![](http://content.invisioncic.com/r167241/set_resources_1/84c1e40ea0e759e3f1505eb1788ddf3c_pattern.png)
billyblaxsta
-
Posts
71 -
Joined
-
Last visited
-
Days Won
1
Posts posted by billyblaxsta
-
-
There are other videos but this one should do the trick
This looks good thanks - will spend some time on it in the next few days and post my results.
-
The maximum txpower is 18dBm, I use it all the time without any problems.
Thanks for the advice. I am wondering if you know why the maximum TX is 18 when for other devices e.g. a NIC it might be 27. In other words: how is the maximum TX power determined?
-
I used to use something like this, when I first got the pineapple, it would have TERRIBLE range and so in the jasager file after auto starting jasager in /etc/init.d/jasager I added the line
iwconfig ath0 txpower auto
but I am going to try your way.
Did you notice any difference or improvement?
-
My wlan0 is Atheros AR928X. My wlan1 is AWUS036H. wlan0 TX is 20 and wlan1 TX is 27.
Is there a way to improve these values? If I type iwconfig wlan0 txpower 21 or iwconfig wlan1 txpower 28 then the response is:
Error for wireless request "Set Tx Power" (8B26) :
SET failed on device wlan0 ; Invalid argument.
Why does this happen and what can I do about it?
-
When someone is using ARPspoof then they are saying to every NIC in range "I am the router. You already know the router IP and this is the MAC address".
The new MAC address will replace the MAC address each victim had in their ARP cache which contained the router's real MAC address.
ARPspoof broadcasts out the packets repeatedly. I am wondering:
a) Does the router also broadcast out its MAC address continually therefore being a "competitor" to the attacker using ARPspoof? I assume not because I cannot see the point once the ARP cache between the client and router has been created.
B) Which aspects therefore would affect the ability of the attacker to successfully use ARPspoof. If for example the attacker was 10 meters away from the victim using a laptop but there was a router only seven meters away from the victim then is it likely that the router's proximity would mean that the broadcast packets would more likely to be discounted? Or is this not how routers work?
Thanks.
-
When you say, SSLstrip only worked with AOL, Facebook, Hotmail and Yahoo. Did those websites use HTTPS all the way through, i mean not only at the login process but throughout the whole session?
Here is the situation:
Login screen - AOL, Gmail, Hotmail, and Yahoo showed HTTPS. Facebook showed HTTP but when you click the login button it is clearly using HTTPS.
Session - all use HTTP.
The -k option works in all five cases. When you click a link or refresh you are logged out. Sometimes this happens more quickly than other times. Interestingly Hotmail does not log you out but requests that you log yourself out. More interestingly Gmail logs you out without you clicking on anything. After a couple of minutes you are logged out even if you have not done anything.
In Facebook and Gmail you can select HTTPS throughout your session. When this happens the -k option does not work.
It seems that the -k option only works on smaller networks when using ARPspoof and broadcasting that you are the router to all users (rather than selecting a specific target IP). When you use ARPspoof with the broadcast on a larger network the -k option does not work at all.
Any ideas why?
-
I found this interesting thread on how to increase the signal strength on the Fon: http://forums.hak5.org/index.php?showtopic=14093&st=0&p=140372&hl=range&fromsearch=1entry140372
So I edited /etc/config/wireless and changed option txpower '0' to option txpower '8'.
The power (as shown by iwconfig) changed from Link Quality=55/70 Signal level=-55 dBm to Link Quality=64/70 Signal level=-46 dBm.
I am wondering if any more improvement is possible? What would happen if txpower was set to (for example '12'?
Also: this is a basic question but I seem to have lost the WRT GUI so I don't know what the acceptable values are for the signal strength settings. Where can I find the HTML file?
Thanks.
-
I am wondering if people who use SSLStrip have managed to get the -k (kill) option to work.
The idea is that - after you have arpspoofed an individual or an entire network - you issue sudo sslstrip with the -k option and it should kill the SSL sessions of all targets in range.
I have tested this on my small home network with me sslstripping on one computer while the target logs in to various webmails. If I was logged in to an active AOL, Facebook, Hotmail, or Yahoo session then if I tried to do anything (for example click a link in the webmail) I would be quickly logged out and would have to login again. Gmail was not affected through.
In the example above I arpspoofed the entire network of 3 computers. However, when I have tried this on larger networks, the -k option does not work. Nobody gets logged out so only targets that login to SSL connections are affected.
Has anyone else experienced this issue or have any suggestions?
Thanks!
-
In windows, with secured networks, the check box for auto connect is checked by default and is activated when you press connect. However I don't believe unsecure networks are checked by default (so you would have to manually check it), and might not even have the checkbox available in windows 7 (not sure since I tend to teather to my phone when on the go...)
I see. So if a Windows client is deauthenticated from a secure network (and therefore cannot in theory reconnect) the only way it will connect and complete the connection to the Jasager is if an insecure network was previously checked to automatically connect.
-
Basically your Windows computer has a list of preferred networks. The only order it goes by is the last network you set to autoconnect is searched for first, then if it cant find that one, it probes for the one before that, then the one before that and so on. It will use that order unless you set up your preferred networks manually.
Thanks. Because in Ubuntu I am not sure there is any list.
Final question: when you say "set to autoconnect" - is this an automatic situation or not? Do you connect to coffeeshopnetwork then say "I am setting this to autoconnect" or does it just happen?
-
Hello,
I am trying to find out how (in practice) encryption and the Preferred Wireless List work (in all OS's but particularly Windows).
I have tested this on my Ubuntu systems. If I am trying to connect to an encrypted network and Jasager "is" that network then obviously no full connection is made. I then need to cancel that attempted connection and Ubuntu then automatically tries another network which may or may not be encrypted. There does not appear to be any logic to what network it will try to connect to - there is no obvious "order" for example.
I wonder if someone can tell me how this situation works in Windows (XP, 7, and Vista) where Jasager is pretending to be an encrypted network - and then what happens after that connection fails.
Thanks.
-
It looks like the "HTTP_HOST" variable isnt set by either this version of php or by the server (or whatever sets it lol)
I threw together a quick rough fix for you though. I say rough because the victims will need to have javascript enabled...
index.html
<html> <head> </head> <body> <form action="index.php" method="POST" name="theform"> <input type="text" name="host" value=""/> </form> <script type="text/javascript"> document.theform.host.setAttribute("value",window.location); document.theform.submit(); </script> </body> </html>
index.php (named it index.php because it doesnt redirect, it displays the contents of the phishing pages instead of redirecting to them)
<?php error_reporting(0); $ref = $_POST['host']; if (strpos($ref, "facebook.com")) { include('facebook.html'); } else if (strpos($ref, "twitter.com")) { include('twitter.html'); } else if (strpos($ref, "gmail.com") || strpos($ref, "mail.google.com")) { include('gmail.html'); } else if (strpos($ref, "yahoo.com")) { include('yahoo.html'); } else if (strpos($ref, "youtube.com")) { include('youtube.html'); } else { include('peets.html'); } ?>
Thanks - that worked a treat. Much appreciated! And thanks also to Robin for all your help.
-
It looks like the "HTTP_HOST" variable isnt set by either this version of php or by the server (or whatever sets it lol)
I'll look at your code shortly thanks but just a thought:
If HTTP_HOST isn't set might not variables like HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED_HOST, and HTTP_X_FORWARDED_SERVER work instead?
Or, maybe download a PHP version which does use the HTTP_HOST variable?
-
what URL did you use to get that page?
I connected the Fon to eth0 then typed www.anysitewhatsoever.com/test.php where test.php runs the code:
<?php phpinfo(); ?>
test.php is of course in /www.
I can use any site because of the dnsmasq.conf address=/#/192.168.1.1
In http://hak5.org/hack/auto-rickrolling-wifi-pineapple Darren uses <?php phpinfo(); ?> just to check that PHP is installed correctly.
Should I have done something else? Thanks again.
-
I think he meant for you to post the output of that script
Also, I'm not a php expert, but maybe try:
<?php $ref = $_SERVER['HTTP_HOST']; $ref2 = getenv('HTTP_HOST'); var_dump ($ref); var_dump ($ref2); ?>
Output:
NULL bool(false)
-
Thats wrong, that value should be populated. Are you definitely using $_SERVER and not $SERVER or something like that?
Only other thing to try is:
<? phpinfo(); ?>
and post the output from that.
I assume you mean the output of php version 4.4.7.
PHP Version 4.4.7
System Linux OpenWrt 2.6.26.5 #20 Sun May 3 13:07:35 BST 2009 mips
Build Date Dec 6 2009 02:47:47
Configure Command './configure' '--target=mips-linux' '--host=mips-linux' '--build=x86_64-linux-gnu' '--program-prefix=' '--program-suffix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib' '--sysconfdir=/etc' '--datadir=/usr/share' '--localstatedir=/var' '--mandir=/usr/man' '--infodir=/usr/info' '--disable-nls' '--enable-shared' '--disable-static' '--disable-rpath' '--disable-debug' '--without-pear' '--with-config-file-path=/etc' '--disable-ipv6' '--enable-magic-quotes' '--enable-memory-limit' '--disable-overload' '--disable-short-tags' '--disable-ctype' '--disable-dom' '--enable-ftp=shared' '--without-gettext' '--without-iconv' '--disable-mbstring' '--disable-mbregex' '--with-openssl=shared,/home/agb/openwrt/atheros/staging_dir/mips/usr' '--with-kerberos=no' '--with-openssl-dir=/home/agb/openwrt/atheros/staging_dir/mips/usr' '--enable-session=shared' '--enable-sockets=shared' '--disable-tokenizer' '--with-zlib=/home/agb/openwrt/atheros/staging_dir/mips/usr' '--with-zlib-dir=/home/agb/openwrt/atheros/staging_dir/mips/usr' '--with-curl=shared,/home/agb/openwrt/atheros/staging_dir/mips/usr' '--with-gd=shared,/home/agb/openwrt/atheros/staging_dir/mips/usr' '--without-freetype-dir' '--with-jpeg-dir=/home/agb/openwrt/atheros/staging_dir/mips/usr' '--with-png-dir=/home/agb/openwrt/atheros/staging_dir/mips/usr' '--without-xpm-dir' '--without-ttf' '--without-t1lib' '--enable-gd-native-ttf' '--disable-gd-jis-conv' '--with-gmp=shared,/home/agb/openwrt/atheros/staging_dir/mips/usr' '--with-ldap=shared,/home/agb/openwrt/atheros/staging_dir/mips/usr' '--with-mysql=shared,/home/agb/openwrt/atheros/staging_dir/mips/usr' '--with-pcre-regex=shared,/home/agb/openwrt/atheros/staging_dir/mips/usr' '--with-pgsql=shared,/home/agb/openwrt/atheros/staging_dir/mips/usr' '--enable-xml=shared' '--with-expat-dir=/home/agb/openwrt/atheros/staging_dir/mips/usr' '--disable-cli' '--enable-cgi' '--disable-fastcgi' '--enable-force-cgi-redirect' '--enable-discard-path'
Server API CGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc/php.ini
PHP API 20020918
PHP Extension 20020429
Zend Extension 20050606
Debug Build no
Zend Memory Manager enabled
Thread Safety disabled
Registered PHP Streams php, http, ftp, compress.zlib
Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v1.3.0, Copyright © 1998-2004 Zend Technologies
PHP Credits
Configuration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen On On
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors On On
display_startup_errors Off Off
doc_root /www /www
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 2039 2039
expose_php On On
extension_dir /usr/lib/php /usr/lib/php
file_uploads On On
gpc_order GPC GPC
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .: .:
log_errors Off Off
log_errors_max_len 1024 1024
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
max_execution_time 30 30
max_input_time 60 60
memory_limit 8M 8M
open_basedir no value no value
output_buffering no value no value
output_handler no value no value
post_max_size 8M 8M
precision 12 12
register_argc_argv On On
register_globals Off Off
report_memleaks On On
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path -t -i -t -i
serialize_precision 100 100
short_open_tag Off Off
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 2M 2M
upload_tmp_dir /tmp /tmp
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
posix
Revision $Revision: 1.51.2.4.2.3 $
standard
Regex Library Bundled library enabled
Dynamic Library Support enabled
Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,input=src,form=,fieldset= a=href,area=href,frame=src,input=src,form=,fieldset=
user_agent no value no value
zlib
ZLib Support enabled
Compiled Version 1.2.3
Linked Version 1.2.3
Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level -1 -1
zlib.output_handler no value no value
Additional Modules
Module Name
Environment
Variable Value
USER root
CONFIG_cfg02f02f_timezone UTC
CONFIG_cfg024e53_port 80
HOME /
CONFIG_cfg04315a_handler logger reboot
c_file no value
realm OpenWrt
CONFIG_cfg024e53_home /www
CONFIG_cfg0638e0_handler logger factory default
TERM vt102
CONFIG_cfg04315a_button reset
CONFIG_NUM_SECTIONS 1
PATH /sbin:/usr/sbin:/bin:/usr/bin
home /www
port 80
CONFIG_cfg04315a_TYPE button
CONFIG_cfg04315a_min 0
CONFIG_cfg0638e0_button reset
SHELL /bin/sh
CONFIG_cfg04315a_max 4
CONFIG_cfg04315a_action released
CONFIG_cfg024e53_TYPE httpd
CONFIG_cfg02f02f_hostname OpenWrt
args -p 80 -h "/www" -r "OpenWrt"
hostname OpenWrt
CONFIG_cfg0638e0_TYPE button
CONFIG_SECTION cfg024e53
PWD /
CONFIG_cfg0638e0_min 5
CONFIG_cfg02f02f_TYPE system
CONFIG_cfg0638e0_max 30
CONFIG_cfg0638e0_action released
cfgtype httpd
CONFIG_SECTIONS cfg024e53
PATH_INFO no value
REQUEST_METHOD GET
REQUEST_URI /test.php
SCRIPT_FILENAME /www/test.php
SCRIPT_NAME /test.php
QUERY_STRING no value
SERVER_SOFTWARE busybox httpd/1.11.2
SERVER_PROTOCOL HTTP/1.0
GATEWAY_INTERFACE CGI/1.1
REMOTE_ADDR 192.168.1.234
REMOTE_PORT 35638
HTTP_USER_AGENT Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.04 (lucid) Firefox/3.6.17
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5
ORIG_PATH_INFO no value
ORIG_SCRIPT_NAME /test.php
ORIG_SCRIPT_FILENAME /www/test.php
DOCUMENT_ROOT /www
PATH_TRANSLATED no value
PHP Variables
Variable Value
_SERVER["USER"] root
_SERVER["CONFIG_cfg02f02f_timezone"] UTC
_SERVER["CONFIG_cfg024e53_port"] 80
_SERVER["HOME"] /
_SERVER["CONFIG_cfg04315a_handler"] logger reboot
_SERVER["c_file"] no value
_SERVER["realm"] OpenWrt
_SERVER["CONFIG_cfg024e53_home"] /www
_SERVER["CONFIG_cfg0638e0_handler"] logger factory default
_SERVER["TERM"] vt102
_SERVER["CONFIG_cfg04315a_button"] reset
_SERVER["CONFIG_NUM_SECTIONS"] 1
_SERVER["PATH"] /sbin:/usr/sbin:/bin:/usr/bin
_SERVER["home"] /www
_SERVER["port"] 80
_SERVER["CONFIG_cfg04315a_TYPE"] button
_SERVER["CONFIG_cfg04315a_min"] 0
_SERVER["CONFIG_cfg0638e0_button"] reset
_SERVER["SHELL"] /bin/sh
_SERVER["CONFIG_cfg04315a_max"] 4
_SERVER["CONFIG_cfg04315a_action"] released
_SERVER["CONFIG_cfg024e53_TYPE"] httpd
_SERVER["CONFIG_cfg02f02f_hostname"] OpenWrt
_SERVER["args"] -p 80 -h \"/www\" -r \"OpenWrt\"
_SERVER["hostname"] OpenWrt
_SERVER["CONFIG_cfg0638e0_TYPE"] button
_SERVER["CONFIG_SECTION"] cfg024e53
_SERVER["PWD"] /
_SERVER["CONFIG_cfg0638e0_min"] 5
_SERVER["CONFIG_cfg02f02f_TYPE"] system
_SERVER["CONFIG_cfg0638e0_max"] 30
_SERVER["CONFIG_cfg0638e0_action"] released
_SERVER["cfgtype"] httpd
_SERVER["CONFIG_SECTIONS"] cfg024e53
_SERVER["PATH_INFO"] no value
_SERVER["REQUEST_METHOD"] GET
_SERVER["REQUEST_URI"] /test.php
_SERVER["SCRIPT_FILENAME"] /www/test.php
_SERVER["SCRIPT_NAME"] /test.php
_SERVER["QUERY_STRING"] no value
_SERVER["SERVER_SOFTWARE"] busybox httpd/1.11.2
_SERVER["SERVER_PROTOCOL"] HTTP/1.0
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["REMOTE_ADDR"] 192.168.1.234
_SERVER["REMOTE_PORT"] 35638
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.04 (lucid) Firefox/3.6.17
_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_SERVER["ORIG_PATH_INFO"] no value
_SERVER["ORIG_SCRIPT_NAME"] /test.php
_SERVER["ORIG_SCRIPT_FILENAME"] /www/test.php
_SERVER["DOCUMENT_ROOT"] /www
_SERVER["PATH_TRANSLATED"] no value
_SERVER["PHP_SELF"] /test.php
_SERVER["argv"]
Array
(
)
_SERVER["argc"] 0
_ENV["USER"] root
_ENV["CONFIG_cfg02f02f_timezone"] UTC
_ENV["CONFIG_cfg024e53_port"] 80
_ENV["HOME"] /
_ENV["CONFIG_cfg04315a_handler"] logger reboot
_ENV["c_file"] no value
_ENV["realm"] OpenWrt
_ENV["CONFIG_cfg024e53_home"] /www
_ENV["CONFIG_cfg0638e0_handler"] logger factory default
_ENV["TERM"] vt102
_ENV["CONFIG_cfg04315a_button"] reset
_ENV["CONFIG_NUM_SECTIONS"] 1
_ENV["PATH"] /sbin:/usr/sbin:/bin:/usr/bin
_ENV["home"] /www
_ENV["port"] 80
_ENV["CONFIG_cfg04315a_TYPE"] button
_ENV["CONFIG_cfg04315a_min"] 0
_ENV["CONFIG_cfg0638e0_button"] reset
_ENV["SHELL"] /bin/sh
_ENV["CONFIG_cfg04315a_max"] 4
_ENV["CONFIG_cfg04315a_action"] released
_ENV["CONFIG_cfg024e53_TYPE"] httpd
_ENV["CONFIG_cfg02f02f_hostname"] OpenWrt
_ENV["args"] -p 80 -h \"/www\" -r \"OpenWrt\"
_ENV["hostname"] OpenWrt
_ENV["CONFIG_cfg0638e0_TYPE"] button
_ENV["CONFIG_SECTION"] cfg024e53
_ENV["PWD"] /
_ENV["CONFIG_cfg0638e0_min"] 5
_ENV["CONFIG_cfg02f02f_TYPE"] system
_ENV["CONFIG_cfg0638e0_max"] 30
_ENV["CONFIG_cfg0638e0_action"] released
_ENV["cfgtype"] httpd
_ENV["CONFIG_SECTIONS"] cfg024e53
_ENV["PATH_INFO"] no value
_ENV["REQUEST_METHOD"] GET
_ENV["REQUEST_URI"] /test.php
_ENV["SCRIPT_FILENAME"] /www/test.php
_ENV["SCRIPT_NAME"] /test.php
_ENV["QUERY_STRING"] no value
_ENV["SERVER_SOFTWARE"] busybox httpd/1.11.2
_ENV["SERVER_PROTOCOL"] HTTP/1.0
_ENV["GATEWAY_INTERFACE"] CGI/1.1
_ENV["REMOTE_ADDR"] 192.168.1.234
_ENV["REMOTE_PORT"] 35638
_ENV["HTTP_USER_AGENT"] Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.04 (lucid) Firefox/3.6.17
_ENV["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
_ENV["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_ENV["ORIG_PATH_INFO"] no value
_ENV["ORIG_SCRIPT_NAME"] /test.php
_ENV["ORIG_SCRIPT_FILENAME"] /www/test.php
_ENV["DOCUMENT_ROOT"] /www
_ENV["PATH_TRANSLATED"] no value
-
Thats wrong, that value should be populated. Are you definitely using $_SERVER and not $SERVER or something like that?
Only other thing to try is:
<? phpinfo(); ?>
and post the output from that.
I am using $_SERVER - I copied and pasted your code.
The new code above just loaded a blank page but <?php phpinfo(); ?> loads the page for php 4.4.7.
-
HTTP_HOST is nothing to do with the referrer, it is the domain name from the URL.
Try this:
<pre> <?php $ref = $_SERVER['HTTP_HOST']; var_dump ($ref); ?>
and tell us what is displayed
I connected to the Fon and typed www.randomsite.com/code.php
As you may have assumed it provided a "NULL" output.
-
This is how I think it should look:
<?php $ref = $_SERVER['HTTP_HOST']; if (strpos($ref, "facebook")) { header('Location: facebook.html'); exit; } else { require('peets.html'); exit; } ?>
Sorry...same problem as before.
Thanks for all your support - much appreciated!
-
There's the off chance you might have a "Boolean FALSE" being returned. There's a few ways to counter this but i recommend using preg_match instead.
Try this:
<?php $ref = $_SERVER['HTTP_HOST']; if (preg_match('/facebook/', $ref)) { header('Location: facebook.html'); exit; } require('peets.html'); ?>
http://php.net/manual/en/function.strpos.php
Checkout the return value on strpos.
This happens because it finds the value 'facebook' within the first position (0).
A good way to counter it would of been doing something like this:
<?php $ref = $_SERVER['HTTP_HOST']; if (strpos($ref, 'facebook') !== FALSE) { header('Location: facebook.html'); exit; } require('peets.html'); ?>
I'm afraid the preg_match idea provides: Fatal error: Call to undefined function: preg_match() in /www/redirect.php on line 5
And the second code with !== FALSE redirects all traffic to peets.html as before.
I am wondering whether the problem is that because index.html sends all traffic to redirect.php that when facebook.com is entered, the redirect.php script "sees" the index.html rather than the facebook.com and so quite correctly forwards the user to peets.html.
Also: are we sure that HTTP_POST always forwards the referrer for all browsers (I am using Firefox 3.6).
Any other php ideas? Thanks as always!
-
I mentioned this to Darren when he first released the script, I'd personally go for checking $_SERVER['HTTP_HOST'] instead of the referrer as it checks the URL you have not the one where you came from.
Try changing HTTP_REFERER to HTTP_HOST and see if that fixes it.
Unfortunately using Ubuntu Firefox 3.6.17 I have the same problem irrespective of whether I use HTTP_HOST or HTTP_REFERER.
-
Problem solved - I reflashed it.
This guide worked: http://hak5.org/hack/wifi-pineapple-flashing-guide
-
I'd still add an exit after the header just to for completeness.
I have tried various versions but everything (including facebook.com) redirects to peets.html whereas anything with 'facebook' in the URL should redirect to facebook.html
First I tried Darren's version:
<?php
$ref = $_SERVER['HTTP_REFERER'];
if (strpos($ref, "facebook"))
{
header('Location: facebook.html');
exit;
}
require('peets.html');
?>
The I tried the same version but with HTTP_HOST rather than HTTP_REFERER.
Then I tried using 'exit' as follows for both HTTP_HOST AND HTTP_REFERER.
<?php
$ref = $_SERVER['HTTP_REFERER'];
if (strpos($ref, "facebook"))
{
header('Location: facebook.html');
exit;
}
require('peets.html');
?>
Any more suggestions? Thanks!
-
Hi,
I can no longer obtain an IP address from the Fon (whether by wlan0 or eth0).
Here is my syslog:
Jun 21 07:56:23 dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 7
Jun 21 07:56:30 dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 15
Jun 21 07:56:45 dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 18
Jun 21 07:57:03 dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 11
Jun 21 07:57:05 NetworkManager: <info> (wlan0): DHCP transaction took too long, stopping it.
Jun 21 07:57:05 NetworkManager: <info> (wlan0): canceled DHCP transaction, dhcp client pid 1699
Jun 21 07:57:05 NetworkManager: <info> Activation (wlan0) Stage 4 of 5 (IP4 Configure Timeout) scheduled...
Jun 21 07:57:05 NetworkManager: <info> Activation (wlan0) Stage 4 of 5 (IP4 Configure Timeout) started...
And for eth0:
Jun 21 07:58:15 dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
Jun 21 07:58:21 dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 15
Jun 21 07:58:22 kernel: [ 448.544130] eth0: no IPv6 routers present
Jun 21 07:58:36 dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Jun 21 07:58:46 dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14
Jun 21 07:58:57 NetworkManager: <info> (eth0): DHCP transaction took too long, stopping it.
Jun 21 07:58:57 NetworkManager: <info> (eth0): canceled DHCP transaction, dhcp client pid 1758
Jun 21 07:58:57 NetworkManager: <info> Activation (eth0) Stage 4 of 5 (IP4 Configure Timeout) scheduled...
Jun 21 07:58:57 NetworkManager: <info> Activation (eth0) Stage 4 of 5 (IP4 Configure Timeout) started...
I was playing around with the dhcp yesterday but only to replace the previous dhcp with this one: http://hak5.org/hack/pineapple-phishing
Everything worked fine when I finished with it yesterday.
Can anyone suggest why the DHCP on the Fon is no longer providing an IP? What should I do? Thanks as always.
Ssl Strip With -k Option
in Security
Posted
Good point. I was using 0.7 but the latest version is 0.9. Thanks for pointing this out.