-
Posts
134 -
Joined
-
Last visited
-
Days Won
3
Posts posted by loozr
-
-
Ok, I'll give it a try, just to test my (non-existing) skill of writing guides :)
In my example I'm going to use Chrome as browser, Notepadd++ as editor, Winscp as filetransfer to the Pineapple and facebook as my target.
Otherwise all my pineapple configurations are standard, and I'm using USB storage and symlink to the www folder.
Copy, and edit your site
1. Visit the site you would like to duplicate, like facebook.com in Incognito-mode(ctrl+shift+n)
2. Right-click somewhere on the page and choose "Save as.." and choose to save the Complete page to a folder you remember.
3. You should now have both "facebook.htm", and a folder named "facebook_files"
4. Right-click "facebook.htm" and choose to "Edit with Notepad++"
5. In Notepadd++ hit ctrl+f and enter "action" in the searchbox.
6. You will then find a line that says
action="https://www.facebook.com/login.php?login_attempt=1"[/CODE]
7. Change the line into
[CODE]action="error.php"[/CODE]8. Simply save the page.
[b]Transfer the edited Site[/b]
1. The first time you start Winscp it will ask you for some details to make a new Session, so just enter the following information
[CODE]
Host name=172.16.42.1
User name=root
Password=pineapplesareyummy[/CODE]And change the File Protocol to SCP. Now, to skip this step the next time you could save this information for later. It also asks you if you will ike to save the password, but it's recommended you don't.
2. Hit Login and enter the pineapples password if needed.
3. You might get 2 errors, but this is fine, just hit OK. (error looking up user groups and error getting name of remote directory)
4. When connected to the pineapple you will see 2 spaces, the one to the left is your local computer, and the right is the pineapple.
5. Browse to the folder on your computer where you saved the edited facebook.htm+facebook_files folder, and on the pineapple browse to the /usb/ folder.
6. Make a new folder in the pineapple called phish i.e. /usb/phish/
7. Copy your facebook.htm+facebook_files to /usb/phish on the pineapple.
[b]Symlink the .htm files to /www/[/b]
1. Browse to the pineapples gui 172.16.42.1/pineapple and login.
2. In the Advanced tab you enter
[CODE]ln -s /usb/phish/* /www/[/CODE]3. Now if you enter 172.16.42.1/facebook.htm in your browser a page similar to facebook.com should appear, if not check that you didn't miss any steps.
From this step there is a bit different ways to achieve different results. If you would like the url in your browser to look like the real deal, then follow my next guideline, otherwise I guess you would be fine with jumping to the DNS Spoof section. This would leave the /www/index.php in the original state.
[b]Make the URL look real[/b]
To make the URL appear like the real one we have to edit/create a new index.php file that already exist in the Pineapples /www/ folder. Since I'm allready connected to the pineapple with Winscp, I'm using the editor in Wincsp for this, but you could of course use ssh, and edit with nano or anything similar.
Every steps is performed in Winscp and in the /www/ folder
1. Rightclick and Rename the index.php into something like indexOLD.php just to have a copy of the original.
2. Rightclick in a white space and create a new file and name it index.php
3. In the editor that appears you paste the following code:
[CODE]
<?php
$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$skipInclude = 0;
if (strpos($ref, "facebook")) { $phishFile = "facebook.htm";
} elseif (strpos($ref, "example")) { $phishFile = "example.htm";
} elseif (strpos($ref, "tricks")) { $phishFile = "tricks.htm";
} elseif (strpos($ref, "noname")) { $phishFile = "noname.htm";
} elseif (strpos($ref, "dork")) { $phishFile = "dork.htm";
} else { require('redirect.php');
$skipInclude = 1;
}
if ($skipInclude == 0) {
include($phishFile);
}
?>[/CODE]4. Of course, you don't need the example, tricks, noname, and dork, but this is just to illustrate how you could do with additional sites.
5. When done editing index.php save the file.
[b]Spoof DNS[/b]
This last step is done in the pineapples GUI 172.16,42,1/pineapple
1. In the Configuration tab you can edit the "DNS Spoof Config"
2. Enter sites you would like to spoof like in this example.
[CODE]
172.16.42.1 *.facebook.com
172.16.42.1 example.com
172.16.42.1 tricks.com
172.16.42.1 noname.com
172.16.42.1 dork.com[/CODE]3. Hit Update spoofhost
4. In the Statuspage hit Start next to DNS Spoof
Now, one thing to remember is that you will of course have to be connected to the pineapple for this to work, and that you might have to clear your cache before the DNS resolves to the pineapple.
If you are in Windows fire up commandline and enter ipconfig /flushdns and try to ping faceook.com. If everything is ok you should get reply from 172.16.42.1.
Test that it works by entering facebook.com in your browser an try to enter anything in username/pass. If everything works as expected you should be able to see what you entered in the Logs page if you have a fairly new flash, otherwise you can check the file /www/pineapple/logs/phish.log
And last but not least, All this is information that I have gathered around the forums, so none of this is my work. Credits goes to several users on the forums that have shared information!
That said, I'm hoping that if I have forgotten anything, or have misled anyone I'm hoping you could correct this for me, since I'm not the best writer out there.
-
Okey, I'm not sure which thread I should use since there are so many threads about DNSspoof, but I'll give this one a go.
So I've been experiencing some hickups with dns spoof, meaning that sometimes it's redirecting to the pineapple, and sometimes it's showing the real site. I've actually setteled with this behaviour since I thought it might have to be like this.
However, now I have seen in the dnsspoof log that it's forwarding to an external site(see the spoiler for details) and I'm beginning to wonder why this is happening? As far as I understand I think this is a server from opendns, but is this something that the pineapple is programmed to do? Is it supposed to act like this? If not, what could I do to change this behaviour?
dnsspoof output_1347364116.log [september 11 2012 14:08:48]
dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1]
172.16.42.197.54039 > 172.16.42.1.53: 63708+ A? www.facebook.com
172.16.42.197.59747 > 172.16.42.1.53: 37762+ A? ar-ar.facebook.com
172.16.42.197.51605 > 172.16.42.1.53: 37683+ A? de-de.facebook.com
172.16.42.197.64158 > 172.16.42.1.53: 43307+ A? developers.facebook.com
172.16.42.197.59849 > 172.16.42.1.53: 8852+ A? es-la.facebook.com
172.16.42.197.53003 > 172.16.42.1.53: 43342+ A? fr-fr.facebook.com
172.16.42.197.63925 > 172.16.42.1.53: 10290+ A? hi-in.facebook.com
172.16.42.197.52556 > 172.16.42.1.53: 18622+ A? it-it.facebook.com
172.16.42.197.58588 > 172.16.42.1.53: 62613+ A? nb-no.facebook.com
172.16.42.197.55966 > 172.16.42.1.53: 14778+ A? nn-no.facebook.com
172.16.42.197.59382 > 172.16.42.1.53: 6099+ A? pt-br.facebook.com
172.16.42.197.52170 > 172.16.42.1.53: 26745+ A? m.facebook.com
172.16.42.197.61771 > 172.16.42.1.53: 31163+ A? pixel.facebook.com
172.16.42.197.55342 > 172.16.42.1.53: 6996+ A? blogg.no
172.16.42.197.58563 > 172.16.42.1.53: 60063+ A? www.facebook.com
172.16.42.197.51883 > 172.16.42.1.53: 24056+ A? static.ak.facebook.com
172.16.42.197.54127 > 172.16.42.1.53: 25725+ A? s-static.ak.facebook.com
172.16.42.197.53771 > 172.16.42.1.53: 8255+ A? static.ak.facebook.com
172.16.42.197.61987 > 172.16.42.1.53: 30144+ A? s-static.ak.facebook.com
172.16.42.197.64644 > 172.16.42.1.53: 26373+ A? www.facebook.com
172.16.42.197.58729 > 172.16.42.1.53: 63919+ A? static.ak.facebook.com
172.16.42.197.59129 > 172.16.42.1.53: 45681+ A? s-static.ak.facebook.com
172.16.42.197.65480 > 172.16.42.1.53: 44979+ A? twitter.com
172.16.42.197.54760 > 172.16.42.1.53: 2090+ A? www.facebook.com
172.16.42.197.50595 > 172.16.42.1.53: 54001+ A? ar-ar.facebook.com
172.16.42.197.53557 > 172.16.42.1.53: 24890+ A? de-de.facebook.com
172.16.42.197.49829 > 172.16.42.1.53: 35630+ A? developers.facebook.com
172.16.42.197.60615 > 172.16.42.1.53: 9045+ A? es-la.facebook.com
172.16.42.197.52402 > 172.16.42.1.53: 19356+ A? fr-fr.facebook.com
172.16.42.197.59823 > 172.16.42.1.53: 59182+ A? it-it.facebook.com
172.16.42.197.50730 > 172.16.42.1.53: 561+ A? hi-in.facebook.com
172.16.42.197.52812 > 172.16.42.1.53: 5458+ A? nb-no.facebook.com
172.16.42.197.57894 > 172.16.42.1.53: 40432+ A? nn-no.facebook.com
172.16.42.197.51194 > 172.16.42.1.53: 36654+ A? pt-br.facebook.com
172.16.42.197.61338 > 172.16.42.1.53: 39990+ A? www.facebook.com
172.16.42.197.59628 > 208.67.222.222.53: 55608+ A? static.ak.facebook.com
172.16.42.197.51382 > 208.67.222.222.53: 42310+ A? s-static.ak.facebook.com
172.16.42.197.51750 > 208.67.222.222.53: 30756+ A? www.facebook.com
172.16.42.197.64212 > 208.67.222.222.53: 5950+ A? static.ak.facebook.com
172.16.42.197.51237 > 208.67.222.222.53: 28688+ A? s-static.ak.facebook.com
172.16.42.197.49947 > 208.67.222.222.53: 54116+ A? www.facebook.com
172.16.42.197.51477 > 172.16.42.1.53: 3482+ A? static.ak.facebook.com
172.16.42.197.55125 > 172.16.42.1.53: 49274+ A? s-static.ak.facebook.com
172.16.42.197.52003 > 172.16.42.1.53: 5791+ A? www.facebook.com
172.16.42.197.63502 > 172.16.42.1.53: 36450+ A? ar-ar.facebook.com
172.16.42.197.55076 > 172.16.42.1.53: 31481+ A? developers.facebook.com
172.16.42.197.51104 > 172.16.42.1.53: 5200+ A? de-de.facebook.com
172.16.42.197.57290 > 172.16.42.1.53: 13701+ A? es-la.facebook.com
172.16.42.197.51135 > 172.16.42.1.53: 61794+ A? fr-fr.facebook.com
172.16.42.197.62896 > 172.16.42.1.53: 4551+ A? hi-in.facebook.com
172.16.42.197.58553 > 172.16.42.1.53: 4433+ A? it-it.facebook.com
172.16.42.197.54654 > 172.16.42.1.53: 5104+ A? nb-no.facebook.com
172.16.42.197.57794 > 172.16.42.1.53: 61713+ A? nn-no.facebook.com
172.16.42.197.63429 > 172.16.42.1.53: 52558+ A? pt-br.facebook.com
172.16.42.197.53818 > 208.67.222.222.53: 44647+ A? error.facebook.com
172.16.42.197.61880 > 208.67.222.222.53: 17368+ A? static.ak.facebook.com
172.16.42.197.57394 > 208.67.222.222.53: 1759+ A? s-static.ak.facebook.com
172.16.42.197.52127 > 208.67.222.222.53: 12831+ A? www.facebook.com
172.16.42.197.65205 > 208.67.222.222.53: 16202+ A? error.facebook.com
172.16.42.197.59769 > 208.67.222.222.53: 62273+ A? m.facebook.com
172.16.42.197.61531 > 208.67.222.222.53: 32421+ A? static.ak.facebook.com
172.16.42.197.60786 > 208.67.222.222.53: 59732+ A? www.facebook.com
172.16.42.197.61219 > 208.67.222.222.53: 8571+ A? s-static.ak.facebook.com
172.16.42.197.53234 > 208.67.222.222.53: 60705+ A? static.ak.facebook.com
172.16.42.197.52201 > 208.67.222.222.53: 24202+ A? s-static.ak.facebook.com
172.16.42.197.63018 > 208.67.222.222.53: 50430+ A? www.facebook.com
172.16.42.197.50838 > 208.67.222.222.53: 6864+ A? static.ak.facebook.com
172.16.42.197.50039 > 208.67.222.222.53: 23606+ A? s-static.ak.facebook.com
172.16.42.197.60051 > 208.67.222.222.53: 34724+ A? error.facebook.com
172.16.42.197.50794 > 172.16.42.1.53: 44897+ A? www.facebook.com
172.16.42.197.53820 > 172.16.42.1.53: 52715+ A? static.ak.facebook.com
172.16.42.197.64152 > 172.16.42.1.53: 52694+ A? s-static.ak.facebook.com
172.16.42.197.62013 > 172.16.42.1.53: 10507+ A? static.ak.facebook.com
172.16.42.197.51664 > 172.16.42.1.53: 55049+ A? www.facebook.com
172.16.42.197.64856 > 172.16.42.1.53: 49788+ A? s-static.ak.facebook.com
-
I guess I'm the one that should say sorry, I don't mean to be accusing in any way. Just trying to tell about my experience.
But can you please tell me why the following scenario is'nt working:
- I have prev connected my phone to the pineapple, and the default network called "pineapple 20:e6" exist in my network list on my HTC Desire. I connected to this default network while Karma was Not running.
- Then I changed the Pineapple SSID to AndroidAP.
- When Karma is running the Pineapple, my phone will NOT automagically connect to this "pineapple 20:e6" network, in fact it says that the network is not in range. While the network named AndroidAP is visible on the phone. For information the phone is not connecting to any networks nearby in this test, only displaying the networks nearby.
In my opinion I would say that when my desire says that the network is not in range, then there has been a probe for it, and as far as proclaimed Jasager should say yes to this probe. Am I right?
But when I'm manually creating a network on my phone, whatever the name may be, THEN I'm connected to the Pineapple. So as far as my experience with my phone, it's only working when I'm manually creating a network. Not quite as I expected.
As sidenote I get a whole bunch of probes in the Statuspage when I'm in public, but there is mostly none that actually gets an IP according to the status page. An expample I just made is out of 900 probes(this is from the karma.log so there are duplicates), only 3 IP's connected. To make a really rough estimate, lets say there's a 3% successrate. In my opinion thats a little bit disappointing.
I would really like if you could please learn me why this is the case? I would be really happy and thankful if this is caused by an error I made. But this is also the case right after a flash.
-
I have the exact same findings as barry. I'm quite disappointed in this Jasager hype, since it does'nt work as proclaimed.
The only way I get my HTC Desire to connect to the Pineapple is if I manually enter a new open network from the HTC Desire. In this case I get connected to the Pineapple whatever the name might be. It does not work with Open networks that already exist in my desire.
And it's also the same regarding to Windows 7.
Again, this might be because of my setup, but it does'nt work when it's newly flashed either.
-
I'm just wondering if another antenna could possibly increase the range?
Like this humongus antena from DX.com
-
I have just modified the USB plug that connects the Pineapple to the USB hub. Just opened the plug, and pulled out the pin 1(red).
Both the hub, and usb stick + usb interface is working.
Bottomline, you should be good with just removing the red wire. Perhaps you damaged some of the other wires pizzafries?
-
Thanks for your link, but I think I'll be using the one that I already have. Hey, there is no phun without a little bit of hackin'. ;)
Would it be correct to snip pin1 in the hub? And would that be enough? Or should I also snip pin4?
-
Okey. So basically I should try to modify my USB hub to NOT backfeed power. My hub is a Belkin USB 2.0 hub 4 port. Anyone got any tips on modifying USB hubs?
(sorry this might be off topic)
-
Really?
Did you feed the pineapple 5v in both its "head and bottom"? ;)
I thought it would be ok when I'm feeding the pineapple 5v in the main power AND the backfeed from the hub..
-
I'm using a battery pack from DX.com with 2 5v usb ports. I'm feeding the pineapple 5v, and my powered usb hub also backfeeds the pineaple.
So I'm just wondering if it would harm the pineapple in any way to run on 5v form the main power, AND beeing backfeed trough the usb port?
I understand that running the pineapple on JUST the backffeed from the hub would possibly damage it though..
-
Well, as far as i know of, I think the ui has been on port 1471 in previous versions of the pineapple, right? So, i guess there would be some knowledge about the possible disadvantages?
Although I don't feel the need for this, I really don't see what bad it could do. (other than for the module writers that is)
-
This one is on my TODO list of modules. ;)
Like there are no modules by Whistle Master already? ;)
Looking forward to it! :)
-
Thanx, great work! See you already fixed phishlog, thats amazingly fast fixed! :) Not the biggest one, but still.. :)
Just wanted to make a little note for the stable release; -The language packs are not downloading, when trying to update language packs. The only language files in the languages folder is english 2.6.2 and 2.6.3.
Edit: Guess I should mention that this is with 2.6.3 flash :)
-
Is there also possible to show /www/pineapple/logs/phish.log in the logs page in the next verison? I think there is many people who would appreciate this, and it's a rather small fix, right?
I know i can add a couple of lines in pineapple/pages/logs.php, but its a bit boring doing all this little tweaks every time one is flashing the pineapple.
Don't mean to nag though, I'm very pleased with all the effort you guys are putting in the pineapple and its software! Really great work! :)
-
Aha, so the Pineapple draws the same amperage regardless of what voltage it's feeded with? The pineapple draws about 1amp from both 12v and 5v?
lets say that I have a 12v 1Ah battery and a 5v 1Ah battery, then they would last just as long with the Pineapple? Like 1 Ah is 1 Ah regardless of the voltage?
-
That's great! Thanks for making great modules! :)
-
This looks interesting and I'm looking forward to your movies. B)
Although I'm wondering what's the point in using a raspberry? I mean, do you get some extra sauce or what? Would the extra power draw be justified in the extra abilities that the pi has?
Actually it would be great if you could show us a nice little trick or feature that you would need the pi to accomplish.
(sorry for my lack of knowledge regarding the pi and pwnpi. I have a pi lying around, but didn't find it interesting anymore when i got the Pineapple :D)
-
Yes you can phish only specific pages and give full net access to other pages.
If you take a look at your DNS spoof page, and there you shuold enter pineapples ip, and the site you want to spoof.
ie
172.16.42.1 facebook.com
[/CODE]Some pages I found that I needed to also add a line with www in front of the rest of the address..
-
That might be because the IP is still stored in the DNS cache..
If so you should be successful if you close your browser, and (assuming windows) run ipconfig /release, ipconfig /flushdns and ipconfig /renew
Might not need to run all of them, but I think this might help.
-
I'm having some problems with this module, probably because I choosed to remove config of both devices in the Network manager page. Now I'm unable to add the devices again. How can I do this?
I have tried to remove and reinstall the Network Module, and I have tried rebooting, but still no joy..
Help is appreciated! Otherwise this is a great Module! Great work!! :)
Actually I got it working again. I studied the code on the page and found that it was looking for info from /etc/config/wireless (surprise :P)
Anyway, i found that I had 226 lines of configurations there, a bit much, and I have no idea what could have cluttered up that config file. When I removed the excess lines, network manager is working as intended again.
-
I'm having some problems with this module, probably because I choosed to remove config of both devices in the Network manager page. Now I'm unable to add the devices again. How can I do this?
I have tried to remove and reinstall the Network Module, and I have tried rebooting, but still no joy..
Help is appreciated! Otherwise this is a great Module! Great work!! :)
-
Don't plug in Alfa till AFTER the pineapple boots. You probably figured this out by now.
I have also registered this, the internal wifi in the pineapple gets screwed when booting with ALFA plugged in. Should(could) this be fixed in the next upgrade?
-
Is it possible to login to the web pages? If so, could you do another re-flash?
Oops, I'm sorry. Now I see that you have made a clean flash.
-
I would recommend you to try create your own site. Me self I have NO coding experience besides a little logic thinking, and sites like facebook is rather simple to clone. I have maybe been doing this myself for a couple of days now, and feel I have learned something already.
You just rightclick and choose save entire page, then you just edit the .htm(l) file in an editor(i.e. notepad++) and search for action. You will find a link right after action, replace that link with i.e. error.php(which is your php script that posts information to a log file). Then a little further down the code you will find something like this for the username/email
<input type="text" class="inputtext" name="email" id="email" value="" tabindex="1" />
[/CODE]Here you replace name="email" to name="name". (at least with the error.php that I'm using.)
And for the password you really don't have to change in this example, as it should be name="pass"
[CODE]
<input type="password" class="inputtext" name="pass" id="pass" tabindex="2" />
[/CODE]After that you just save the htm(l) file and upload it(and the folder with the files) to your pineapple and test it out.
To make it clear, this might be different with other post scripts than my error.php. But I guess you figured that out since it seems you have been coding before.
As the reason why you should try doing this yourself is that you learn a lot about the webpages while screwing around in the code, and a lot of pages is quite more difficult than FB. I would recommend you to try do it manually first, and if you are unsuccessful, THEN you can use tools like SET and others.
Hopefully you understand what I have written, and hopefully my directions are correct. ;)
Pineapple Range ?...
in WiFi Pineapple Mark IV
Posted
Well, I have to idmit that I didn't really believe that a new pigtail would do anything, but man I was wrong.
I opened up the Pineapple and turned it on for a simple test with InSSIDer. Took the laptop in another room and started measure.
Original pigtail and antenna: -75 dBm
Without any pigtail or antenna: -85 dBm
With new pigtail&original antenna: -55 dBm
Actually the pigtail was one I had lying around, but non-the-less, replacing the pigtail really helps!