mondrianaire Posted November 12, 2012 Share Posted November 12, 2012 I am almost finished with v0.1 of my offline phishing module. The premise of this module is simple. You set the ssid of an open wireless network (Free Public Wifi, etc.) When enabled, all requests will be forwarded to a 'walled garden' splash page. This will inform the viewer that they have limited access to only certain pages, and will give links to these pages. Every one of these pages are phishing pages that you can upload to the module (even your own!). Since all phishing pages are hosted locally, this module is intended to work all of the time, without internet access. It gives the user the impression that they are connecting to pages on the internet, yet all credentials are harvested. Another beautiful thing about this module is how little hardware it uses. I have been known to have up to 3 usb wifi cards plugged into my pineapple while using for deauth/wifi repeating etc... This module can be used with only a properly formatted flash drive, eliminating a need for a usb hub (and the extra power it consumes). I need Seb or someone at wifipineapple.com to verify me for module submission. I also would like to talk to Petertfm about this module. I have reused (embarrassingly large amounts of) his code from his RandomRoll module in this. Our modules are extremely similar in both frontend and backend. I would like to ask him a couple of questions/ get him to sign off on the parts of his code I used before making this public. I have tried to message him but he does not accept messages. Petertfm if you read this, please send me a message or an email at my uname [at] gmail. Quote Link to comment Share on other sites More sharing options...
NullNull Posted November 12, 2012 Share Posted November 12, 2012 (edited) Very good work :D Maybe an option of adding a logo or a background image in a feature release ? :) Edited November 12, 2012 by KiatoG Quote Link to comment Share on other sites More sharing options...
PineDominator Posted November 12, 2012 Share Posted November 12, 2012 Awesome I can't wait, I have been too busy to make such a module and am glad mondrianaire has made one. No prob;-) Quote Link to comment Share on other sites More sharing options...
PineDominator Posted November 13, 2012 Share Posted November 13, 2012 If your looking for a name I thought a neat name would be "Gone Phishing" Quote Link to comment Share on other sites More sharing options...
hfam Posted November 13, 2012 Share Posted November 13, 2012 VERY cool, thanks for the efforts, can't wait to try it out! This is PERFECT for using my spare MK4's...drop it with a battery and pick 'er up later! With no wifi card and no access, the power should last and last! :) Thanks again to all of you who make this project such an awesome success! Quote Link to comment Share on other sites More sharing options...
loozr Posted November 13, 2012 Share Posted November 13, 2012 This looks good! Great work! B) Just a couple of questions, what's the contents of the "Internet Access plan"? Are you sure that the facebook favicon should be used at the welcome page? And how do the url's look in the respective sites? Looking forward to se this module evolve! :) Quote Link to comment Share on other sites More sharing options...
hfam Posted November 13, 2012 Share Posted November 13, 2012 If your looking for a name I thought a neat name would be "Gone Phishing" Heya peterfm, Does that mean that your original Gone Phishing module project idea is DOA? I thought the difference between a "walled garden" approach like this and what you'd described was that Gone Phishing would be more transparent in that it would still allow Internet access (if provided) and that there was no "walled garden" approach, just redirection to the appropriate "phishing" pages, otherwise it would let the mark through to wherever? I'd still love to see a more dns-integrated, selective approach like that if it's possible. It'd be great to have the two options as in certain cases, the "walled garden" isn't practical and would cause a reasonably astute user to question why their favorite WiFi spot is suddenly locked down. Dont' get me wrong, I love this idea of "walled garden" and into the bag of tricks it goes! I just read your notion about calling *this* module "Gone Phishing" and paused to wonder if that original idea met a roadblock in some form or another. Wish I was more adept at helping code some of these modules...I feel a bit parasitic sometimes on these modules but I'm eternally grateful for all the great work you all do developing these modules for the rest of us! ;) Quote Link to comment Share on other sites More sharing options...
russeld Posted November 13, 2012 Share Posted November 13, 2012 just a suggestion could you have a radio or check box button for offline and online mode? Quote Link to comment Share on other sites More sharing options...
PineDominator Posted November 15, 2012 Share Posted November 15, 2012 Heya peterfm, Does that mean that your original Gone Phishing module project idea is DOA? I thought the difference between a "walled garden" approach like this and what you'd described was that Gone Phishing would be more transparent in that it would still allow Internet access (if provided) and that there was no "walled garden" approach, just redirection to the appropriate "phishing" pages, otherwise it would let the mark through to wherever? I'd still love to see a more dns-integrated, selective approach like that if it's possible. It'd be great to have the two options as in certain cases, the "walled garden" isn't practical and would cause a reasonably astute user to question why their favorite WiFi spot is suddenly locked down. Dont' get me wrong, I love this idea of "walled garden" and into the bag of tricks it goes! I just read your notion about calling *this* module "Gone Phishing" and paused to wonder if that original idea met a roadblock in some form or another. Wish I was more adept at helping code some of these modules...I feel a bit parasitic sometimes on these modules but I'm eternally grateful for all the great work you all do developing these modules for the rest of us! ;) The issue with passing through traffic is it doesn't work right for most sites. To collect user/pass's with live traffic we need that keylogger function. I would still like to finish my redirection module that allows u to redirect only the MACs u want. I'm having an issue finding a iptables command that will actually work? It has to be Mac based rules. If someone knows more please let me know Quote Link to comment Share on other sites More sharing options...
mondrianaire Posted November 15, 2012 Author Share Posted November 15, 2012 I'm sorry guys, ill get back on this in a day or so. Black Ops came out. Quote Link to comment Share on other sites More sharing options...
saeed662 Posted November 20, 2012 Share Posted November 20, 2012 very very nice! once completed where can i find the module? Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted November 20, 2012 Share Posted November 20, 2012 very very nice! once completed where can i find the module? On your pineapple in the infusions section. Quote Link to comment Share on other sites More sharing options...
NullNull Posted November 26, 2012 Share Posted November 26, 2012 Any updates? :) Quote Link to comment Share on other sites More sharing options...
Aprizm Posted December 3, 2012 Share Posted December 3, 2012 lol I guess the new COD game is pretty great. Quote Link to comment Share on other sites More sharing options...
--nick-- Posted December 17, 2012 Share Posted December 17, 2012 (edited) waiting too. sweet, a selector screen like whats on the random roll module would be nice for phishing pages. i mean like to have a selector screen gui for fishing pages too, one thats not random though. and somehow have more than one fishing page on at the same time. Edited December 17, 2012 by --nick-- Quote Link to comment Share on other sites More sharing options...
jermain69 Posted January 5, 2013 Share Posted January 5, 2013 I am almost finished with v0.1 of my offline phishing module. The premise of this module is simple. You set the ssid of an open wireless network (Free Public Wifi, etc.) When enabled, all requests will be forwarded to a 'walled garden' splash page. This will inform the viewer that they have limited access to only certain pages, and will give links to these pages. Every one of these pages are phishing pages that you can upload to the module (even your own!).Since all phishing pages are hosted locally, this module is intended to work all of the time, without internet access. It gives the user the impression that they are connecting to pages on the internet, yet all credentials are harvested. Another beautiful thing about this module is how little hardware it uses. I have been known to have up to 3 usb wifi cards plugged into my pineapple while using for deauth/wifi repeating etc... This module can be used with only a properly formatted flash drive, eliminating a need for a usb hub (and the extra power it consumes). I need Seb or someone at wifipineapple.com to verify me for module submission. I also would like to talk to Petertfm about this module. I have reused (embarrassingly large amounts of) his code from his RandomRoll module in this. Our modules are extremely similar in both frontend and backend. I would like to ask him a couple of questions/ get him to sign off on the parts of his code I used before making this public. I have tried to message him but he does not accept messages. Petertfm if you read this, please send me a message or an email at my uname [at] gmail. Would be really great to see this module out in the wild. When is your release date? Quote Link to comment Share on other sites More sharing options...
Scout32 Posted January 7, 2013 Share Posted January 7, 2013 This sounds like it will be a great module! This would also be great while online. One thing I've noticed though with the phishing pages and redirect.php and error.php that I have is when I was testing them out they constantly refreshed to the same phishing page. I downloaded them from hak5 and they look similar to the ones I've seen throughout the forums. Anyway, so if I'm running dnsspoof and have my host set to 172.16.42.1 facebook.com, I browse there and am met with my phishing page as expected. I enter my credentials, the page refreshes, and I'm back on the facebook.html phishing page (as expected based on the code). Have you, or anyone else, thought about checking the IP Address of the user then redirecting them to the real site if they have previously visited the phishing page? I think this would make it less suspicious that having a constantly reloading phishing page. For instance, log the requested url and ip address (or maybe check the urlsnarf log?), then IF (for instance) facebook is requested, search that user's ip address against either a log or urlsnarf's log and if they've already been served up the phishing page, redirect them to the real facebook and let them browse normally. Would this best be done with php, or javascript? i'm not 100% sure on how to do this, and what I wrote in php didn't work . I'm not very familiar with php yet; I have more experience with c++ and c#, but am still a novice at coding regardless of language. Any ideas on how this could go? I'm sure it's much more simple than what I'm thinking LOL. Either way, it would be a good addition if the module was running and internet access was available. Quote Link to comment Share on other sites More sharing options...
nov21 Posted January 11, 2013 Share Posted January 11, 2013 Aha, mondrianaire! You beat me to it! I've started coding something similar for work. So far, I've slowly churned through a friendly UI for the landing page and started on a couple of website categories. Similar to what you're doing, you'll be able to enable and disable websites you need to harvest, adding custom websites through the pineapple with only the need of a 160x160px logo, name and link. I must admit, it's good to start coding after all these years- even if the quality at which I do write is atrocious! Quote Link to comment Share on other sites More sharing options...
Tymm Posted January 17, 2013 Share Posted January 17, 2013 This looks exciting. I started thinking through what I would need to do this but recently the two w's have taken up my free time. Any how what are you using to log the harvested info? A simple log file I'm guessing? Quote Link to comment Share on other sites More sharing options...
nov21 Posted January 17, 2013 Share Posted January 17, 2013 I'm storing all my data to a log file stored in the dnsspoof directory on the USB so that the dnsspoof module will pick it up. I think I'm going to link the UI and harvesting sites once I've organised it a bit better. It's very much a mess right now! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.