Jump to content

Phishing Help


Recommended Posts

I am confused on how the Interface and the MKII handle phishing.

I do understand that when you activate the DNS spoofing function, it takes any of the websites from the config file and then re-routes them to the website from the 'landing page'

What I dont understand is how to make individual files for each site (twitter, fb, gmail, etc), and have them grab the information put in by the visitor of the site. I also dont understand how to redirect the user back to the orig website after they hit enter.

Link to comment
Share on other sites

Darren talks about this in episode 911 (http://hak5.org/episodes/episode-911). There is a good breakdown on the site (http://hak5.org/hack/pineapple-phishing), but the basics of the hack is that he had a fake paywall if you went to any place other than facebook or twitter. Then the fake websites (file save page as "web page complete") are stored in /www on the pineapple and you modify it to store the username and password locally. The tutorial gives detailed information on how to do this but what I think you are asking is "how does this work" basically it works by editing the variables in the webpage to store it rather than send it.

Link to comment
Share on other sites

  • 2 weeks later...

Darren talks about this in episode 911 (http://hak5.org/episodes/episode-911). There is a good breakdown on the site (http://hak5.org/hack/pineapple-phishing), but the basics of the hack is that he had a fake paywall if you went to any place other than facebook or twitter. Then the fake websites (file save page as "web page complete") are stored in /www on the pineapple and you modify it to store the username and password locally. The tutorial gives detailed information on how to do this but what I think you are asking is "how does this work" basically it works by editing the variables in the webpage to store it rather than send it.

Is there a way to not only store the username and password but also send it at the same time. Basically, is there a way to set it up so that when the "targets" go to the fake webpage and put in their user information, the information then saves to the computer, then also inputs the UN and PW into the correct fields on the real web-page, thus limiting the chance of the target knowing he was on a fake site.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...