MDauer Posted December 5, 2011 Posted December 5, 2011 I am confused on how the Interface and the MKII handle phishing. I do understand that when you activate the DNS spoofing function, it takes any of the websites from the config file and then re-routes them to the website from the 'landing page' What I dont understand is how to make individual files for each site (twitter, fb, gmail, etc), and have them grab the information put in by the visitor of the site. I also dont understand how to redirect the user back to the orig website after they hit enter. Quote
nemo_nihil Posted December 6, 2011 Posted December 6, 2011 Darren talks about this in episode 911 (http://hak5.org/episodes/episode-911). There is a good breakdown on the site (http://hak5.org/hack/pineapple-phishing), but the basics of the hack is that he had a fake paywall if you went to any place other than facebook or twitter. Then the fake websites (file save page as "web page complete") are stored in /www on the pineapple and you modify it to store the username and password locally. The tutorial gives detailed information on how to do this but what I think you are asking is "how does this work" basically it works by editing the variables in the webpage to store it rather than send it. Quote
MDauer Posted December 18, 2011 Author Posted December 18, 2011 Awesome, Thanks for your help. That is what I was looking for! Quote
MDauer Posted December 18, 2011 Author Posted December 18, 2011 Darren talks about this in episode 911 (http://hak5.org/episodes/episode-911). There is a good breakdown on the site (http://hak5.org/hack/pineapple-phishing), but the basics of the hack is that he had a fake paywall if you went to any place other than facebook or twitter. Then the fake websites (file save page as "web page complete") are stored in /www on the pineapple and you modify it to store the username and password locally. The tutorial gives detailed information on how to do this but what I think you are asking is "how does this work" basically it works by editing the variables in the webpage to store it rather than send it. Is there a way to not only store the username and password but also send it at the same time. Basically, is there a way to set it up so that when the "targets" go to the fake webpage and put in their user information, the information then saves to the computer, then also inputs the UN and PW into the correct fields on the real web-page, thus limiting the chance of the target knowing he was on a fake site. Quote
TheKingUnderTheHill Posted December 20, 2011 Posted December 20, 2011 Hey, dont mean to hijack but i was wondering where the information actually gets stored on the pineapple, as in, where is the .txt/.http file with the entered details in? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.