TylerCPU
-
Posts
145 -
Joined
-
Last visited
Posts posted by TylerCPU
-
-
Simple. Post them on these forums and we will remove them.
Thanks for the quick response. ^_^
-
Hey everyone,
Lately the posts asking for / supplying phishing pages have increased. While this community is all about sharing I and the other moderators would like to remind you of our disclaimer. Not only that, but I am sure we can agree that we want to keep some type of recreated sites away from easy access - at least here on the forums.
Let's break this up:
Sharing Paypal, Ebay, Amazon, Banking or similar pages should not happen here. It is very unlikely that you will need these in the scope of a pentest or similar endeavour. If you do, make them yourself, find them somewhere else but please refrain from posting them here.
Sharing social networking sites or similar is a grey zone. Most of those sites are again not really going to be used in the legal sense. There may be times where you are required to gather more detailed information on a test, hence the grey zone. So please only share them cautiously on these forums.
If the moderators do see any links posted, they are subject to be reviewed and removed if said mod disagrees with them.
We hope you understand this,
Cheers!
What do you mean exactly by,"please only share them cautiously on these forums" and why. Thanks.
-
I have to agree, I have made some of my own in my testing and have hesitated to share them due to the legality/moral issues. What might be a better approach is to discuss the techniques used to make then based on needs that way it is us to the poster to use his own judgement.
As others have said Google Chrome seems to be the key one I see going around. I personally like to use WGET to fetch the sites right down to the USB drive and edit them with nano.
wget -r --no-check-certificate https://www.somesite.com
Cheers :)
Hesitated to share what kind of pages? I have created many how to videos on the pineapple. Should I remove all the phishing pages that I created and shared on youtube?4shared,blogger,box,dropbox,eharmony,facebook,gmail,googleplus,hotmail,instagram,linkedin,netflix,outlook,twitter,ustream,vimeo, and youtube. Doing more research I don't believe that making phishing pages it illegal. What is your personal opinion?
-
Shhh
If Sebkinne Shushes people then you know it's the next big thing.(Samsung commercial)
-
Yeah, as I said, always send the 302 status header.
I know. I was on the 2.7.0 firmware and in the middle of this process I upgraded to 2.7.7. I totally forgot until I was looking at that script and a light bulb went off(in my brain). Thanks for your help. I can finally redirect users to the mobile or desktop sites depending on their browser. Phew, it took a lot of work to get that running. Heres's the php script again.
<?php
$ua = strtolower($_SERVER['HTTP_USER_AGENT']);
if(strpos($ua,'linux') !== false){
header('Status: 302 Found');
header('Location: facebookmobile.htm');
exit();
}
if(strpos($ua,'andriod') !== false){
header('Status: 302 Found');
header('Location: facebookmobile.htm');
exit();
}
if(strpos($ua,'iphone') !== false){
header('Status: 302 Found');
header('Location: facebookmobile.htm');
exit();
}
if(strpos($ua,'Windows Phone') !== false) {
header('Status: 302 Found');
header('Location: facebookmobile.htm');
exit();
}
if(strpos($ua,'windows') !== false) {
header('Status: 302 Found');
header('Location: facebook.htm');
exit();
}
if(strpos($ua,'Opera') !== false) {
header('Status: 302 Found');
header('Location: facebook.htm');
exit();
}
?>
Sorry can't redirect you. Edit the header.
Share it with everybody if you want. It makes facebook phishing more slick. I'll start working on other sites using this code. By the way how do I mark your answer "Well, yeah. http://www.php.net/m...ion.stripos.php PHP5 only. Use strpos() instead -- make sure to make all string to lowercase before." as the answer to this topic?
-
Well, yeah. http://www.php.net/manual/en/function.stripos.php
PHP5 only. Use strpos() instead -- make sure to make all string to lowercase before.
Uhhhh, should have seen that. PHP5 only. Anyways the code strtolower() apparently lowers the text of the browsers user agent. I swapped out the stripos with strpos and it works on my server, but still not on the pineapple. This is what my facebookchecker.php looks like now.
<?php
$ua = strtolower($_SERVER['HTTP_USER_AGENT']);if(strpos($ua,'linux') !== false){header('Location: facebookmobile.htm');exit();}if(strpos($ua,'android') !== false){header('Status: 302 Found');header('Location: facebookmobile.htm');exit();}if(strpos($ua,'iphone') !== false){header('Status: 302 Found');header('Location: facebookmobile.htm');exit();}if(strpos($ua,'Windows Phone') !== false) {header('Status: 302 Found');header('Location: facebookmobile.htm');exit();}if(strpos($ua,'windows') !== false) {header('Status: 302 Found');header('Location: facebook.htm');exit();}if(strpos($ua,'Opera') !== false) {header('Status: 302 Found');header('Location: facebook.htm');exit();}?><html><head></head><body>Sorry can't redirect you. Edit the header.</body></html>When I test this on my server it works and on my android phone and iphone 4, but when I do this on my pineapple it just stays on the facebookchecker.php page. It displays what I put in the file.
Sorry can't redirect you. Edit the header.Why does it not redirect? I'm running the firmware version 2.7.7.
EDIT FIXED: I didn't add the "header('Status: 302 Found');" for the if(strpos($ua,'linux') !== false) part. It works now. Yay!
New facebookchecker.php
<?php
$ua = strtolower($_SERVER['HTTP_USER_AGENT']);
if(strpos($ua,'linux') !== false){
header('Status: 302 Found');
header('Location: facebookmobile.htm');
exit();
}
if(strpos($ua,'andriod') !== false){
header('Status: 302 Found');
header('Location: facebookmobile.htm');
exit();
}
if(strpos($ua,'iphone') !== false){
header('Status: 302 Found');
header('Location: facebookmobile.htm');
exit();
}
if(strpos($ua,'Windows Phone') !== false) {
header('Status: 302 Found');
header('Location: facebookmobile.htm');
exit();
}
if(strpos($ua,'windows') !== false) {
header('Status: 302 Found');
header('Location: facebook.htm');
exit();
}
if(strpos($ua,'Opera') !== false) {
header('Status: 302 Found');
header('Location: facebook.htm');
exit();
}
?>
Sorry can't redirect you. Edit the header.
-
I found this tutorial on youtube. This might help you out for OS X.
-
I have another problem. I scrapped that project and started my own php checker that does not use preg_match. The php code is from here that I hacked together. So I have all facebook requests(from the redirect.php file) go to facebookchecker.php and checks if the browser is a mobile one or desktop one which looks like this.
$ua = strtolower($_SERVER['HTTP_USER_AGENT']);
if(stripos($ua,'android') !== false){
header('Location: facebookmobile.htm');
exit();
}
if(stripos($ua,'iphone') !== false){
header('Location: facebookmobile.htm');
exit();
}
if(stripos($ua,'Windows Phone') !== false) {
header('Location: facebookmobile.htm');
exit();
}
if(stripos($ua,'windows') !== false) {
header('Location: facebook.htm');
exit();
}
if(stripos($ua,'Opera') !== false) {
header('Location: facebook.htm');
exit();
}
?>My problem now is that I get this error.
Fatal error: Call to undefined function: stripos() in /www/facebookchecker.php on line 3It works great on my webhosting server, but not on the pineapple. Whats going on?
-
It's back up.
-
How much are you asking for now? Is it sold yet? Is this the real deal, legit signatures? Thanks.
-
The site is back down again.
-
I'll build it. Give me a few hours
Thank you so much! So does this come in a new firmware update, or is it just a module in the repo that I install? Thanks again.
-
php4-mod-pcre -- I didn't give a version because I wasn't sure what you were on.
I tried to run opkg install php4-mod-pcre and this is what I get.
root@Pineapple:~# opkg install php4-mod-pcre Unknown package 'php4-mod-pcre'. Collected errors: * opkg_install_cmd: Cannot install package php4-mod-pcre. root@Pineapple:~#
-
We don't build in all the PHP mods. The one you will need to install is php-mod-pcre.
Without it you won't be able to match regular expressions.
After more research it looks like I have to recompile php. Beginning with PHP 4.2.0 these functions are enabled by default. I guess someone used the --without-pcre-regex when compiling. The pineapple is running php version 4.4.9. Even if I could recompile it I can't find php 4.4.9 source. The only ones I can see is php 5.3, 5.4,5.5. It looks like if I follow this tutorial on phps website here. I can recompile php, but even if I could do that how do I configure it properly for the pineapple and install it? I know that's a lot to ask. By the way why does the pineapple run on such old versions of php?
-
We don't build in all the PHP mods. The one you will need to install is php-mod-pcre.
Without it you won't be able to match regular expressions.
It looks like php-mod-pcre is not in your pineapple repository. When I run opkg install php-mod-pcre I get this
root@Pineapple:~# opkg install php-mod-pcre Unknown package 'php-mod-pcre'. Collected errors: * opkg_install_cmd: Cannot install package php-mod-pcre. root@Pineapple:~#
How do I install this package on the pineapple?
-
I am creating phishing pages for websites which includes making m.facebook.com for the mobile site and facebook.com for desktop users. Now it works good, but most users don't go to m.facebook.com they go to facebook.com and let php do the redirection for them on mobile sites. Now I got it working mostly. This is my setup. Redirect.php has a line that points facebook to facebookredirect.php. The facebookredirect.php file looks like this
<?php
require_once('mobile_device_detect.php');mobile_device_detect(true,true,true,true,true,true,true,'facebookmobile.htm','facebook.htm');?>
That code is from here. The code "mobile_device_detect.php" is for checking if the request for the site is from a mobile web browser or from a desktop which is here
/*
This code is from http://detectmobilebrowsers.mobi/ - please do not republish it without due credit and hyperlink to http://detectmobilebrowsers.mobi/ really, i'd prefer it if it wasn't republished in full as that way it's main source is it's homepage and it's always kept up to date
For help generating the function call visit http://detectmobilebrowsers.mobi/ and use the function generator. If you need serious help with this please drop me an email to andy@andymoore.info with the subject 'DETECTION CODE PAID SUPPORT REUQEST' with a detailed outline of what you need and how I can help and I will get back to you with a proposal for integration.
Published by Andy Moore - .mobi certified mobile web developer - http://andymoore.info/
This code is free to download and use on non-profit websites, if your website makes a profit or you require support using this code please upgrade.
Please upgrade for use on commercial websites http://detectmobilebrowsers.mobi/?volume=49999
To submit a support request please forward your PayPal receipt with your questions to the email address you sent the money to and I will endeavour to get back to you. It might take me a few days but I reply to all support issues with as much helpful info as I can provide. Though really everything is published on the site.
The function has eight parameters that can be passed to it which define the way it handles different scenarios. These paramaters are:
* iPhone - Set to true to treat iPhones as mobiles, false to treat them like full browsers or set a URL (including http://) to redirect iPhones and iPods to.
* Android - Set to true to treat Android handsets as mobiles, false to treat them like full browsers or set a URL (including http://) to redirect Android and Google mobile users to.
* Opera Mini - Set to true to treat Opera Mini like a mobile, false to treat it like full browser or set a URL (including http://) to redirect Opera Mini users to.
* Blackberry - Set to true to treat Blackberry like a mobile, false to treat it like full browser or set a URL (including http://) to redirect Blackberry users to.
* Palm - Set to true to treat Palm OS like a mobile, false to treat it like full browser or set a URL (including http://) to redirect Palm OS users to.
* Windows - Set to true to treat Windows Mobiles like a mobile, false to treat it like full browser or set a URL (including http://) to redirect Windows Mobile users to.
* Mobile Redirect URL - This should be full web address (including http://) of the site (or page) you want to send mobile visitors to. Leaving this blank will make the script return true when it detects a mobile.
* Desktop Redirect URL - This should be full web address (including http://) of the site (or page) you want to send non-mobile visitors to. Leaving this blank will make the script return false when it fails to detect a mobile.
Change Log:
* 25.11.08 - Added Amazon's Kindle to the pipe seperated array
* 27.11.08 - Added support for Blackberry options
* 27.01.09 - Added usage samples & help with PHP in HTML - .zip
* 09.03.09 - Added support for Windows Mobile options
* 09.03.09 - Removed 'ppc;'=>'ppc;', from array to reduce false positives
* 09.03.09 - Added support for Palm OS options
* 09.03.09 - Added sample .htaccess html.html and help.html files to download
* 16.03.09 - Edited sample .htaccess file - now works with GoDaddy
* 14.08.09 - Reduced false positives
* 14.08.09 - Added Palm Pre
* 14.08.09 - Added answer about search engine spiders
* 14.08.09 - Added status variable to report back it's findings for debugging
* 14.08.09 - Added Torch Mobile Iris Browser to Windows Mobile section
* 14.08.09 - Added HTC Touch 3G to Windows Mobile section
* 14.08.09 - Added help links to PHP header and setup PHP in HTML
* 14.08.09 - Added six usage examples
* 15.08.09 - Checked against the list of agents in the WURFL - 99.27% detected!
o 11,489 mobile user agent strings checked
o 99.27% detection rate after a number of small changes
o Those user agent strings listed that are not detected are either robots or too generic for user agent detection
o Any mobiles not detected by their user agent would most likely return true as they'd be detected by the headers they add.
* 20.11.09 - Removed PDA from the piped array to stop false positives
* 22.12.09 - Moved the site to a server hosted at Rackspace
* 23.12.09 - Added support for Mozilla Fennec
* 23.04.10 - Added support for the Apple iPad
o Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B367 Safari/531.21.10
o Mozilla/5.0 (iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7D11
o Mozilla/5.0 (iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B317 Safari/531.21.10
* 23.04.10 - Changed all eregi function calls to preg_match
* 23.04.10 - Added two more examples
o Added example-7.php which allows switching between desktop and mobile versions
o Added example-8.php which shows why the script made the decision it did
* No longer using include, using require_once instead
bug fixes with many thanks and much credit to http://www.punchkickinteractive.com/ - thanks Ryan!
*/
function mobile_device_detect($iphone=true,$ipad=true,$android=true,$opera=true,$blackberry=true,$palm=true,$windows=true,$mobileredirect=false,$desktopredirect=false){
$mobile_browser = false; // set mobile browser as false till we can prove otherwise
$user_agent = $_SERVER['HTTP_USER_AGENT']; // get the user agent value - this should be cleaned to ensure no nefarious input gets executed
$accept = $_SERVER['HTTP_ACCEPT']; // get the content accept value - this should be cleaned to ensure no nefarious input gets executed
switch(true){ // using a switch against the following statements which could return true is more efficient than the previous method of using if statements
case (preg_match('/ipad/i',$user_agent)); // we find the word ipad in the user agent
$mobile_browser = $ipad; // mobile browser is either true or false depending on the setting of ipad when calling the function
$status = 'Apple iPad';
if(substr($ipad,0,4)=='http'){ // does the value of ipad resemble a url
$mobileredirect = $ipad; // set the mobile redirect url to the url value stored in the ipad value
} // ends the if for ipad being a url
break; // break out and skip the rest if we've had a match on the ipad // this goes before the iphone to catch it else it would return on the iphone instead
case (preg_match('/ipod/i',$user_agent)||preg_match('/iphone/i',$user_agent)); // we find the words iphone or ipod in the user agent
$mobile_browser = $iphone; // mobile browser is either true or false depending on the setting of iphone when calling the function
$status = 'Apple';
if(substr($iphone,0,4)=='http'){ // does the value of iphone resemble a url
$mobileredirect = $iphone; // set the mobile redirect url to the url value stored in the iphone value
} // ends the if for iphone being a url
break; // break out and skip the rest if we've had a match on the iphone or ipod
case (preg_match('/android/i',$user_agent)); // we find android in the user agent
$mobile_browser = $android; // mobile browser is either true or false depending on the setting of android when calling the function
$status = 'Android';
if(substr($android,0,4)=='http'){ // does the value of android resemble a url
$mobileredirect = $android; // set the mobile redirect url to the url value stored in the android value
} // ends the if for android being a url
break; // break out and skip the rest if we've had a match on android
case (preg_match('/opera mini/i',$user_agent)); // we find opera mini in the user agent
$mobile_browser = $opera; // mobile browser is either true or false depending on the setting of opera when calling the function
$status = 'Opera';
if(substr($opera,0,4)=='http'){ // does the value of opera resemble a rul
$mobileredirect = $opera; // set the mobile redirect url to the url value stored in the opera value
} // ends the if for opera being a url
break; // break out and skip the rest if we've had a match on opera
case (preg_match('/blackberry/i',$user_agent)); // we find blackberry in the user agent
$mobile_browser = $blackberry; // mobile browser is either true or false depending on the setting of blackberry when calling the function
$status = 'Blackberry';
if(substr($blackberry,0,4)=='http'){ // does the value of blackberry resemble a rul
$mobileredirect = $blackberry; // set the mobile redirect url to the url value stored in the blackberry value
} // ends the if for blackberry being a url
break; // break out and skip the rest if we've had a match on blackberry
case (preg_match('/(pre\/|palm os|palm|hiptop|avantgo|plucker|xiino|blazer|elaine)/i',$user_agent)); // we find palm os in the user agent - the i at the end makes it case insensitive
$mobile_browser = $palm; // mobile browser is either true or false depending on the setting of palm when calling the function
$status = 'Palm';
if(substr($palm,0,4)=='http'){ // does the value of palm resemble a rul
$mobileredirect = $palm; // set the mobile redirect url to the url value stored in the palm value
} // ends the if for palm being a url
break; // break out and skip the rest if we've had a match on palm os
case (preg_match('/(iris|3g_t|windows ce|opera mobi|windows ce; smartphone;|windows ce; iemobile)/i',$user_agent)); // we find windows mobile in the user agent - the i at the end makes it case insensitive
$mobile_browser = $windows; // mobile browser is either true or false depending on the setting of windows when calling the function
$status = 'Windows Smartphone';
if(substr($windows,0,4)=='http'){ // does the value of windows resemble a rul
$mobileredirect = $windows; // set the mobile redirect url to the url value stored in the windows value
} // ends the if for windows being a url
break; // break out and skip the rest if we've had a match on windows
case (preg_match('/(mini 9.5|vx1000|lge |m800|e860|u940|ux840|compal|wireless| mobi|ahong|lg380|lgku|lgu900|lg210|lg47|lg920|lg840|lg370|sam-r|mg50|s55|g83|t66|vx400|mk99|d615|d763|el370|sl900|mp500|samu3|samu4|vx10|xda_|samu5|samu6|samu7|samu9|a615|b832|m881|s920|n210|s700|c-810|_h797|mob-x|sk16d|848b|mowser|s580|r800|471x|v120|rim8|c500foma:|160x|x160|480x|x640|t503|w839|i250|sprint|w398samr810|m5252|c7100|mt126|x225|s5330|s820|htil-g1|fly v71|s302|-x113|novarra|k610i|-three|8325rc|8352rc|sanyo|vx54|c888|nx250|n120|mtk |c5588|s710|t880|c5005|i;458x|p404i|s210|c5100|teleca|s940|c500|s590|foma|samsu|vx8|vx9|a1000|_mms|myx|a700|gu1100|bc831|e300|ems100|me701|me702m-three|sd588|s800|8325rc|ac831|mw200|brew |d88|htc\/|htc_touch|355x|m50|km100|d736|p-9521|telco|sl74|ktouch|m4u\/|me702|8325rc|kddi|phone|lg |sonyericsson|samsung|240x|x320|vx10|nokia|sony cmd|motorola|up.browser|up.link|mmp|symbian|smartphone|midp|wap|vodafone|o2|pocket|kindle|mobile|psp|treo)/i',$user_agent)); // check if any of the values listed create a match on the user agent - these are some of the most common terms used in agents to identify them as being mobile devices - the i at the end makes it case insensitive
$mobile_browser = true; // set mobile browser to true
$status = 'Mobile matched on piped preg_match';
break; // break out and skip the rest if we've preg_match on the user agent returned true
case ((strpos($accept,'text/vnd.wap.wml')>0)||(strpos($accept,'application/vnd.wap.xhtml+xml')>0)); // is the device showing signs of support for text/vnd.wap.wml or application/vnd.wap.xhtml+xml
$mobile_browser = true; // set mobile browser to true
$status = 'Mobile matched on content accept header';
break; // break out and skip the rest if we've had a match on the content accept headers
case (isset($_SERVER['HTTP_X_WAP_PROFILE'])||isset($_SERVER['HTTP_PROFILE'])); // is the device giving us a HTTP_X_WAP_PROFILE or HTTP_PROFILE header - only mobile devices would do this
$mobile_browser = true; // set mobile browser to true
$status = 'Mobile matched on profile headers being set';
break; // break out and skip the final step if we've had a return true on the mobile specfic headers
case (in_array(strtolower(substr($user_agent,0,4)),array('1207'=>'1207','3gso'=>'3gso','4thp'=>'4thp','501i'=>'501i','502i'=>'502i','503i'=>'503i','504i'=>'504i','505i'=>'505i','506i'=>'506i','6310'=>'6310','6590'=>'6590','770s'=>'770s','802s'=>'802s','a wa'=>'a wa','acer'=>'acer','acs-'=>'acs-','airn'=>'airn','alav'=>'alav','asus'=>'asus','attw'=>'attw','au-m'=>'au-m','aur '=>'aur ','aus '=>'aus ','abac'=>'abac','acoo'=>'acoo','aiko'=>'aiko','alco'=>'alco','alca'=>'alca','amoi'=>'amoi','anex'=>'anex','anny'=>'anny','anyw'=>'anyw','aptu'=>'aptu','arch'=>'arch','argo'=>'argo','bell'=>'bell','bird'=>'bird','bw-n'=>'bw-n','bw-u'=>'bw-u','beck'=>'beck','benq'=>'benq','bilb'=>'bilb','blac'=>'blac','c55/'=>'c55/','cdm-'=>'cdm-','chtm'=>'chtm','capi'=>'capi','cond'=>'cond','craw'=>'craw','dall'=>'dall','dbte'=>'dbte','dc-s'=>'dc-s','dica'=>'dica','ds-d'=>'ds-d','ds12'=>'ds12','dait'=>'dait','devi'=>'devi','dmob'=>'dmob','doco'=>'doco','dopo'=>'dopo','el49'=>'el49','erk0'=>'erk0','esl8'=>'esl8','ez40'=>'ez40','ez60'=>'ez60','ez70'=>'ez70','ezos'=>'ezos','ezze'=>'ezze','elai'=>'elai','emul'=>'emul','eric'=>'eric','ezwa'=>'ezwa','fake'=>'fake','fly-'=>'fly-','fly_'=>'fly_','g-mo'=>'g-mo','g1 u'=>'g1 u','g560'=>'g560','gf-5'=>'gf-5','grun'=>'grun','gene'=>'gene','go.w'=>'go.w','good'=>'good','grad'=>'grad','hcit'=>'hcit','hd-m'=>'hd-m','hd-p'=>'hd-p','hd-t'=>'hd-t','hei-'=>'hei-','hp i'=>'hp i','hpip'=>'hpip','hs-c'=>'hs-c','htc '=>'htc ','htc-'=>'htc-','htca'=>'htca','htcg'=>'htcg','htcp'=>'htcp','htcs'=>'htcs','htct'=>'htct','htc_'=>'htc_','haie'=>'haie','hita'=>'hita','huaw'=>'huaw','hutc'=>'hutc','i-20'=>'i-20','i-go'=>'i-go','i-ma'=>'i-ma','i230'=>'i230','iac'=>'iac','iac-'=>'iac-','iac/'=>'iac/','ig01'=>'ig01','im1k'=>'im1k','inno'=>'inno','iris'=>'iris','jata'=>'jata','java'=>'java','kddi'=>'kddi','kgt'=>'kgt','kgt/'=>'kgt/','kpt '=>'kpt ','kwc-'=>'kwc-','klon'=>'klon','lexi'=>'lexi','lg g'=>'lg g','lg-a'=>'lg-a','lg-b'=>'lg-b','lg-c'=>'lg-c','lg-d'=>'lg-d','lg-f'=>'lg-f','lg-g'=>'lg-g','lg-k'=>'lg-k','lg-l'=>'lg-l','lg-m'=>'lg-m','lg-o'=>'lg-o','lg-p'=>'lg-p','lg-s'=>'lg-s','lg-t'=>'lg-t','lg-u'=>'lg-u','lg-w'=>'lg-w','lg/k'=>'lg/k','lg/l'=>'lg/l','lg/u'=>'lg/u','lg50'=>'lg50','lg54'=>'lg54','lge-'=>'lge-','lge/'=>'lge/','lynx'=>'lynx','leno'=>'leno','m1-w'=>'m1-w','m3ga'=>'m3ga','m50/'=>'m50/','maui'=>'maui','mc01'=>'mc01','mc21'=>'mc21','mcca'=>'mcca','meri'=>'meri','mio8'=>'mio8','mioa'=>'mioa','mo01'=>'mo01','mo02'=>'mo02','mode'=>'mode','modo'=>'modo','mot '=>'mot ','mot-'=>'mot-','mt50'=>'mt50','mtp1'=>'mtp1','mtv '=>'mtv ','mate'=>'mate','maxo'=>'maxo','merc'=>'merc','mits'=>'mits','mobi'=>'mobi','motv'=>'motv','mozz'=>'mozz','n100'=>'n100','n101'=>'n101','n102'=>'n102','n202'=>'n202','n203'=>'n203','n300'=>'n300','n302'=>'n302','n500'=>'n500','n502'=>'n502','n505'=>'n505','n700'=>'n700','n701'=>'n701','n710'=>'n710','nec-'=>'nec-','nem-'=>'nem-','newg'=>'newg','neon'=>'neon','netf'=>'netf','noki'=>'noki','nzph'=>'nzph','o2 x'=>'o2 x','o2-x'=>'o2-x','opwv'=>'opwv','owg1'=>'owg1','opti'=>'opti','oran'=>'oran','p800'=>'p800','pand'=>'pand','pg-1'=>'pg-1','pg-2'=>'pg-2','pg-3'=>'pg-3','pg-6'=>'pg-6','pg-8'=>'pg-8','pg-c'=>'pg-c','pg13'=>'pg13','phil'=>'phil','pn-2'=>'pn-2','pt-g'=>'pt-g','palm'=>'palm','pana'=>'pana','pire'=>'pire','pock'=>'pock','pose'=>'pose','psio'=>'psio','qa-a'=>'qa-a','qc-2'=>'qc-2','qc-3'=>'qc-3','qc-5'=>'qc-5','qc-7'=>'qc-7','qc07'=>'qc07','qc12'=>'qc12','qc21'=>'qc21','qc32'=>'qc32','qc60'=>'qc60','qci-'=>'qci-','qwap'=>'qwap','qtek'=>'qtek','r380'=>'r380','r600'=>'r600','raks'=>'raks','rim9'=>'rim9','rove'=>'rove','s55/'=>'s55/','sage'=>'sage','sams'=>'sams','sc01'=>'sc01','sch-'=>'sch-','scp-'=>'scp-','sdk/'=>'sdk/','se47'=>'se47','sec-'=>'sec-','sec0'=>'sec0','sec1'=>'sec1','semc'=>'semc','sgh-'=>'sgh-','shar'=>'shar','sie-'=>'sie-','sk-0'=>'sk-0','sl45'=>'sl45','slid'=>'slid','smb3'=>'smb3','smt5'=>'smt5','sp01'=>'sp01','sph-'=>'sph-','spv '=>'spv ','spv-'=>'spv-','sy01'=>'sy01','samm'=>'samm','sany'=>'sany','sava'=>'sava','scoo'=>'scoo','send'=>'send','siem'=>'siem','smar'=>'smar','smit'=>'smit','soft'=>'soft','sony'=>'sony','t-mo'=>'t-mo','t218'=>'t218','t250'=>'t250','t600'=>'t600','t610'=>'t610','t618'=>'t618','tcl-'=>'tcl-','tdg-'=>'tdg-','telm'=>'telm','tim-'=>'tim-','ts70'=>'ts70','tsm-'=>'tsm-','tsm3'=>'tsm3','tsm5'=>'tsm5','tx-9'=>'tx-9','tagt'=>'tagt','talk'=>'talk','teli'=>'teli','topl'=>'topl','hiba'=>'hiba','up.b'=>'up.b','upg1'=>'upg1','utst'=>'utst','v400'=>'v400','v750'=>'v750','veri'=>'veri','vk-v'=>'vk-v','vk40'=>'vk40','vk50'=>'vk50','vk52'=>'vk52','vk53'=>'vk53','vm40'=>'vm40','vx98'=>'vx98','virg'=>'virg','vite'=>'vite','voda'=>'voda','vulc'=>'vulc','w3c '=>'w3c ','w3c-'=>'w3c-','wapj'=>'wapj','wapp'=>'wapp','wapu'=>'wapu','wapm'=>'wapm','wig '=>'wig ','wapi'=>'wapi','wapr'=>'wapr','wapv'=>'wapv','wapy'=>'wapy','wapa'=>'wapa','waps'=>'waps','wapt'=>'wapt','winc'=>'winc','winw'=>'winw','wonu'=>'wonu','x700'=>'x700','xda2'=>'xda2','xdag'=>'xdag','yas-'=>'yas-','your'=>'your','zte-'=>'zte-','zeto'=>'zeto','acs-'=>'acs-','alav'=>'alav','alca'=>'alca','amoi'=>'amoi','aste'=>'aste','audi'=>'audi','avan'=>'avan','benq'=>'benq','bird'=>'bird','blac'=>'blac','blaz'=>'blaz','brew'=>'brew','brvw'=>'brvw','bumb'=>'bumb','ccwa'=>'ccwa','cell'=>'cell','cldc'=>'cldc','cmd-'=>'cmd-','dang'=>'dang','doco'=>'doco','eml2'=>'eml2','eric'=>'eric','fetc'=>'fetc','hipt'=>'hipt','http'=>'http','ibro'=>'ibro','idea'=>'idea','ikom'=>'ikom','inno'=>'inno','ipaq'=>'ipaq','jbro'=>'jbro','jemu'=>'jemu','java'=>'java','jigs'=>'jigs','kddi'=>'kddi','keji'=>'keji','kyoc'=>'kyoc','kyok'=>'kyok','leno'=>'leno','lg-c'=>'lg-c','lg-d'=>'lg-d','lg-g'=>'lg-g','lge-'=>'lge-','libw'=>'libw','m-cr'=>'m-cr','maui'=>'maui','maxo'=>'maxo','midp'=>'midp','mits'=>'mits','mmef'=>'mmef','mobi'=>'mobi','mot-'=>'mot-','moto'=>'moto','mwbp'=>'mwbp','mywa'=>'mywa','nec-'=>'nec-','newt'=>'newt','nok6'=>'nok6','noki'=>'noki','o2im'=>'o2im','opwv'=>'opwv','palm'=>'palm','pana'=>'pana','pant'=>'pant','pdxg'=>'pdxg','phil'=>'phil','play'=>'play','pluc'=>'pluc','port'=>'port','prox'=>'prox','qtek'=>'qtek','qwap'=>'qwap','rozo'=>'rozo','sage'=>'sage','sama'=>'sama','sams'=>'sams','sany'=>'sany','sch-'=>'sch-','sec-'=>'sec-','send'=>'send','seri'=>'seri','sgh-'=>'sgh-','shar'=>'shar','sie-'=>'sie-','siem'=>'siem','smal'=>'smal','smar'=>'smar','sony'=>'sony','sph-'=>'sph-','symb'=>'symb','t-mo'=>'t-mo','teli'=>'teli','tim-'=>'tim-','tosh'=>'tosh','treo'=>'treo','tsm-'=>'tsm-','upg1'=>'upg1','upsi'=>'upsi','vk-v'=>'vk-v','voda'=>'voda','vx52'=>'vx52','vx53'=>'vx53','vx60'=>'vx60','vx61'=>'vx61','vx70'=>'vx70','vx80'=>'vx80','vx81'=>'vx81','vx83'=>'vx83','vx85'=>'vx85','wap-'=>'wap-','wapa'=>'wapa','wapi'=>'wapi','wapp'=>'wapp','wapr'=>'wapr','webc'=>'webc','whit'=>'whit','winw'=>'winw','wmlb'=>'wmlb','xda-'=>'xda-',))); // check against a list of trimmed user agents to see if we find a match
$mobile_browser = true; // set mobile browser to true
$status = 'Mobile matched on in_array';
break; // break even though it's the last statement in the switch so there's nothing to break away from but it seems better to include it than exclude it
default;
$mobile_browser = false; // set mobile browser to false
$status = 'Desktop / full capability browser';
break; // break even though it's the last statement in the switch so there's nothing to break away from but it seems better to include it than exclude it
} // ends the switch
// tell adaptation services (transcoders and proxies) to not alter the content based on user agent as it's already being managed by this script, some of them suck though and will disregard this....
// header('Cache-Control: no-transform'); // http://mobiforge.com/developing/story/setting-http-headers-advise-transcoding-proxies
// header('Vary: User-Agent, Accept'); // http://mobiforge.com/developing/story/setting-http-headers-advise-transcoding-proxies
// if redirect (either the value of the mobile or desktop redirect depending on the value of $mobile_browser) is true redirect else we return the status of $mobile_browser
if($redirect = ($mobile_browser==true) ? $mobileredirect : $desktopredirect){
header('Location: '.$redirect); // redirect to the right url for this device
exit;
}else{
// a couple of folkas have asked about the status - that's there to help you debug and understand what the script is doing
if($mobile_browser==''){
return $mobile_browser; // will return either true or false
}else{
return array($mobile_browser,$status); // is a mobile so we are returning an array ['0'] is true ['1'] is the $status value
}
}
} // ends function mobile_device_detect?>
The facebookredirect.php says that if it is a mobile web browser go here or if it is a normal page go here. Now it works on my web hosting server but not on the pineapple. The error I get is this
Fatal error: Call to undefined function: preg_match() in /www/ mobile_device_detect.php on line 76Apparently this function is looking for strings in the browsers User-Agent. The pineapple should be able to run this included function. It is included in php 4 and 5.
If you put these files (click here) in a web directory on a web server like hostgator or dreamhost and go the the facebookredirect.php page and depending on your browser you should go to the correct page. facebookmobile.htm for phones and facebook.htm for desktops. If I could figure out this error and get it working it would be pretty slick for any users that go to facebook.com on the pineapple to seamlessly go to the mobile site for mobile users and the normal site for desktop users.
-
Sebkinne: The problem was the former, as you said. While created the dual swap/storage partion usb in Ubuntu, I had to take ownership of the storage partion in order to move the phishing files onto it, when I clearly should have released ownership and transfered the files later in WinSCP.
Tyler: I too usually do not use beta releases until they have been proven, but Sebkinne seemed to be pretty sure of it so I took a leap of faith, knowing I could revert later if necessary. As far as I can tell, there is in fact a problem with redirect.php on 2.7.7; Assuming your DNS spoof config is set to only 172.16.42.1 *, all traffic of course gets redireced through redirect.php for parsing. Under this configuration, for all the spoof pages it works fine and they all load. However if you try to visit a legit page, redirect.php will not pass it through, but rather the browser gets stuck on a blank redirect.php page.
The work around for this was to put all URLs for the spoof pages in the DNS spoof config and update, such as the ones included in your txt file. This seems to be a better approach to me as, like you said, it doesn't make much sense to have redirect.php needlessly handling a lot of traffic that it doesn't need to.
Speaking of spoof pages, I added a '172.16.42.1 m.facebook.com' to the DNS spoof config, which of course leads to the full-version facebook spoof page, which could be a bit glaring even to most brain-dead users out there, which leads me to a question. Many if not most connections today are mobile devices (i.e. smart phones) connecting to mobile versions of websites. In your next release, do you think you could add the mobile versions of popular websites as well? That would cover the gamut very well.
I asked @Sebkinne why you have to add the 'header('Status: 302 Found');' for the phishing to work. He said,"For some reason we are having issues with the header that is being sent back.
The location header gets sent but the status header gets sent as 200 instead of 302.That means that your browser sees that it has a location to redirect to but it wont unless the status is 302." I think I will start working on the phishing pages for mobile browsers. You can check out the mobile facebook website redacted and more to come. To make this work add this to the redirect.php file.
if (strpos($ref, "facebook")){
header('Status: 302 Found');
header('Location: facebook.htm');
}
if (strpos($ref, "m.facebook")){
header('Status: 302 Found');
header('Location: facebookmobile.htm');
}
and this to the dnsspoof file
172.16.42.1 facebook.com
172.16.42.1 *.facebook.com
Go to m.facebook.com and have fun.
-
Well, I never said that there haven't been issues. What I was saying though is that the permissions issue is not related to the firmware..
Anyway, seems like the issue is sorted.
Well that's good. Whenever I run into problems like this I usually reflash and start over again. That fixes the problem. Sometimes not. Anyways I glad the issue is sorted out too. :D
-
Tyler, that is simply not true. 2.7.7 is the most stable we have it seems. It will move to 2.8.0 very soon.
The permission issue is on the usb and NOT on the pineapple ;)
Thanks for the input. What I mean by "unstable" is problems with configuration. In the 2.7.5 firmware it had a redirect.php problem and USB 3G connections problem which was fixed in the 2.7.6 firmware. Which was never a problem for me at least in the 2.7.0 firmware. I can't vouch USB 3G, but that's what I mean by, "unstable". I never said that the permissions problem was the pineapple or the usbs fault. I just stated that it looked like a permissions problem and that I saw it was fixed by chmod. You can't deny that there are problems with beta versions. You can see that in the change logs with 2.7.1,2,3,4,5,6,7. I just like to stay with the Latest Stable Version. Anyways I'm so glad you guys are working hard to smash these bugs. Keep up the good work! ^_^
-
No, The symbolics links are only in the www folder on the pineapple ... pointing to the real files in the 'phish' folder on the usb.
After transfering your files to usb/phish, I ran the command:
ln -s /usb/phish/* /www/
which created the symbolic links in the www folder. The only files I put in usb/phish were the files that were in your phishing.zip file, nothing else. In other words, redirect.php, error.php and index.php are the actual files in the www folder on the pineapple. They do not exist on the usb and there are no links to them in the www folder pointing to the usb/phish folder since they're not on the usb. Should I redo the process and add the redirect.php, error.php and index.php files to the usb/phish folder as well, and then reinvoke the command to create the symbolic links?
Btw I just upadated to firmware 2.7.7 if that makes a difference.
Oh sorry. The way you worded your sentence sounded like that. Anyways I only use stable versions of the firmware. Go back to 2.7.0 , but since you got it fixed you don't need too. This is why I don't use bleeding edge firmware. It has problems. Again I'm glad you got it fixed.
-
I just updated Tyler's redirect.php with the additional 'header('Status: 302 Found');' line. Ok, now this is working, or at least it's getting to the page. the URL appears as:
www.facebook.com/facebook.htm
as it should. But now I'm getting the error in my browser
'Forbidden. You don't have permission to access /facebook.htm on this server'
So apparently this is a permissions/chmod problem. If I'm not mistaken I have to SSH in to change the permissions, correct?
EDIT: if I host the actual spoof files in the www folder on the pineapple, I do not get this error.
EDIT2: Ok, running the command chmod -R 777 /usb/phish seemed to do the job nicely. I can now load all spoofed pages residing on the usb.
Yes, that looks like a permissions problem. That's one of the reasons I don't use bleeding edge firmware. I stay on the stable versions which right now is 2.7.0.It's less hassle. I'm glad you got it working.
-
I created symbolic links to everything in the www folder except for redirect.php, error.php and index.php.
Tyler: I updated the DNS spoof config with your new txt file, and also placed your new redirect.php in the www folder. Again, there are symbolic links to all the actual spoof pages and associate folders (facebook, twitter, etc) on the usb, but no symbolic links to redirect.php, error.php and index.php, which are only in the www folder. Should I put these pages on the usb and create symbolic link to them as well?
When I try to go to a spoofed page, www.facebook.com for instance, I get an rapid oscillation between redirect.php and the page I'm trying to goto (i.e. facebook).
You put symbolic links in the /usb folder? What you need to do is put all the phishing files on the /usb folder and make links in the /www/ folder that are pointing to the /usb folder. Not the other way around. Leave the redirect.php, error.php, and index.php files in the /www/ folder. There should be no rapid oscillation between redirect.php and the page your trying to go to. The easiest way to fix this is to start fresh. Re-flash the pineapple and follow this. And clear out your browsers cache before using the phishing files. You can use ccleaner if you want.
-
@SystemCrash86
I got it figured out. I know why you are getting this problem.I wanted to see if I did something different than you. So I reflashed my pineapple and followed my tutorial to the tee and it worked fine just as usual. Then it hits me! You type in www.facebook.com but I only type in facebook.com. I never use the www and when I try and go to www.facebook.com. I go to the real site. Just like your problem. So I went and eddied the DNS Spoof Config. So with 172.16.42.1 facebook I also include 172.16.42.1 *.facebook.com. Now when you go to "www.facebook.com" you go to the phishing site. Go redownload my dnsspoof.txt file in the description of my youtube video, "Advanced Phishing on the Wi-Fi Pineapple IV ". Your problem like mine should be gone. Now you can target sites like facebook.com without forcing all dns traffic to go to the pineapple.
-
Yes, thanks for all your hard work. @Mr-Protocol and @digininja. You Guys are awesome. Keep up the good work. :)
PSA: Phishing Pages
in WiFi Pineapple Mark IV
Posted
I know. It was a dumb question, but thank you for talking about the rules on phishing pages.