully it will be updated soon.

The video was very nicely done! Clear and comprehensive.

If 2.1 is available tomorrow, I'll give it a try with "vex". (I think it's up and running now)

I'll be sending you the results.

Good job!!

Link to comment
Share on other sites

I've been doing some research on Authenticating or better yet by-passing paywalls.

Apparently it can be done. in fact it can even be done with an Android app (although i didn't have much luck but I'll keep trying)

The name of the app is called hotspot-bypass. (i think there's a linux version too.)

There is a VERY interesting presentation on this on youtube but it's in Spanish.

The PowerPoint in his presentation however is in English. Google this:

Pau Oliva - Bypassing wifi pay-walls with Android [Rooted CON 2014]

I didn't want to post the video because it's in Spanish. (approx 17 min long)

His app uses IP tables and somehow connects to other clients that are connected to the Hot Spot and grabs their cookies. bla bla bla, It might be worth looking at.

cheers

Link to comment
Share on other sites

I've been doing some research on Authenticating or better yet by-passing paywalls.

Apparently it can be done. in fact it can even be done with an Android app (although i didn't have much luck but I'll keep trying)

The name of the app is called hotspot-bypass. (i think there's a linux version too.)

There is a VERY interesting presentation on this on youtube but it's in Spanish.

The PowerPoint in his presentation however is in English. Google this: Pau Oliva - Bypassing wifi pay-walls with Android [Rooted CON 2014]

I didn't want to post the video because it's in Spanish. (approx 17 min long)

His app uses IP tables and somehow connects to other clients that are connected to the Hot Spot and grabs their cookies. bla bla bla, It might be worth looking at.

cheers

There have been a few ways I've seen through the years of bypassing captives. One of which is available in our openwrt repo for the pineapple. Called iodined.

Here is a little write up on the relating basis.

http://mihail.stoynov.com/2013/02/16/iodined-how-to-use-free-internet-on-airports/

Edit: sorry for going off topic ;-)

Edited by DataHead
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...