kurtm Posted January 30, 2012 Share Posted January 30, 2012 hi, ive successfully made phising inside the pineapple but is just a basic phishing with just 10 sites. Which just save login and passwords and shows an error. but this kind of phising is very obvious. my question is Has any one have any idea how to setup internet --> pineapple---> users then when users login for example to facebook it will capture login and passwords at the same time submits it to the real FaceBook site instead of an error so that users will not have an idea they are being phished. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 30, 2012 Share Posted January 30, 2012 That is more of a redirect than forwarding the traffic on. Maybe you can do something with redirect.php? I'm not familiar with php. Quote Link to comment Share on other sites More sharing options...
PineDominator Posted January 30, 2012 Share Posted January 30, 2012 Has any one have any idea how to setup internet --> pineapple---> users then when users login for example to facebook it will capture login and passwords at the same time submits it to the real FaceBook site instead of an error so that users will not have an idea they are being phished. The tool built into the newer mark3 firmware is called "ngrep" but I have not played around with it because there seems to be lots of bugs with ngrep. Can any one report if ngrep works as it should or is there a workaround/search string that works? http://wifipineapple.com/doku.php?id=quick_start_guide shows how to set up internet connection sharing. I would prefer linux because you can run sslstrip witch by the way will collect logins, for pen testing of course. but it seems that a new header protocol in http has made it so far impossible to strip ssl from websites that send a header specifying that ssl is required. seems firefox and chrome both make use of this.. Quote Link to comment Share on other sites More sharing options...
kurtm Posted February 1, 2012 Author Share Posted February 1, 2012 can any body share a code for a redirect which will save the login and password and after it forward to legitimate site Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.