Jump to content

Recommended Posts

Posted

there certainly are ways... sure that this is not the space to be asking..... perhaps one of the mods can clarify.

Posted

Is there any possible way to add the same HTML code to any web page the victim loads?

(For example add a Facebook like button that leads people to a phishing page?)

Thx,

ThatNerdinTheCorner

Is this a Pineapple related question or general question?

Posted

@Mr-Protocol

It is a pineaple question, Wouldint it be great if you coluld use your karma clients cpu power when on a page? like, for bitcoin mining or something?

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

With Google and a libary, you can be anything you want.

Posted

You could do something like DNS spoofing all domains and then load the actual domain they requested in an iframe and you can add any code to the page containing the iframe.

I don't think your Bitcoin mining has any useful pen-testing purpose though

Posted

@Mr-Protocol

It is a pineaple question, Wouldint it be great if you coluld use your karma clients cpu power when on a page? like, for bitcoin mining or something?

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

With Google and a libary, you can be anything you want.

I think you would have to give out your wallet credentials to the users in some way, which is never good.

You could do something like DNS spoofing all domains and then load the actual domain they requested in an iframe and you can add any code to the page containing the iframe.

I don't think your Bitcoin mining has any useful pen-testing purpose though

And yes, I'm pretty sure doing something like that is a form of theft. Not 100% and IANAL (I Am Not A Lawyer).

Posted

I don't think you would be able to leverage much CPU power using that method as anything you do will need to be run within the browsers limits unless you make them download something.

Posted (edited)

@Mr-Protocol

It is a pineaple question, Wouldint it be great if you coluld use your karma clients cpu power when on a page? like, for bitcoin mining or something?

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

With Google and a libary, you can be anything you want.

You can use dnsspoof to send them to browser based miner. Or maybe inject iframe using the following litecoin miner. Change the auth value to your worker if you plan to use this pool.

Edited by Mr-Protocol
Let's not encourage code to perform illegal activities.
Posted

I've been looking at something like this my self. Koto's fork of sslstrip has been modified so you can change the response, i.e. inject HTML. It also makes use of HTML5s AppCache thus attacks will continue to work even if the user has disconnected from your network. I've not got around to getting a PoC setup on the pineapple yet but I would recommend checking it out and having a play with it.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...