Jump to content


Pineapple Moderators
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by newbi3

  1. If anyone has a Mk III sitting around they don't mind parting with, I'd like to buy if from you! Let me know your price. 🙂
  2. What do you have in mind exactly? If you are wanting to show a completely random page like random roll does then not exactly. If you're wanting to show a different portal to different clients based on things like the SSID they're connected to, their mac address vendor id, hostname, target url, etc.. then Evil Portal has you covered. Checkout the information about Targeted Portals. If you have a different use case then let me know and I can see what I can do for you.
  3. If you spoof all dns to your pineapple you'll get basically everyone but obviously this isn't a good solution because you'll want clients to use the internet as normal after they go through the portal. In the long term I want to write a program that spoofs DNS conditionally but thats down the road. Right now your best bet is to improve the iptables for Evil Portal. If you end up writing better iptables please make a PR to the project https://github.com/frozenjava/EvilPortalNano
  4. Hello @whazzup, I've started working on typing up official documentation for Evil Portal that will go over everything from simple usage to implementation but its an on going effort and if I'm being honest typing up docs is my least favorite activity on earth. With that being said, I'm also planning on creating a video series that will go over the same material (I'll probably do it in parallel with writing the docs) but this will have to wait until after defcon. When clicking the authorize button the form on the page is submitted to /captiveportal/index.php (which is the file under EvilPortal/includes/api/index.php) which then will instantiate your portals MyPortal object and call the handleAuthorization method (see EvilPortal/includes/api/API.php). onSuccess is being called in the parents handleAuthorization method so you do not need to call it again assuming you're supering it (see EvilPortal/includes/api/Portal.php for default implementations) Make sure you are also removing the client from the white list in the Evil Portal module if you don't do this then EvilPortal will see that the client has already been authorized and wont show them the captive portal. You might be getting assigned a new IP 1 out of 5-10 times when you reconnect which is why you see it open up then. This is a known issue and I'm waiting on a firmware feature that should allow me to fix this easily. Try doing a hard refresh of the page by holding F5 when clicking the refresh button or manually clearing your browsers cache. I can probably set a header that says to not cache the page. I don't feel comfortable providing a username/password input form right out of the box legally. If someone needs to do that for a legitimate reason I think its reasonable to assume that they know how to write html and add inputs to a form. Hope this clears things up for you. Let me know if you have any other issues or want clarification on what I've said.
  5. Evil Portal 3.1 has been released! Change Log Added ability to write and view logs on a per-portal basis Created method writeLog($message) that writes to the portal log file Created method notify($message) that sends a notification to the web ui Added ability to download files Tab button in file editor will now insert four spaces Revamped the file editor modal Showing file sizes in the portal workbench Various quality of life improvements
  6. There are bug fixes and some minor improvements I've made but no new giant features. I was having issues getting the portal to automatically open on my test devices so I reverted to the iptables used in 2.0. You can still use the ones that were in the 2.9 beta if you run: module EvilPortal init but I'm currently not supporting this ^. I'm waiting on future firmware features that will improve the filtering but this is what we have until then.
  7. Version 3.0 has been officially released!
  8. I don't even remember if I ever got that module working. Maybe I'll finish it up after this next release of Evil Portal.
  9. It's been a long time since I've posted an update here. The next major release (version 3.0) is almost ready for release and I want to get it released by the end of this year. The last major thing left to work on is re-implementing the IP tables that handle who can and can not access the internet. This sounds like a simple task until you open the man page for iptables. With that said, I am looking for the help of a iptables wizard so if you are that person please let me know. 3.0 Ready For Testing Evil Portal 3.0 has some new features that I am really excited about that need to be tested by someone other than myself. I may have gone over these before but I will re-state them here so they are easy to find. SD Portals - Portals can now be created on or moved to SD cards easily through the web interface. They can also be moved between internal and SD storage very easily and existing portals can be migrated to the SD card with ease. Toggle Commands - These are commands that will be executed when a Portal is activated or deactivated. These commands can be edited by clicking into the portal and selecting "Toggle Commands" from the top right of the Workbench. Currently these commands are only executed when the specific portal is activated or deactivated. I could change this so that the commands are executed when Evil Portal starts/stops in-addition to its current functionality. Let me know what your preference is. Targeted Portals - A Targeted Portal is a captive portal that allows you to route clients to different pages based on implicit or explicit rules based on a clients Mac Address, SSID, Host Name, or Browsers User Agent. You can defined explicit rules to get a specific client or groups of clients or create an implicit rule defined by a regex string to cast a wider net. Clients that don't happen to match any of these rules will be routed a page called "default.php" Complete Refactor - When I was working on this release I decided that the code was to dirty to be allowed to go into production so ended up completely re-writing the module. As much as I like to think that I re-implemented everything flawlessly, there are bound to be bugs with it. You can pull this version of Evil Portal from development branch on the official Github repo: https://github.com/frozenjava/EvilPortalNano If you find bugs please create issues on github and I will address them there!
  10. I like that idea. I'll see what I can make happen.
  11. That saves me a ton of time! I noticed you are allowing and denying clients based on mac-address. From what I remember when moving away from NoDogSplash this required a kmod to be installed which wasn't compiled for the pineapples architectures at the time. Have you been able to get this to run on the pineapple?
  12. It's been a while since I've updated this thread so I thought I might as well jump in and let everyone know whats going. My schedule has cleared up a bit since its now summer here which means I actually have time to put into Pineapple things with my primary focus being Evil Portal. About 2 weeks ago I picked up working on the next version of Evil Portal and realized how much of a mess the code was. I'm honestly embarrassed to host the current version on github (I guess this is how every developer feels when looking back at their code years later). Because of this, I have decided to start a complete refactor of the application to make the code pretty and most importantly re-usable. I have left the "development" branch up containing all of the work up to where I left of developing the next version, so if you want to check out the next gen features feel free to pull that branch. All of the refactoring is currently happening in the "Nightly" branch so if you want to help test for bugs in my refactoring please pull that. If you do happen to find bugs please submit an issue on the github repo as I am far more likely to see it there and respond. Currently I finished up the Controls, Messages, and Library section of the Web UI in the refactor so if you want to help test, begin there! Here are links to the things: Refactor Branch: https://github.com/frozenjava/EvilPortalNano/tree/nightly Old 2.9 Branch: https://github.com/frozenjava/EvilPortalNano/tree/development Issues: https://github.com/frozenjava/EvilPortalNano/issues
  13. Is it not showing up in the live preview window or not showing up at I'll keep it in mind for a 3.x release. I'm not sure if it will make it in 3.0 since I'm just wanting to get it out the door and adding more features is going to delay it more and its been delayed long enough at this point.
  14. Oh, Android devices don't have the Captive Portal automatically pop up and there is nothing you can do about that. Apple devices do however.
  15. This is something that I indeed need to address and sud0nick has pointed out a partial solution for this, however it involved modifying the nginx config and thats something I'm trying to avoid doing. When I have a free day on my hands this is something I'm going to be researching and implementing. Wether or not it will make it into the 3.0 release I can't say for sure but it will definitely be in a 3.x release.
  16. Is this the beta version or the current version in the pineapple bar?
  17. Okay so I think you have a few misconceptions here that I will address first: The destination is not a destination URL that the client will be sent to after authorizing, but instead it is the destination landing page that EvilPortal will present to them. The default is default.php but you will need to make a new page for whatever your use case is. For example if I have a rule that sends all iphones to an iphone branded landing page the destination would be something like "iphones.php" or whatever you want to call it. Also, I think I addressed this in the readme but I could be wrong. In order for the SSID rules to work you need to be logging associations with PineAP. Finally, you will need to have a route to the network in order for the live preview to load and in order to see the captive portal. Let me know if you have any other issues!
  18. private function abortScan() { // this will write to a file in /tmp called does_it_work.txt // if the abortScan method is getting called then this file will exist file_put_contents("/tmp/does_it_work.txt", "this function got called!"); exec("killall -9 airodump-ng && cp -f /pineapple/api/wardrive-* /pineapple/modules/Wardriver/log/"); // give some sort of response back $this->response = array("aborted" => true); } you can also test by starting airodump and then checking if its still running from the command line after the abortScan method is called ps | grep airodump
  19. Test if your abortScan method is getting called by writing something to a file
  20. It might be working, one thing you arent doing is giving a response back. private function abortScan() { exec("killall -9 airodump-ng && cp -f /pineapple/api/wardrive-* /pineapple/modules/Wardriver/log/"); // give some sort of response back $this->response = array("aborted" => true); } and then handle the response in your JS $scope.abortScan = (function() { $api.request({ module: 'Wardriver', action: 'abortScan' }, function(response){ console.log(response); if (response.aborted) { $scope.scanning = false; } }); });
  21. You module.php file needs to implement the route() method http://wiki.wifipineapple.com/#!./creating_modules.md#module.php this method is what maps an action in the request to a function that gets called public function route() { // create a case for each possible action passed in the request switch($this->request->action) { // what happens when an "abortScan" action is requested case "abortScan": // call the abortScan method $this->abortScan(); // break the case - don't forget to do this otherwise what ever case comes next will also get called break; } }
  22. Hey nrohsakul, You can see JS errors in your browsers developer console https://developer.chrome.com/devtools https://developer.mozilla.org/en-US/docs/Tools/Browser_Console And I recommend showing PHP errors nano /etc/php.ini press crtl + w and search for "display_errors" and set it to "On" display_errors = On then restart nginx /etc/init.d/nginx restart Now your developer environment should be all good to go!
  23. Copied from the main post in this thread: OPEN BETA FOR VERSION 3.0 The next version of Evil Portal is almost ready and I would like some beta testers. If you are interested head on over to the git repo and get the development code onto your pineapple. The installation instructions are in the readme. https://github.com/frozenjava/EvilPortalNano/tree/development The new release has an entirely new type of portal called a Targeted Portal. These portals let you route clients to a specific page based on a rule such as their mac address, associated ssid, hostname, and useragent. Each one of these rules can have a set value or a regular expression value and there can be an unlimited number of set rules. You will have to create a landing page to be served to the target client(s). By default the default.php landing page will be serve to any client who doesn't match any rule. This file can be modified to how you wish. There is also a new file in the portals called helper.php which contains 3 functions: getClientMac, getClientSSID, getClientHostName these functions can be used in your portal to display information about the client to them or for whatever other purpose you have. I would like to not that for the getClientSSID function and the ssid target portal rule to work, PineAP MUST be enabled! This release has a lot of new and re-worked features that need testings so here they are: Rules and rule editing works for Targeted portals Creating Portals on an SD card (should not be allowed if there is no SD card) Moving Portals between internal and SD storage (should not be allowed if there is no SD card) Creating Targeted and Basic Portals Deleting files and portals If you are running the beta version of EvilPortal this feature already exists, if you are not running the beta version then create a symbolic link. No, this was just me planning on adding support for creating portals on the SD card but being to pressed for time when I initially created it for the nano/tetra to fully implement the feature.
  24. Nothing against you personally I just have to enforce this rule I set otherwise this topic will get way to cluttered. In the future ask all questions about programming here: https://forums.hak5.org/index.php?/forum/40-applications-amp-coding/
  25. This is the last time I'll address this here. As I have said many times: "THIS IS NOT A THREAD TO ASK FOR HELP ON WRITING HTML, PHP, OR JAVASCRIPT. THERE ARE OTHER PLACES TO LEARN TO PROGRAM OTHER THAN THIS THREAD." Going forward from here I'll be deleting posts about stuff like this. All you need to do is create a new input field in the HTML, give it a name, and then grab the data from the request and store it in a file. So in the html you would have something like this: <input type="text" name="email" placeholder="Enter an email address"> And then in the php you would get the value for "email" out of the request attribute and write it to a file file_put_contents('/path/to/file.txt', $this->request->email, FILE_APPEND); The only thing unique about this is the fact the you get variables in a request out of the request attribute of the Portal object instead of $_POST like you normally would. You should learn PHP and HTML if you want to make cool things. I can't hold everyones hand. Again please don't ask questions about how to write code. I make my tutorials on writing captive portals simple on purpose so people who don't know how to code are forced to learn how to code. Here are some links to get started: http://php.net/manual/en/reserved.variables.request.php https://www.codecademy.com/learn/php http://www.w3schools.com/html/ Again going forward I will be deleting all posts like this from this topic. The internet is full of places where you can learn to write a few lines of code.
  • Create New...