digininja Posted December 21, 2012 Share Posted December 21, 2012 Update: I think I've found the problems but need help with an iptables problem. If any of you know iptables the question is here: The module is running and serving files, there are a few tweaks and I think once this rule is sorted it should start working. For anyone interested in how it works, when all is working I'm planning to do a write up on it and how to run it on a PC as well as the Pineapple so you can set it up and play with it in an easier to play with environment. Link to comment Share on other sites More sharing options...
Whistle Master Posted December 22, 2012 Author Share Posted December 22, 2012 (edited) I will investigate the iptables issue. The module already installs all the necessary requirements to run correctly on the pineapple. EDIT: After discussions with Digininja, he found that to have the proxy working on bridged interfaces we need ebtables not iptables. He asked Seb to build a package. Edited December 28, 2012 by Whistle Master Link to comment Share on other sites More sharing options...
digininja Posted January 4, 2013 Share Posted January 4, 2013 Quick update, I'll admit I've barely touched a computer over the holiday but working on stuff again from Monday so will try to get back to it then. Link to comment Share on other sites More sharing options...
velkrosmaak Posted January 8, 2013 Share Posted January 8, 2013 Is it possible to make the v 1.1 available again until the release of v 2?I think v 2 will become pineapple's top module I second that question. Came a bit late to this party, by the time I'd read up on it the old version was taken down. Link to comment Share on other sites More sharing options...
digininja Posted January 17, 2013 Share Posted January 17, 2013 Quick update.... I've got ebtables installed and working on the device and it is intercepting traffic. Nearly there but the one small problem is that the proxy is making the request to the real site but that request is being captured and served by the local server rather than being allowed out to the real world. I'm not sure why it is doing this as everything I've read says it shouldn't but I'll keep looking into it. Link to comment Share on other sites More sharing options...
gantarone Posted January 24, 2013 Share Posted January 24, 2013 There are any news? Link to comment Share on other sites More sharing options...
Whistle Master Posted January 24, 2013 Author Share Posted January 24, 2013 Yes: it will be released when it will be ready :P Link to comment Share on other sites More sharing options...
digininja Posted January 24, 2013 Share Posted January 24, 2013 Between sick 2yr old, wife due with number 2 next week, work coming out of my ears and trying to have at least a bit of a social life I am still working on it. I keep posting little bits of info whenever I've done anything, or made a step forward, just to keep the thread alive and keep people informed that things are moving, however slowly. Link to comment Share on other sites More sharing options...
airman_dopey Posted January 24, 2013 Share Posted January 24, 2013 Congrats to you and the missus digi! Link to comment Share on other sites More sharing options...
gantarone Posted January 24, 2013 Share Posted January 24, 2013 Thanks for your answer and your hard work :) :) :) Link to comment Share on other sites More sharing options...
digininja Posted January 26, 2013 Share Posted January 26, 2013 After 4 hours of banging my head against sockets and one pile of baby puke cleaned up I think I've got it working! I've not had chance to test the injection properly but the proxying is fully working in bridge mode and traffic is flowing well enough to browse through. I've only got a phone as a test client at the moment so no view source to check things are going in to the write places. Tomorrow night (actually tonight, its 1AM) I'll get a second laptop out and prove things are working. Remove the reams of debug code, optimize whats left and, if everything is working as I hope, I'll get it packaged up. Link to comment Share on other sites More sharing options...
deviney Posted January 26, 2013 Share Posted January 26, 2013 Cant wait to see this! I am a bit gutted tho because i spent the last 2 days making a few phishing pages (i know it would probably take you guys ten minuets, you probably have software to make the page for you) now there all ready you bring this to the table haha. GOOD STUFF THO! Link to comment Share on other sites More sharing options...
digininja Posted January 26, 2013 Share Posted January 26, 2013 You can still use them, but even if you don't you've probably learnt something from doing it so it wasn't time wasted Link to comment Share on other sites More sharing options...
digininja Posted January 26, 2013 Share Posted January 26, 2013 And it works!!! Tidying up and then passing to WM to sort out the module. I'm going to write up exactly how it works on my blog sometime next week. I've also got ideas on how to make this better so there will be a version 2 along some time in the near future. Link to comment Share on other sites More sharing options...
digininja Posted January 26, 2013 Share Posted January 26, 2013 While I remember I'm going to post this link here: https://dev.openwrt.org/ticket/9873 With the Ruby install that comes on the Pineapple you will get the following error making HTTP requests: ruby: can't resolve symbol 'getipnodebyname' The link above has the solution, basically you grab the file socket.so from the 1.9.1 build of ruby-core and overwrite the one that is on the Pineapple. Link to comment Share on other sites More sharing options...
digininja Posted January 27, 2013 Share Posted January 27, 2013 For those who are interested, and can't wait for WM to put all this into a module you can grab the files directly from my site: www.digininja.org/files/working_keylogger.tar.bz2 This isn't a working module, it is a bunch of files that you have to manually work with but if you are interested then here are some instructions: Install ruby, ruby-core, libruby and all associated dependencies Follow the instructions in the link on my last post to patch ruby. Basically copy the socket.so file into the right directory Put k.php and k.js into the /www directory and make a directory called capture. Check you can browse to them The script start_ruby sets up a few environment variables, run this or ruby won't work The script start_tables does the interception magic and hijacks all traffic on port 80, redirecting it to localhost 8008 Start the proxy. It has various command line options, run with -h to see them. I'd suggest running it to start with with -v to see what is going on. That should get you a running keylogger. Captured keys are dumped into files in /www/capture I might have missed something here but if you are considering trying this then you probably know enough to be able to debug things. It isn't really that hard now I've got it working. I'll do a full write up later. Link to comment Share on other sites More sharing options...
Shark3y Posted January 27, 2013 Share Posted January 27, 2013 Awesome! I had been attempting this myself the other day and I had a functioning keylogger, however I was running into issues properly injecting it into pages without messing up the pages (or taking FOREVER). lulz. Great work. Link to comment Share on other sites More sharing options...
Whistle Master Posted January 27, 2013 Author Share Posted January 27, 2013 I'm packaging the changes into the module right now :P Link to comment Share on other sites More sharing options...
digininja Posted January 27, 2013 Share Posted January 27, 2013 Update... WM created the module but had problems getting it working so I've been working with Seb tonight and we are nearly there. We've fixed a few bugs in the proxy and found a technical problem but one that should be easy to fix. We will keep working on it and let you know when done. Link to comment Share on other sites More sharing options...
digininja Posted January 31, 2013 Share Posted January 31, 2013 For those who haven't spotted it, the module is now live. Please post all questions and bugs to the new thread. http://forums.hak5.org/index.php?/topic/28666-keylogger-module-release/ Link to comment Share on other sites More sharing options...
Recommended Posts