cheeto

Make sure that you have your MKV connected to the internet. Not being connected, at least in my case, seems to make it lag.

This might help: https://forums.hak5.org/index.php?/topic/34726-howto-wps/

Our rights to privacy are practically gone. Thanks to Homeland security. (as well as other Governing bodies around the world) OK, I agree that it's important to have "some" security but to infringe on our rights of privacy? That's pretty expensive if you ask me. After 911, Our rights were lost and there is no going back too.

The problem with digital tokens is that you need to carry them around with you if you wish to access/transfer funds etc... What is rather interesting and I would assume safe is that my bank as an Android App that requires no tokens or anything of that nature. A simple user/pass is all that is needed. I think mobile phone apps are by far the safest way to go. I totally agree i8igmac, Hackers will adapt to these changes. Right now however , I think they have the upper hand.

Frankly the average user has become comfortable just using 2 or 3 passwords these days. (I know, lazy and insecure) Adding an additional step may not be in the interest of all. side note, what will happen to captive portals that require credentials in order to access? (like Evil portal) Anyway, I wouldn't be surprised if other sites follow suit. My bank requires that I access with a digital token. That's not very convenient to have to carry a token everywhere you go. I think this new process will be a hard sell.

Hey guys, I've read that Yahoo is trying to adopt a new 2 step authentication process. As a Yahoo user, I find it relativity annoying. Could this be the beginning of the end for Passwords as we know it? Take a look: http://www.theverge.com/2015/3/15/8219529/yahoo-on-demand-passwords-and-end-to-end-email-sxsw-2015

Figured it out. So I thought I'd share the solution. This is what works for me: WLAN1 UP + mon0 This combo will provide you with client info etc.... Cheers!

I don't have xfinity down here where i live. But I've been testing this infusion since its release. Up to now I can conclude: It can clone several portal sites but not all. As every portal is different, Some may require a different approach. Strip everything or uncheck everything. Since some of the portals have a very simple layout, perhaps it's easier just to save the portal's contents and manually add sud0nick's injections. This has worked for me. Well, the bottom line, Portal Auth looks very promising, its cloning process keeps getting more accurate as the newer versions surface. Feedback & error log submissions will make this infusion even better. Let's keep this feeding rolling.

Hi guys, I love this infusion! I find it very useful for any type of pentesting. My doubt however : When switching to Wlan1 - mon0, my AP's disappear. (like post #13) On the other hand, if I use Wlan0 I could then see the APs. So, my question is... Does Site Survey work with Wlan0 or Wlan1 mon0? Thanks guys!!

Is your PortalAuth crashing your MKV? Been there done that. All is fine now.

just wondering, did you try unchecking all the option in PortalAuth before trying to clone?

don't expect to see too much information on the portal injects as it's rather new. sud0nick might make a small tutorial on how to use it. But as he said, some programming skills might be necessary. I guess I'm screwed. :( As for portal auth, it's perhaps the easiest infusion out there however to use it, you need access to a portal site. I shouldn't mention any commercial name of places that have them, but they're almost anywhere from Cafe's to hotels etc..

Will the creation of injection sets require programming skills? or can it be done with photoshop --> export css?

Guys, 2.4 looks promising. I recommend giving it a try.

Looking forward to it. THX!

I think I'll wait for you video and perhaps a sample injection file. (that is if someone shares it)

i recently came across: http://www.css3maker.com/ Not sure if it could help make a proper css.

I agree that a 2nd thread should be made for Injection set related matters. Of course if it's ok with the Admin. Regarding injection sets, can someone suggest were to start?... How can we make our own? Any recommended software or page? Thanks guys!

EXACT SAME THING IS HAPPENING TO ME.

Thanks Datahead, that made a lot of sense. Now it's my understanding that ARP will not work with IPV6. (only with ipv4). Would you recommend a Evil Foca? (works on ipv4 and 6)' thanks!!!

I've done some Arp poisoning with Kali a while back. If i recall correctly, you have to choose a specific client (after performing a scan) then inject ARP posioning... But the results would be limited because of HSTS, right? (I hope im wrong) THX!!

Actually, it wouldn't be such a bad idea.... Imagine, background screen could be a search engine and on top of that we can place your splash login screen. It would be more a universal portal page......

But doesn't HSTS interfere with your findings. Like passwords?

OK I followed your instructions and went to the config window and uninstalled the dependencis. (can't beleive i didn't see that option before) After that, I went to the Pinaeapple bar and uninstalled PortalAuth. After uninstalling, I simply went to your page and followed the download/insall proceedure. Once installed, PortaAuth asked me to install the dependencies again, So I did. (was i suppose to do that? I would assume these are an updated version of the dependencies). And finally, i had to configure the server info... I used your webpage. Would it be possible to use , www.google.com instead? That's correct. Anyway, if my proccedures mentioned above are correct, I'll give it another GO tomorrow. Many thanks!!

Hey guys, As Hsts becomes wider spread, would it be correct to assume that Ettercap is becoming more limited? Let's face it a simple Google search these days is HTTPS. Thanks!