tylerjw Posted November 22, 2014 Share Posted November 22, 2014 (edited) I'm trying to setup the xfinity pineapple deal using evil portal and on the splash page the link goes to $authtarget. How do I set this variable to point at the xfinity page on my pineappe (/www/x/index.html)? I got this working by setting the redirect option in the evil portal to http://172.16.42.1/x/index.html Now I'm just trying to figure out how to get the images to load on the splash page. Got the images working by downloading them and putting them in the images directory under /etc/nodogsplash/htdocs/images/ then changed the url of the links to have the root of $imagesdir that way I can even run this attack completely offline. Has anyone figured out how do check if the client is on a mobile device to serve the mobile version if they are? Is there an easy way to make the browser show the url as the one comcast uses instead of the one including the ip address? Lastly, how would I go about setting it up to serve over SSL so it appears to be secure? Edited November 22, 2014 by tylerjw Quote Link to comment Share on other sites More sharing options...
newbi3 Posted November 22, 2014 Share Posted November 22, 2014 As far as mobile goes: http://stackoverflow.com/questions/11381673/detecting-a-mobile-browser The portal will appear to be any url that they tried to go to. If you don't want that you could use some DNS spoof and then redirect them to your spoofed url and that should work fine As far as SSL goes I don't see anyway to set it up for NoDogSplash but even if there was it would be a self signed cert so it would give people warnings and thats just messy Quote Link to comment Share on other sites More sharing options...
tylerjw Posted November 24, 2014 Author Share Posted November 24, 2014 (edited) Thank you for the response. As far as the self signed cert, there are plenty of legitimate portals that use them (not comcast). For example the college I went to used them for the portal on their student wifi. I know it's almost pointless and causes annoyance to the user but it'd be nice to know how to implement it since there are situations where the user expects it. I was in the army and saw many cases where self signed certs were used on internal networks within the army. Edited November 24, 2014 by tylerjw Quote Link to comment Share on other sites More sharing options...
newbi3 Posted November 24, 2014 Share Posted November 24, 2014 Thank you for the response. As far as the self signed cert, there are plenty of legitimate portals that use them (not comcast). For example the college I went to used them for the portal on their student wifi. I know it's almost pointless and causes annoyance to the user but it'd be nice to know how to implement it since there are situations where the user expects it. I was in the army and saw many cases where self signed certs were used on internal networks within the army. That makes me kinda sad 0.o Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.