MDauer Posted December 5, 2011 Share Posted December 5, 2011 I am confused on how the Interface and the MKII handle phishing. I do understand that when you activate the DNS spoofing function, it takes any of the websites from the config file and then re-routes them to the website from the 'landing page' What I dont understand is how to make individual files for each site (twitter, fb, gmail, etc), and have them grab the information put in by the visitor of the site. I also dont understand how to redirect the user back to the orig website after they hit enter. Quote Link to comment Share on other sites More sharing options...
nemo_nihil Posted December 6, 2011 Share Posted December 6, 2011 Darren talks about this in episode 911 (http://hak5.org/episodes/episode-911). There is a good breakdown on the site (http://hak5.org/hack/pineapple-phishing), but the basics of the hack is that he had a fake paywall if you went to any place other than facebook or twitter. Then the fake websites (file save page as "web page complete") are stored in /www on the pineapple and you modify it to store the username and password locally. The tutorial gives detailed information on how to do this but what I think you are asking is "how does this work" basically it works by editing the variables in the webpage to store it rather than send it. Quote Link to comment Share on other sites More sharing options...
MDauer Posted December 18, 2011 Author Share Posted December 18, 2011 Awesome, Thanks for your help. That is what I was looking for! Quote Link to comment Share on other sites More sharing options...
MDauer Posted December 18, 2011 Author Share Posted December 18, 2011 Darren talks about this in episode 911 (http://hak5.org/episodes/episode-911). There is a good breakdown on the site (http://hak5.org/hack/pineapple-phishing), but the basics of the hack is that he had a fake paywall if you went to any place other than facebook or twitter. Then the fake websites (file save page as "web page complete") are stored in /www on the pineapple and you modify it to store the username and password locally. The tutorial gives detailed information on how to do this but what I think you are asking is "how does this work" basically it works by editing the variables in the webpage to store it rather than send it. Is there a way to not only store the username and password but also send it at the same time. Basically, is there a way to set it up so that when the "targets" go to the fake webpage and put in their user information, the information then saves to the computer, then also inputs the UN and PW into the correct fields on the real web-page, thus limiting the chance of the target knowing he was on a fake site. Quote Link to comment Share on other sites More sharing options...
TheKingUnderTheHill Posted December 20, 2011 Share Posted December 20, 2011 Hey, dont mean to hijack but i was wondering where the information actually gets stored on the pineapple, as in, where is the .txt/.http file with the entered details in? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.