[HSTS bypass and SSL stripping]

Salatrip+ was incorporated into MITMf a while ago, along with a dns server. When I tried using it to mitm my home network, hsts still prevailed. No logins, https at the top of all the pages.

Can someone explain how bettercap is different?

As far as i can tell, it has active support which i guess is supposed to raise its reliability. However, ive had similar results trying to mitm on my home network too. It properly sniffs all http-https connections, but fails to strip them and constantly drops my 'clients'. However i believe the last problem is my wireless cards fault.

[HSTS bypass and SSL stripping]

Now all i need to do is find a tut on installing bettercap on to my pineapple-nano, then maybe portable mitm will actually be easy again

Been toying around with this for a while, cant get it to ssl strip any connections I give it. I hope someone makes a tut of some kind on how to just use the thing

[HSTS bypass and SSL stripping]

Now all i need to do is find a tut on installing bettercap on to my pineapple-nano, then maybe portable mitm will actually be easy again

[[Support] Portal Auth]

The current release is a stable release.

You can absolutely do this, however, you will not be able to clone the database that contains the expected usernames and passwords. If that were the case we wouldn't need to trick the user (except to maybe get a plaintext version of a hashed password). The demonstration you are talking about shows a special injection set I created to grant users an access key to further portray a valid captive portal. The .exe they download to get that key executes a root shell on their system so you can access it. This functionality is not dependent upon any particular captive portal and can even be used on a cloned website.

You can definitely clone the portal pictured in your post and use that to get the user's credentials. However, Portal Auth will not automatically send those credentials to the original portal so you will have to first authenticate your Pineapple on that AP or by some other means (i.e. 3G/4G modem) to give your target users internet access after they give you their credentials.

Thanks,

From knowledge ive gathered, all passwords for the portal I plan to clone are all 6 chars long, and are a mix of random numbers and letters. (users are a mix of the persons first and last name so brute forcing isnt an option)

Im sure its possible to put some extra java in there that keeps them on the page if the password entered isnt exactly 6 chars long.

That will hopefully prevent any wrong passwords being entered, or ITs attempting to inspect the portal by entering random info.

[[Support] Portal Auth]

This is a very interesting infusion and im looking forward to its first stable version.

Just wanted to confirm something;

Is it possible or at least planed to use this infusion to clone and harvest unique password/username based portals?

I saw your demonstration from the pineapple 5 where you cloned a Starbucks portal that would require a user to get a password from a downloaded exe.

My question is, could you clone something along the line of an offices's internet filter or a collage university portal. A portal that everyone has their own username and password to.

And gather their username/password then push them to the web. The portal would have to look exactly like the original with just the 2 text boxes, without any popups as not to raise any red flags from IT admins who might get pulled onto the network by pineAP. (that would be a red flag in itself)

Example:

<spoiler> <--- i have no idea how these work

</spoiler>