Jump to content

xfinity Pineapple


KenPC

Recommended Posts

Has anyone gotten this to work correctly?

http://blog.logrhythm.com/security/xfinity-pineapple/

I followed the steps

1.) scp the landing page files to /www/x

2.) configure EvilPortal

3.) add the nodogsplash

and when I connect is correctly takes me to the splash but no Images (only text) is shown.

So my question, How do I point everything to the www/x directory so the splash is displayed correctly for clients and the correct logging is done as it is explained on the link above?

ie. Takes user to sign in page>user tries to log in>tells user that the user/pass is incorrect> user attempts to log in again> user proceeds to internet with both login attempts recorded on auth.log

Source:

http://speedy.sh/79Dqk/xfinity-pineapple-master.zip
Edited by KenPC
Link to comment
Share on other sites

Well I haven't looked at the source code but since the tutorial was using an old version of EP the port for the webserver in /www is probably set to 8080 which should be changed to 80 in the code

Link to comment
Share on other sites

Hey that's a cool find.. Thanks for sharing.

Has anyone gotten this to work correctly?

http://blog.logrhythm.com/security/xfinity-pineapple/

I followed the steps

1.) scp the landing page files to /www/x

2.) configure EvilPortal

3.) add the nodogsplash

and when I connect is correctly takes me to the splash but no Images (only text) is shown.

So my question, How do I point everything to the www/x directory so the splash is displayed correctly for clients and the correct logging is done as it is explained on the link above?

ie. Takes user to sign in page>user tries to log in>tells user that the user/pass is incorrect> user attempts to log in again> user proceeds to internet with both login attempts recorded on auth.log

Source:

http://speedy.sh/79Dqk/xfinity-pineapple-master.zip
Link to comment
Share on other sites

I experimented a bit with this and was able to get it to work. Didn't have to really change much. I did have some settings updated in the nodogsplash conf also. I would have to check on what they were exactly.

The only issue i really saw was that on the initial screen that said click here to connect... the image being loaded did not display correctly.

Link to comment
Share on other sites

Doesn't work for me i've been trying to figure it out myself was wanting to do a video on it for my youtube channel problem i had was when i take a computer to the page you see the comcast page as soon as i click the sign it takes me to the website i was trying to visit say when i open Google.com takes to me the xfinity login page i click the button i never get taken to a page to enter the login info just takes me straight to google now when i try to go on them devices it no longer asks me to sign in or anything also i notice in the source code its showing a comcast IP i gave and haven't messed with it since got tried of playing around with it.

Edited by ZaraByte
Link to comment
Share on other sites

I experimented a bit with this and was able to get it to work. Didn't have to really change much. I did have some settings updated in the nodogsplash conf also. I would have to check on what they were exactly.

The only issue i really saw was that on the initial screen that said click here to connect... the image being loaded did not display correctly.

Could you send me that config file when you get a chance? I don't have the time at the moment to mess with this but I'll see what I can do about including an auto-config option for this in the next release of Evil Portal.

Link to comment
Share on other sites

Hey newbi3,

I'll have to start up that pineapple. I'll try to get it to you in the next day or so.

You just need the nodogsplash.conf file, because there is the actual splash screen that goes in the nodogsplash install directory and then the site you get redirected after in the /www/x/ directory.

Link to comment
Share on other sites

  • 3 weeks later...

I to this day have never managed to get this working was gonna make a video on this i swear comcast did some changes to their portal they have problems i had was when i'd click the sign in it would just redirect me to pass thru without ever putting my a username or password.

Also i notice to that even thou i have the files in the folder with the splash.html the page loads but its missing like the CSS and stuff i did place the folder with the css into the htdocs with the splash.html shows a messed up page.

Link to comment
Share on other sites

FYI, a friend of mine just pointed out that Darren put together a great video on how to deploy this attack using DNSSpoof. Thanks Darren, I hadn't seen this until now. :-)

Also, I put together a presentation on this topic which shows a screenshot of the form processor (the only somewhat difficult piece of this attack). This will allow you to re-create this and similar popular captive portals. The updated form processor also allows for pass-through of users once they 'authenticate'. I cannot post the updated code for obvious reasons, but you should be able to re-create it using Darren's video and my slides...

http://www.slideshare.net/heinzarelli/wifi-hotspot-attacks

Link to comment
Share on other sites

I to this day have never managed to get this working was gonna make a video on this i swear comcast did some changes to their portal they have problems i had was when i'd click the sign in it would just redirect me to pass thru without ever putting my a username or password.

Also i notice to that even thou i have the files in the folder with the splash.html the page loads but its missing like the CSS and stuff i did place the folder with the css into the htdocs with the splash.html shows a messed up page.

After you copy the code comcast has 0 control over changes you make the HTML so even if they did change something you can read through it and modify it to do what you want.

There may be copy right issues doing this though and since comcast is satans ISP I'd be careful doing anything

Link to comment
Share on other sites

Hey hows it goin? this is a long shot, but i am looking for the xfinity pineapple source's seeing that the GIT is gone, if you by chance still have the package laying around? if so, would you mind uploading to say maybe zippyshare, mediafire, or site like such? thank you in advance and have a great day! cheers! send me a pm with details :)

Nevermind ;)

Edited by datahead
Link to comment
Share on other sites

I tried mine the other day again to make sure it works and it does!

Comcast can't control what occurs on those pages as they are hosted on your own device. Let me know what info you guys need if you require any details.

Uhhh what settings are you using with Dog Splash configuration cause everytime i test it when i click the sign it button it doesn't ask me to login takes me straight to the website i was trying to access before the splash.

Also where are you placing the files are they in the same folder as the dog splash folder htdocs or did you like setup like /www/x/ and redirect.

Edited by ZaraByte
Link to comment
Share on other sites

  • 2 months later...

Hi All,

It is an old thread but in case some people still have a problem making it work, this is what I have done to get the nodogsplash working.

0. The original splash page

You can edit that orginal splash page in the Web Gui or in /etc/nodogsplash/htdocs

You can make it look like a specific ISP if you want or, my preference, just a generic one.

This page will be the Splash page, telling the customer they are about to enter a free wifi zone.

Any images needs to be referenced by $imagesdir/filename.png

and $imagesdir = /etc/nodogsplash/htdocs/images/

My experience, is that for nodogsplash to block the customer/client, make it click on something (link or the dog picture), and THEN allow it to access the internet, that link must retain the "$authtarget" variable.

I tried to get the user_login.php to load directly from the /etc/nodogsplash/htdocs/splash.html but that did not work...

So instead, I kept the original splash page and made it look more "professional"/legit.

The problem is that after the client clicks on the splash page links it then gets to the page he/she wanted to go... without being prompted for his credentials. This is where the next steps comes in.

0 Edit the nodogsplash config file in the Web GUI or in an SSH session:
/etc/nodogsplash/nodogsplash.conf
to force user to the "improved" splash/auth page in /www directory of the pineapple
it means the original splash page still has the "$authtarget" reference, but the client does not get redirected to his/her original page, instead they now get a page asking them to authenticate them.
You can model that page on the example given in the first post.
Or you can build a very simple HTML page with a form asking for username and password.
Create a logo with the ISP you are targeting, or let them choose what mobile network they want to use from a drop down list! :)
Call the user_login.php script when then submit the form
Et voila... their credentials will be saved in /www/auth.log
The remaining problem is what do you do after they submited their credentials?
Go to the next step
3. Create a succes page.
The problem is that I couldn't get $authtarget to work outside of the original splash.html page. I don't think that "variable" gets propagated through the linked pages, so I had to settle with a generic success page.
Just created a success.html page stating that they now have access to the internet
and call it from the last user_login.php script. (if you are using several, i.e. 2x as per the original example).
4.Go!
Enable nodogsplash from the web gui, set it to autostart, check the /www/auth.log from time to time :)
So it is not perfect, and it does feel a bit like a work around...
There is probably other options in nodogsplash so you can run user_login.php directly from the /etc/nodogsplash/htdocs and directly referenced from splash.html
There is also probably a way to pass on the $authtarget to the different web page you are calling.
But that's a way to make it work... quick and dirty :)
Hope it helps some of you.
Link to comment
Share on other sites

Hi again,

In case people want the files I used, here is a fairly simple version:

https://app.box.com/s/1haizi1c5lfvcjl24krdhkrvnj21kta9

There is a README file explaining what to do:

copy the files/directory from that archive to your pineapple.

1.sd card

copy all the content of sdcard_files/ to /sd/web/

ln -s /sd/web/* /www/

2.copy nodog/ in /tmp/

3./etc/nodogsplash/htdocs/

replace the splash.html with the /tmp/nodog/splash.html

4./etc/nodogsplash/nodogsplash.conf

redirectURL to http://172.16.42.1/myevilpage.html

to force user to the "improved" splash/auth page in /www of the pineapple

5.Go!

Enable nodogsplash from the web gui, set it to autostart, check the /sd/web/auth.log from time to time :)

Bugs.

Link to comment
Share on other sites

_bugs_, this is not an issue getting evil portal to work, this is an issue with a specific portal the had been given to the public for download. Xfinity Pineapple, a custom page to mimic Xfinity Wifi and capture credentials. It doesn't seem to work out of the box following directions.

Link to comment
Share on other sites

  • 1 month later...

I put together some sample captive portals in an open Github repo a couple months back. The /pineapple/ directory highlights some of the unique config items that are necessary when creating a captive portal on the Pineapple. This will allow you to use nodogsplas as intended, but also capture credentials and pass the victim through seamlessly. You can take the key content-items from here and apply this to just about any captive portal concept.

https://github.com/gfoss/misc/blob/master/Wireless/Captive-Portals

Hope this helps!

Link to comment
Share on other sites

What are the legal ramifications of being caught cloning xfinity portal and collecting login credentials? I know that legal questions usually require input from a lawyer, and I'm sure we have none available to answer, so I'm just curious to understand the ballpark legal perspective of being an impostor.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...