pineapples4fun
-
Posts
11 -
Joined
-
Last visited
Posts posted by pineapples4fun
-
-
Anyone else having issues with their karma/wireless after upgrading?
I see the ssid, but any attempt to join the broadcasted ssid results in a error, some platforms report a timeout error.
No other services enabled, just the pineapple broadcasting and I can't join. I enable karma but I never see any probes. So looks like something borked on my end.
-
Well, update..
I jumped over to the #twisted.web channel and a friendly twisted guru pinpointed my issue to a compiled python file. He had me remove my .pyc files for twisted and it fires right up now.
find /usb/usr/lib/python2.7/site-packages/twisted/ -name '*.pyc' -print0 | xargs -0 rm -i[/CODE]
Hopefully it helps someone else if they run into this issue.
-
Downloads.openwrt.org is back up. There is no longer a need for a mirror. Be sure to correct your openwrt.config if you have changed it to the mirror.
Server maybe up but as of 2:30 CST
root@Pineapple:~# opkg update
Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/Packages.gz.
wget: server returned error: HTTP/1.1 404 Not Found
Collected errors:
* opkg_download: Failed to download http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/Packages.gz, wget returned 1.[/CODE] -
I haven't had much luck getting it working either. Given how my sslstrip was crashing I was hoping to replace it with ettercap. No such luck..
Could you please give me some hints to how you get this plugin working?
I've tried adding a image-replace filter from this site: http://www.irongeek..../ettercapfilter
But I cant get it working.
Usually the log only states.
[1mettercap NG-0.7.3[0m copyright 2001-2004 ALoR & NaGA
[/CODE]Also when not using any filter whatsoever..
-
So while I was successful in getting ssltrip to not crash when started the workaround isn't worth while. Removing that module from http.py caused the local webserver to stop running (that handles non-management web services it appears, such as phishing).
So as a result I had to put it back and I'm in the same boat as before. This is a new install but I went ahead and did a reset, uninstalled all modules and tried again, same error.
Nobody else is getting this error? This was a fresh install running the latest firmware, downloading the latest sslstrip module from the opkg.
-
So a small update. I'm not sure what caused my error but I traced it down to http.py.
After comparing my backtrack http.py from twisted to the current I noticed a minor difference on the line that was erroring out.
Before:
# twisted imports
from twisted.internet import interfaces, reactor, protocol, address, task[/CODE]After:
[CODE]
# twisted imports
from twisted.internet import interfaces, reactor, protocol, address[/CODE]Basically I removed the importing of the task portion.
Since then, sslstrip fires up fine. While I do know python I am not familiar enough with the twisted suite to know if the task portion of the module is needed. We'll see if I get any errors.
root@Pineapple:/usb/usr/lib/python2.7/site-packages/twisted/web# sslstrip
sslstrip 0.6 by Moxie Marlinspike running...
-
I took a look at the gmail, and made it work. Only difference is that I used the Norwegian version of https://accounts.goo...erviceLoginAuth Its not the same as gmail, but it's pretty similar, and I think it might be the same way to do it.
Anywho, it seems you did quite right, but you shouldn't change the "id=" value. Only change the "name=" value. Otherwise I did the same as you.
EDIT
Just remember, it seems that both Chrome and Firefox is "hardcoded" with the address to gmail, so DNS spoof seems to not work.
Thanks for the feedback. After adjusting the id value everything worked as normal. Using your method I was able to do both gmail as well as doing a proof of concept for paypal.
The idea is, any site that uses HSTS (a small list found here: http://dev.chromium.org/sts) won't work against sslstrip. So if you're running sslstrip you might as well redirect those sites to a phishing clone.
I am not sure whats hard coded, and I haven't tried any of these sites beyone http://pineappleip/site.html
So no idea if they would work in the real world yet.
-
I am attempting to do gmail and I am running into some problems...
I followed your guide exactly, changing action which now looks like this:
<form novalidate="" id="gaia_loginform" action="error.php">
[/CODE]I then went and found the input type for username/password. Which looked like this:
[CODE]
<div class="email-div">
<label for="Email"><strong class="email-label">Username</strong></label>
<input type="email" spellcheck="false" name="Email" id="Email" value="">
</div>
<div class="passwd-div">
<label for="Passwd"><strong class="passwd-label">Password</strong></label>
<input type="password" name="Passwd" id="Passwd">
</div>
[/CODE]and updated it to this:
[CODE]
<div class="email-div">
<label for="Email"><strong class="email-label">Username</strong></label>
<input type="text" spellcheck="false" name="name" id="name" value="">
</div>
<div class="passwd-div">
<label for="Passwd"><strong class="passwd-label">Password</strong></label>
<input type="password" name="pass" id="pass">
</div>[/CODE]I'm assuming its some of the java script that is occuring later, but I am not sure how to work around it. Can someone take a crack at this and let me know what I'm missing here? Here is a copy of the entire gmail.html file. http://pastebin.com/ThRMP10g
Thanks guys!
-
is usb swap working? go to resources tab and see if it shows the block size
Here's my swap/df/usb info.
-
Having difficulty getting this module to work.
Running Firmware: 2.6.4
SSLstrip version: 2.3 (installed to USB)
I attempt to start sslstrip and it will just turn off after 20 seconds or so (from the WebUI).
I get the following error via command line:
root@Pineapple:~# /usb/usr/bin/sslstrip
Traceback (most recent call last):
File "/usb/usr/bin/sslstrip", line 27, in <module>
from twisted.web import http
File "/usb/usr/lib/python2.7/site-packages/twisted/web/http.py", line 36, in <module>
from twisted.internet import interfaces, reactor, protocol, address, task
EOFError: EOF read where object expected
[/CODE]Hopefully somebody knows a fix for this. I tried to search and have attempted a few work arounds but no such luck thus far.
Thanks
Ask** Phishing Tut
in WiFi Pineapple Mark IV
Posted
In Chrome, gmail is hard coded. You might want to try from another browser. Additionally make sure it's not cached in your dns. (e.g. try from your phone).