TheNerdinTheCorner Posted December 8, 2013 Posted December 8, 2013 Is there any possible way to add the same HTML code to any web page the victim loads? (For example add a Facebook like button that leads people to a phishing page?) Thx, ThatNerdinTheCorner Quote
zz2Fac3zz Posted December 8, 2013 Posted December 8, 2013 In this life there is nothing but possibilities. Your welcome, Thatdudeonastool Quote
Z4ub4d3 Posted December 8, 2013 Posted December 8, 2013 there certainly are ways... sure that this is not the space to be asking..... perhaps one of the mods can clarify. Quote
Mr-Protocol Posted December 8, 2013 Posted December 8, 2013 Is there any possible way to add the same HTML code to any web page the victim loads? (For example add a Facebook like button that leads people to a phishing page?) Thx, ThatNerdinTheCorner Is this a Pineapple related question or general question? Quote
TheNerdinTheCorner Posted December 8, 2013 Author Posted December 8, 2013 @Mr-ProtocolIt is a pineaple question, Wouldint it be great if you coluld use your karma clients cpu power when on a page? like, for bitcoin mining or something? -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- With Google and a libary, you can be anything you want. Quote
Dazzle Posted December 9, 2013 Posted December 9, 2013 You could do something like DNS spoofing all domains and then load the actual domain they requested in an iframe and you can add any code to the page containing the iframe. I don't think your Bitcoin mining has any useful pen-testing purpose though Quote
Mr-Protocol Posted December 9, 2013 Posted December 9, 2013 @Mr-Protocol It is a pineaple question, Wouldint it be great if you coluld use your karma clients cpu power when on a page? like, for bitcoin mining or something? -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- With Google and a libary, you can be anything you want. I think you would have to give out your wallet credentials to the users in some way, which is never good. You could do something like DNS spoofing all domains and then load the actual domain they requested in an iframe and you can add any code to the page containing the iframe. I don't think your Bitcoin mining has any useful pen-testing purpose though And yes, I'm pretty sure doing something like that is a form of theft. Not 100% and IANAL (I Am Not A Lawyer). Quote
tom564 Posted December 9, 2013 Posted December 9, 2013 I don't think you would be able to leverage much CPU power using that method as anything you do will need to be run within the browsers limits unless you make them download something. Quote
DyFukA Posted December 10, 2013 Posted December 10, 2013 (edited) @Mr-Protocol It is a pineaple question, Wouldint it be great if you coluld use your karma clients cpu power when on a page? like, for bitcoin mining or something? -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- With Google and a libary, you can be anything you want. You can use dnsspoof to send them to browser based miner. Or maybe inject iframe using the following litecoin miner. Change the auth value to your worker if you plan to use this pool. Edited December 10, 2013 by Mr-Protocol Let's not encourage code to perform illegal activities. Quote
eth0 Posted December 17, 2013 Posted December 17, 2013 I've been looking at something like this my self. Koto's fork of sslstrip has been modified so you can change the response, i.e. inject HTML. It also makes use of HTML5s AppCache thus attacks will continue to work even if the user has disconnected from your network. I've not got around to getting a PoC setup on the pineapple yet but I would recommend checking it out and having a play with it. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.