sud0nick Posted January 31, 2015 Author Share Posted January 31, 2015 So far it seems this version is working out quite better than the previous versions. Cheeto was able to clone a portal successfully and the auto authentication function worked too! I'm sure we will still run into some cases where something doesn't work in a particular environment but please make sure you are looking at the Element Tags field in the config tab if Portal Auth is unable to authenticate. These tags are used to build the POST and GET requests that authenticate the Pineapple with the AP. If you find an element in the source code of the portal that is used for authentication you must ensure it is listed in the Element Tags field. You can read the associated help file for more information. Please keep submitting any bugs here as this process has obviously worked so far in making Portal Auth a better infusion. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 31, 2015 Author Share Posted January 31, 2015 I created a page on my website this morning for Portal Auth. It describes the basic functions of the infusion and has a tutorial video on it for cloning portals. http://www.puffycode.com/extracode.php?appName=PortalAuth Quote Link to comment Share on other sites More sharing options...
cheeto Posted January 31, 2015 Share Posted January 31, 2015 Very nicely done. Quote Link to comment Share on other sites More sharing options...
DataHead Posted February 1, 2015 Share Posted February 1, 2015 One thing, can we have an option where to install dependencies? Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 1, 2015 Author Share Posted February 1, 2015 (edited) I assume this is because of internal space issues? Otherwise, why would you need to do this? The dependencies that get installed are python libraries, Beautiful Soup and Requests, which go into /usr/lib/python2.7/site-packages/ with other user installed libraries. The other two files that are downloaded are jquery.min.js and auth.php which go into /www/nodogsplash/. Edited February 1, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
DataHead Posted February 1, 2015 Share Posted February 1, 2015 Yes sir. For internal space reasons :-) I obsessively like to keep as much on the sd card and away from the internal as possible. So thanks for listing those dependencies and locations, when I'm back home I will just move and symlink those suckers. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 1, 2015 Author Share Posted February 1, 2015 You bring up a good point. I'll work on a way to move them to the sd card and give people the option. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 1, 2015 Author Share Posted February 1, 2015 (edited) @DataHead Here is a quick script I wrote up to move the dependencies for python to the sd card. It will put them in /sd/depends/ and create symlinks. #!/bin/bash if ! [ -d "/sd/depends/" ] then mkdir /sd/depends/; fi mv /usr/lib/python2.7/site-packages/bs4/ /sd/depends/; mv /usr/lib/python2.7/site-packages/requests/ /sd/depends/; mv /usr/lib/python2.7/site-packages/beautifulsoup4-4.3.2-py2.7.egg-info /sd/depends/; mv /usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg-info /sd/depends/; ln -s /sd/depends/bs4 /usr/lib/python2.7/site-packages/bs4; ln -s /sd/depends/requests /usr/lib/python2.7/site-packages/requests; ln -s /sd/depends/beautifulsoup4-4.3.2-py2.7.egg-info /usr/lib/python2.7/site-packages/beautifulsoup4-4.3.2-py2.7.egg-info; ln -s /sd/depends/requests-2.5.1-py2.7.egg-info /usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg-info; echo "Complete"; I'll probably include this in the next release. Edited February 1, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
WPA3 Posted February 1, 2015 Share Posted February 1, 2015 (edited) @DataHead Here is a quick script I wrote up to move the dependencies for python to the sd card. It will put them in /sd/depends/ and create symlinks. #!/bin/bash if ! [ -d "/sd/depends/" ] then mkdir /sd/depends/; fi mv /usr/lib/python2.7/site-packages/bs4/ /sd/depends/; mv /usr/lib/python2.7/site-packages/requests/ /sd/depends/; mv /usr/lib/python2.7/site-packages/beautifulsoup4-4.3.2-py2.7.egg-info /sd/depends/; mv /usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg-info /sd/depends/; ln -s /sd/depends/bs4 /usr/lib/python2.7/site-packages/bs4; ln -s /sd/depends/requests /usr/lib/python2.7/site-packages/requests; ln -s /sd/depends/beautifulsoup4-4.3.2-py2.7.egg-info /usr/lib/python2.7/site-packages/beautifulsoup4-4.3.2-py2.7.egg-info; ln -s /sd/depends/requests-2.5.1-py2.7.egg-info /usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg-info; echo "Complete"; I'll probably include this in the next release. Worked a treat thanks very much. Edited February 1, 2015 by z3roc00l Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 1, 2015 Author Share Posted February 1, 2015 I've made some changes to the infusion and added the build to my website. These are minor changes but include the ability to move dependencies to the sd card (from the config tab) and a more mobile friendly interface (minus the injects tab). If anyone wants to test it just grab the script at the bottom of the Portal Auth page to download and install it. This is currently labeled as 2.1.1 so if you want to revert you must uninstall it and reinstall from the Pineapple Bar. When I release the next version on the Bar it will be labeled 2.2 so you will be able to update instead. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 3, 2015 Author Share Posted February 3, 2015 (edited) I'm trying to implement an additional option for Auto Authentication that steals the MAC address of another client connected to the portal's AP. This will be useful for portal's that require login credentials. I have a shell script that relies on nmap's ping sweep to get the MAC addresses of all of the clients on the network. It works flawlessly and even grabs the IP and netmask of the client radio automatically and converts the mask to CIDR notation for use with nmap, that way the IP and bits don't have to be entered manually. Then Portal Auth will iterate over the array of MAC addresses, assign one to the client radio, and test for a captive portal. It will repeat this process until either no portal is detected or it runs out of addresses. What I want to know from the community is if this is normally a successful operation nowadays. It seems too trivial to work everywhere but I'm sure it will work somewhere. Here is the script, let me know what you think. #!/bin/sh mask2cidr() { nbits=0 IFS=. for dec in $1 ; do case $dec in 255) let nbits+=8;; 254) let nbits+=7;; 252) let nbits+=6;; 248) let nbits+=5;; 240) let nbits+=4;; 224) let nbits+=3;; 192) let nbits+=2;; 128) let nbits+=1;; 0);; *) echo "Error: $dec is not recognised"; exit 1 esac done echo "$nbits" } # Get the IP address of the client radio ip=$(ifconfig $1 | grep 'inet\ addr' | cut -d: -f2 | cut -d" " -f1) # Get the netmask of the client network netmask=$(ifconfig $1 | grep 'inet\ addr' | cut -d: -f4) bits=$(mask2cidr $netmask) # Use nmap to ping sweep the target network scan=$(nmap -sn $ip/$bits) # Echo only the MAC addresses of the result echo $scan | grep -o -E '([[:xdigit:]]{1,2}:){5}([[:xdigit:]]{1,2})' Edited February 3, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
cheeto Posted February 3, 2015 Share Posted February 3, 2015 Please look at my post #68 (page 4 of this thread) I'm experimenting with the same thing. There is a script available for Linux and for Android. What it does is connects to the captive portals and scans all the clients. Clones their mac and dumps it onto your phone. The phone then disconnects and re-connects to the captive portal using the same mac address. I think it also captures the clients cookies. Therefore no password id needed to access the portal. Of course, if the cookie expires, then so does your access. I've tried this a few times but havent had luck on my S4. I hope others will try it out. Acording to what I read, it really works. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 3, 2015 Author Share Posted February 3, 2015 Please look at my post #68 (page 4 of this thread) I'm experimenting with the same thing. There is a script available for Linux and for Android. What it does is connects to the captive portals and scans all the clients. Clones their mac and dumps it onto your phone. The phone then disconnects and re-connects to the captive portal using the same mac address. I think it also captures the clients cookies. Therefore no password id needed to access the portal. Of course, if the cookie expires, then so does your access. I've tried this a few times but havent had luck on my S4. I hope others will try it out. Acording to what I read, it really works. I understand the concept and I've seen your post. What I need to know is if it is still a viable attack on today's networks. People can post POCs all they want but that doesn't mean it will work in the real world. Quote Link to comment Share on other sites More sharing options...
cheeto Posted February 3, 2015 Share Posted February 3, 2015 The post that claim that it works are pretty recent. If you have a chance try installing "hotspot-bypass" https://play.google.com/store/apps/details?id=org.eslack.hotspotbypass Note, you'll be asked to install additional software like "Radare2 Android" & I think, "Terminal Emulator" good luck Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 4, 2015 Author Share Posted February 4, 2015 A new test version is available on my site for anyone interested. I still have quite a bit of work to do before I release v2.2 on the Pineapple Bar so if you have any feedback about the current features please let me know. Quote Link to comment Share on other sites More sharing options...
masler77 Posted February 4, 2015 Share Posted February 4, 2015 a little thing ... when I Cloning portal .... maybe a text informing me that the menu disappears or a popup that says it's ready ... so I do not think it stopped responding ... otherwise I like it very much Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 4, 2015 Author Share Posted February 4, 2015 a little thing ... when I Cloning portal .... maybe a text informing me that the menu disappears or a popup that says it's ready ... so I do not think it stopped responding ... otherwise I like it very much When cloning do you not see the progress bar at the top of the clone window? If not, what browser are you using and what version is it? Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 5, 2015 Author Share Posted February 5, 2015 (edited) Final test version is up before I submit 2.2 to the Pineapple Bar. Cheeto brought an issue to my attention about the cloner window not looking right on mobile devices so I've fixed that. Along with it I have added the ability to pull all of the MAC addresses from other clients on the network so you can spoof them to gain access if a portal requires credentials. I tried making it automatically spoof each MAC but the problem is the interface must go down to change the MAC address and when it's brought back up it doesn't automatically associate with an AP again. So that may be included in a future release (but maybe not because it would also take FOREVER to spoof each one and check for a portal every time). Also, Seb requested that I add a confirmation before installing depends so that everyone knows they are coming from my server and not Hak5's so you'll see that. He also mentioned it would be a good idea to verify the checksum of each dependency so that has been included as well. You won't see any messages about the verification unless it fails at which point the process will stop and the file will automatically be deleted. I'm gonna wait a day or two before submitting v2.2 to the Pineapple Bar to see if there is anything else that needs to be changed. EDIT: One last thing, I recommend a clean install before you move to the next version. Open up the large tile and, under the Config tab, click Uninstall Dependencies. Then download the new version. Edited February 5, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
cheeto Posted February 5, 2015 Share Posted February 5, 2015 just an idea.... When cloning some captive portals, there are 2 versions. 1 for laptops and 1 for mobile devices. Although they have the same function they are cosmetically different. I sent you a script that i partialy cloned the other day. (Won't mention the name of the fastfood chain) Would it be possible for Portal Auth to make 2 versions of the cloned site? I managed to do this manually with 2 css files. So when i log into the portal with my smartphone, the portal layout perfectly fits onto my phone. When using a laptop it perfectly fits on my screen. Anyway, just an idea. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 5, 2015 Author Share Posted February 5, 2015 (edited) Portal Auth will clone the site as it is. If that site supports mobile devices, great. If not, then it will not add additional CSS to account for different screen resolutions. That would require parsing the available CSS, duplicating the classes, and modifying them for different resolutions. Needless to say it would probably not work out very well. I also don't like the idea of making two copies of every portal cus that will cause problems in itself. Edited February 5, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
jorgeivan Posted February 5, 2015 Share Posted February 5, 2015 Do i need to connect the wifi pineapple as client on the captive portal to use the PortalAuth? Quote Link to comment Share on other sites More sharing options...
cheeto Posted February 5, 2015 Share Posted February 5, 2015 If i connect to a portal using a moble phone, will portal auth clone it with the mobile version only? And vece-versa, if i connect with a laptop, will portal auth clone both versions? (mobile/desktop version) I have a template composed of 2 css files and one splash screen and it detects if the victim is on a mobile or computer, works like a charm. If anyone plans to make an adaptable portal page this setup worked for me: The demensions used are: Landscape version width: 873px; height: 650px; Portrait version (mobile phones) Mobile phone version: width: 900px; height: 1172px; Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 5, 2015 Author Share Posted February 5, 2015 (edited) Do i need to connect the wifi pineapple as client on the captive portal to use the PortalAuth? Yes. If i connect to a portal using a moble phone, will portal auth clone it with the mobile version only? And vece-versa, if i connect with a laptop, will portal auth clone both versions? (mobile/desktop version) No. Portal Auth copies the source code that is delivered when requesting a page. Typically for mobile devices, the CSS simply detects whether the resolution is at a certain width or height before enabling style classes for that resolution. Two separate files are not required and don't make a design appear fluid. For example, I have these two blocks that detect screen resolution and apply the changes when the window is resized. @media screen and (min-width: 610px) { #msgBox,#macStealerBox{ top: 50%; left: 50%; width: 600px; height: auto; max-height: 430px; margin-top: -175px; ; z-index: 10; display: none; } } @media screen and (max-width: 609px) { #msgBox,#macStealerBox{ top: 50%; left: 0px; width: 100%; height: auto; max-height: 430px; margin-left: 0px; margin-top: -175px; z-index: 10; display: none; } } Landscape version width: 873px; height: 650px; Portrait version (mobile phones) Mobile phone version: width: 900px; height: 1172px; Keeping your width set to a fixed number of pixels is not a good idea when trying to make something look the same regardless of window size. It works perfectly on your devices but it most likely won't on other devices. Edited February 5, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
cheeto Posted February 5, 2015 Share Posted February 5, 2015 Very true, but having a portrait version running on a mobile phone works better than having a landscape version on a mobile phone. (at least in my case and the phones that I've been testing so far) Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 5, 2015 Author Share Posted February 5, 2015 Usually people only create two version of their website if they can't reasonably fit things into a mobile resolution. I think if you continue to use fixed width and height you are eventually going to run into problems. If the captive portal has a mobile version then it won't be cloned because the regular version will be displayed first. There might be a way to trick it into cloning the mobile version by manipulating some headers but I will have to do some research. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.