Jump to content

xfinity nodogsplash page authtarget link


tylerjw

Recommended Posts

I'm trying to setup the xfinity pineapple deal using evil portal and on the splash page the link goes to $authtarget. How do I set this variable to point at the xfinity page on my pineappe (/www/x/index.html)?

I got this working by setting the redirect option in the evil portal to http://172.16.42.1/x/index.html

Now I'm just trying to figure out how to get the images to load on the splash page.

Got the images working by downloading them and putting them in the images directory under /etc/nodogsplash/htdocs/images/ then changed the url of the links to have the root of $imagesdir that way I can even run this attack completely offline.

Has anyone figured out how do check if the client is on a mobile device to serve the mobile version if they are?

Is there an easy way to make the browser show the url as the one comcast uses instead of the one including the ip address?

Lastly, how would I go about setting it up to serve over SSL so it appears to be secure?

Edited by tylerjw
Link to comment
Share on other sites

As far as mobile goes: http://stackoverflow.com/questions/11381673/detecting-a-mobile-browser

The portal will appear to be any url that they tried to go to. If you don't want that you could use some DNS spoof and then redirect them to your spoofed url and that should work fine

As far as SSL goes I don't see anyway to set it up for NoDogSplash but even if there was it would be a self signed cert so it would give people warnings and thats just messy

Link to comment
Share on other sites

Thank you for the response. As far as the self signed cert, there are plenty of legitimate portals that use them (not comcast). For example the college I went to used them for the portal on their student wifi. I know it's almost pointless and causes annoyance to the user but it'd be nice to know how to implement it since there are situations where the user expects it. I was in the army and saw many cases where self signed certs were used on internal networks within the army.

Edited by tylerjw
Link to comment
Share on other sites

Thank you for the response. As far as the self signed cert, there are plenty of legitimate portals that use them (not comcast). For example the college I went to used them for the portal on their student wifi. I know it's almost pointless and causes annoyance to the user but it'd be nice to know how to implement it since there are situations where the user expects it. I was in the army and saw many cases where self signed certs were used on internal networks within the army.

That makes me kinda sad 0.o

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...