-
Posts
192 -
Joined
-
Last visited
Posts posted by daniboy92
-
-
Yes, maybe. I don't know why we can choose wlan0 for doing that things.
-
Thanks for tip.
I'm really confuse about how works PineAP, maybe someone can do a little tutorial or explanation while Darren uploads a videotutorial for this...
-
If I am right, wlan0 only can use like an AP, of course and as you say wlan1 and wlan2 (if you have an another wireless antenna) should be use to be client or use for deauth and similar actions, no matter if the infusion offers you wlan0 for that, probably you will get bad results if you use wlan0 like AP and to perform attacks. You must use wlan1 or wlan2.
-
I can install infusions in my MicroSD without problems. I don't know what it can be.
-
I proving it now and this is awesome!
It works perfectly, thanks @Smarty for your help and your ideas!
Now i can spoof any web what i want!
-
Just broke my MicroSD... F*ck shit of MicroSD :@
I'll replace it tomorrow... ¬¬
-
Wow Smarty, that's amazing man! Thanks for sharing this with me. I will try this now!
-
Thanks all! Yes, that was what i tried, looking into the html code. I get post-login action redirects to error.php, all I need is modify that fields... Actually I locate it, I proof changing it but it doesn't show in log... I need to try some different variables in these fields...
I'll post the results.
If anyone can give me more details about that words I need... It will be awesome.
-
I don't mean to be that guy but I think if you cant edit a form like Cooper suggests you probably shouldn't be trying to spoof PayPal and Facebook
Yes, yes.. I know, but i'm here to learn, that's why i ask to people who can give me ideas... I'm not a professional, i'm a newbie triying to learn something.
Thanks for your answer.
-
That's the question... I'm trying to find that code but I can't, simply I was looking for it but I can't see it...
Any clue to get websites doesn't hide email and passwords?
-
Hi,
I'm a little more near from my goal...
Now i can spoof all webs, no matter if it's ssl or not... Or if they are previously hard cached (that webs i mean).
Now, my question is: how can i get all emails and passwords from dnsspoof?
I edit the hmtl from facebook.com that i have stored and i can see all emails and passwords from victim, but other webs that actually i'm spoofing, when i fill email and passwords it doesn't show in /tmp/pineapple-phish.log... Only works with facebook.com because i modify from this tutorial
(go to 3:55 in the video to see that modifications...)For example, i want to spoof paypal.com: turn on dnsspoof, victim connects to my AP... He goes to paypal.com, put his email and password... But, i can't see it in my pineapple-phish.log... How can we get the email and passwords? This is my questions.
Actually i only see this fields with facebook.com...
Sorry for bad english.
Regards.
-
Yes!!! It works perfectly!!!
Now i can redirect all webs i want! Thanks you guys.
-
root@Pineapple:~# iptables -t nat -A PREROUTING -p tcp -dport 80 -j DNAT to-dest
ination 172.16.42.1
Bad argument `80'
Try `iptables -h' or 'iptables --help' for more information.
This is the results of:
iptables -t nat -A PREROUTING -p tcp -dport 80 -j DNAT to-destination 172.16.42.1
I can't set the IPTables rule...
-
Thanks for your quick answer KiatoGS, i will try this and summit here.
-
I'm investigating many ways to spoof a web, but unfortunately dnsspoof it's outdated... It only works with an old browser or webs that i don't have any interest to spoof...
One day, Darren writes this:These limitations could potentially be overcome with iptables rules to redirect the IP traffic rather than the DNS queries. Meaning if example.com is cached as 93.184.216.119 and you reroute that IP to 172.16.42.1 it wouldn't matter if the browser has DNS cached or not.
This is the link:
https://forums.hak5.org/index.php?/topic/33101-dnsspoof-success-rate/#entry247268
I don't know how to do this, i'm am a noob with IP Tables, i don't have how to do this...
Hope someone can help me.
Sorry for bad english. -
@King_Hrothgar and what about sites with ssl protocol? Can you spoof webs like Gmail, Hotmail, Twitter...? I'm asking you because I can't spoof sites with ssl except Facebook.
-
I mean browser's victim. Your own browser doesn't matter.
-
@factgasm: this is not realistic, but if you want to set a valid test, you need to clean it because webs previously visited has the ssl connection established, if you don't do this, you won't spoof this webs.
So... If the victim has his browser completely empty is another history. The theory is that you are using this for a spoiled hacking, with knowledge from your victim. If he don't have knowledge, obviously it's very difficult to hack them.
-
You're welcome cheeto.
Factgasm, it's very logical what are you saying... I think there is a little problem with dnsspoof functionality. I want to see a video from Darren spoofing sites like Gmail, Hotmail, Yahoo... (I don't know why I can spoof facebook.com that uses ssl but not this webs)... And spoofing multiple sites at same time, this will be interesting.
-
@cheeto I had your issue two weeks ago... Just set a Factory Reboot from Configuration menu and do all things cleanly... Even delete the DNS from the dhcp.conf file from Darren's answer. And I recommend you probe it without dnsspoof infusion. It's important that you use a browser without data like cookies, cache, history... I hope this can help you.
-
Cheeto, do have installed captive files in dnsspoof infusion? If it's installed you need to change in /etc/nginx/nginx.confOk guys I followed the instructions and still can't get it to go.
Please check out my video.
https://mega.co.nz/#!2ddFHQSS!-v-LFs3GfZ2u-7CpbvuYhKFp_XC2t1UBnsoip9aJZoA
Thanks again!!!,
cheeto
server { # php/fastcgi
listen 8080;
To:
server { # php/fastcgi
listen 80;
Try this and if it doesn't work I recommend reboot to factory settings and do all this steps again.
-
Thanks cheeto, but i can't spoof webs with ssl protection. I want to remove ssl with sslstrip and try to spoof them.
Personally I can't spoof webs like Gmail, Hotmail, PayPal, Ebay... Only Facebook that use ssl.
Tell me if you can.
-
Ok, but there is a little problem with this... It seems ssl's websites doesn't work with dnsspoof... If you read my latest post, i can spoof webs without ssl protocol, with ssl protocol only can spoof facebook.com... That is why i want to use sslstrip and dnsspoof together, because I want to remove ssl protection and then spoof the Web (yes, I try it with Gmail, Hotmail and webs like these and can't spoof it). Maybe for you works fine, probe it and summit here, I'm enjoying with these reports.THANK you guys SOOOO MUCH!
I'm at work at the moment but as soon as I get home, I'm going to apply these changes.
Regarding the index.html I don't recall my Mkv coming with it. The index.html in the www directory was put there by me. I guess I could always re-flash it to make sure everything is set to stock mode.
Here's my objective:
I want to make a fake gmail / facebook login screens and have the victim enter the credentials and have the information saved in a file. Sort of like Ghost Phisher (amazing script!!!)
Of course, this easier said than done. I assume that I will need a php script to save the credentials onto a file. Is there an easy way around this?
Given the sslstrip limitations, I think this would be the best alternative.
I'll get back to you with the results.
Thanks again guys!!!
cheeto
-
Can someone make a tutorial for use dnsspoof and sslstrip at same time?
[Community Info] All about PineAP
in WiFi Pineapple Mark V
Posted
This is a great idea ?, it's more effective for the community.