sud0nick Posted February 26, 2015 Author Share Posted February 26, 2015 We get to vote? I'd say: PortalAuth for captive portals, SET to clone web sites, and Wget, Burp Suite, ZAP, etc. for spidering sites. I wouldn't clone or spider sites from the pineapple, it just doesn't seem like the best tool for the job. Just my opinion since you asked. I agree completely but I figured I would get some other opinions. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 27, 2015 Author Share Posted February 27, 2015 (edited) I resubmitted v2.3 to the Pineapple Bar. Luckily I was able to get some more fixes worked in before it got approved. DataHead had an issue where CSS styles linked by @import statements were not being parsed so I added support for that. A couple other things were fixed as well. Here is the updated changelog. [->] Added CSS parsing when cloning a portal so images referenced in CSS files are downloaded. [->] Portals are now cloned significantly faster. [->] Dependencies are no longer installed through setup.py scripts but instead are copied to /sd/depends/ making the installation process much faster. [->] Fixed issue caused by reinstalling dependencies after updating PortalAuth. [->] Fixed issue with following relative URLs in meta refreshes [->] External JS files are now downloaded into the images directory and the link modified within the HTML EDIT: I almost forgot. When cloning a portal the site it first reaches out to is what you put in the Test Website field. I was able to successfully clone my personal website and it was (visually) an exact duplicate just modified to work with nodogsplash. Edited February 27, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 28, 2015 Author Share Posted February 28, 2015 Well I don't know how long it's going to take for the new version to be released but I assume the delay is due to Hack Across Europe. Since it hasn't been released yet I decided to make a few more changes. Here are the changes since the last changelog. [->] Added a tab for Auth Log to show captured credentials [->] The default Test Website has been changed to InfoTomb. The request is made via HTTPS unlike past requests. [->] Dependencies are now downloaded from InfoTomb, an anonymous file hosting site. All download sessions are SSL enabled and MD5 checksums are verified for every download. [->] Dependencies are no longer installed through setup scripts but instead are copied to /sd/depends/ making the installation process much faster. The size of each archive has also been reduced making the download time shorter. [->] The SSL version of wget is now installed via opkg if not already installed on the Pineapple. This is for downloading dependencies via HTTPS. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 5, 2015 Author Share Posted March 5, 2015 I didn't think I would get more done before the release of 2.3 but I did and here is the changelog for 2.4. I will try to put together an updated tutorial video since I added a significant new feature. [->] Added Injection Sets which can be created, exported, shared, and imported between Pineapple users. Inject Sets work like previous versions of Injections but are now modular and can be chosen when cloning a portal. [->] Fixed a bug with portals that use self-signed SSL certificates. Injection sets allow you to create multiple versions of the inject files and choose which set to use when cloning a portal. They can be exported and imported with ease so I encourage you to create your own custom login forms using the new interface, export, and share with everyone else. I may even create a separate thread strictly for sharing Injection Sets if the admins don't mind. Quote Link to comment Share on other sites More sharing options...
cheeto Posted March 5, 2015 Share Posted March 5, 2015 I agree that a 2nd thread should be made for Injection set related matters. Of course if it's ok with the Admin. Regarding injection sets, can someone suggest were to start?... How can we make our own? Any recommended software or page? Thanks guys! Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 5, 2015 Author Share Posted March 5, 2015 I said in my post that you can make them in Portal Auth. It will be clear once you start using v2.4. I also said that I will try to make a tutorial video showing how to make, edit, export, and import them. Quote Link to comment Share on other sites More sharing options...
cheeto Posted March 5, 2015 Share Posted March 5, 2015 i recently came across: http://www.css3maker.com/ Not sure if it could help make a proper css. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 5, 2015 Author Share Posted March 5, 2015 That can certainly help you. Don't forget there is more to an injection set than CSS. You have HTML, JavaScript, and the accompanying auth.php script. Quote Link to comment Share on other sites More sharing options...
cheeto Posted March 5, 2015 Share Posted March 5, 2015 I think I'll wait for you video and perhaps a sample injection file. (that is if someone shares it) Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 5, 2015 Author Share Posted March 5, 2015 Portal Auth comes with a default injection set. It is the same set that has been used in previous versions. I will try to make a video this weekend. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 5, 2015 Author Share Posted March 5, 2015 v2.4 is now available on the Pineapple Bar! Quote Link to comment Share on other sites More sharing options...
cheeto Posted March 5, 2015 Share Posted March 5, 2015 Looking forward to it. THX! Quote Link to comment Share on other sites More sharing options...
m40295 Posted March 5, 2015 Share Posted March 5, 2015 Great work sud0nick Quote Link to comment Share on other sites More sharing options...
cheeto Posted March 6, 2015 Share Posted March 6, 2015 Guys, 2.4 looks promising. I recommend giving it a try. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 7, 2015 Author Share Posted March 7, 2015 Here is a video demonstrating v2.4. I happened to notice an error I made in the injects editor where a link is broken for backing up injectCSS. I have fixed it and will submit an update to the Pineapple Bar. https://www.youtube.com/watch?v=Vh8Ow0w3LjQ Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 8, 2015 Author Share Posted March 8, 2015 v2.5 has been submitted to the Pineapple Bar. I tried making it v2.4.1 but I guess that's not allowed, lol. Just a couple of minor fixes: [->] Added support for downloading images referenced within the style attribute of element tags. [->] Fixed the back up and restore links for InjectCSS. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted March 8, 2015 Share Posted March 8, 2015 v2.5 has been submitted to the Pineapple Bar. I tried making it v2.4.1 but I guess that's not allowed, lol. Nope, you guys are only allowed two digits ;) Quote Link to comment Share on other sites More sharing options...
fringes Posted March 9, 2015 Share Posted March 9, 2015 (edited) So I conneccted the Mk5 in client mode to the nearest Xfinity WiFi AP. The infusion detected a portal, so I tried to clone it and got the following error: Traceback (most recent call last): File "/sd/infusions/portalauth/includes/scripts/portalclone.py", line 69, in response = requests.get(url, verify=False) File "/usr/lib/python2.7/site-packages/requests/api.py", line 65, in get return request('get', url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/api.py", line 49, in request response = session.request(method=method, url=url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 447, in request prep = self.prepare_request(req) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 378, in prepare_request hooks=merge_hooks(request.hooks, self.hooks), File "/usr/lib/python2.7/site-packages/requests/models.py", line 303, in prepare self.prepare_url(url, params) File "/usr/lib/python2.7/site-packages/requests/models.py", line 360, in prepare_url "Perhaps you meant http://{0}?".format(url)) requests.exceptions.MissingSchema: Invalid URL u'injectjs;injectcss;injecthtml': No schema supplied. Perhaps you meant http://injectjs;injectcss;injecthtml? Any Ideas? (evilportal 2.4) Edited March 9, 2015 by fringes Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 9, 2015 Author Share Posted March 9, 2015 What do your settings look like? This is the format for the portalclone.py script which is run when you click the clone button python portalclone.py <PortalName> <PortalArchive> <Options (';' delimited string)> <TestURL> <InjectSet> According to the error you got it seems either your PortalName or PortalArchive contained a space (for which I really should have put a check in place). Quote Link to comment Share on other sites More sharing options...
fringes Posted March 9, 2015 Share Posted March 9, 2015 Of course it contains a space. Argh! I'll try again. Quote Link to comment Share on other sites More sharing options...
fringes Posted March 10, 2015 Share Posted March 10, 2015 No dice. I've tried multiple times and I get the connection timeout: Traceback (most recent call last): File "/sd/infusions/portalauth/includes/scripts/portalclone.py", line 69, in response = requests.get(url, verify=False) File "/usr/lib/python2.7/site-packages/requests/api.py", line 65, in get return request('get', url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/api.py", line 49, in request response = session.request(method=method, url=url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 461, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 573, in send r = adapter.send(request, **kwargs) File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 415, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', error(145, 'Connection timed out')) Has anyone sucessfully cloned xfinitywifi? Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 10, 2015 Author Share Posted March 10, 2015 (edited) SSH into your Pineapple and go to the directory where you saved the portal. See what files actually copied if anything at all. You may be able to look at the source for the actual portal and get an idea of where it timed out. This is most likely a problem with the AP that is using xfinity as a connection timeout error means something went wrong with the remote system. Edited March 10, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
fringes Posted March 10, 2015 Share Posted March 10, 2015 All I get is the empty directory tree: /sd/portals/xfinitywifi/images There are no files. I made sure I had a strong signal to an xfinitiwifi hot spot and conected the pineapple in client mode. My laptop was connected to the pineaple managent AP. As soon as I opened any page (other than the pineapple) in my laptop's broowser, I got redirected to the xfinitywifi portal sign-in page (https://wifilogin.comcast.net/wifi/xwifi.php?hash=...).%C2'> But the infusion was slow to detect a portal, and timed out cloning it every time. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted March 10, 2015 Author Share Posted March 10, 2015 Go to the Portal tab in the large tile and see if it loads. It probably will because it's just an iframe but it's something to check. That's weird that it times out. Like I said a timeout is due to the remote end and not the infusion. Nonetheless I could try to figure out what the problem is if you can get me the source code but if it ends up being something server side that's blocking it I can't help that. Quote Link to comment Share on other sites More sharing options...
cheeto Posted March 10, 2015 Share Posted March 10, 2015 (edited) just wondering, did you try unchecking all the option in PortalAuth before trying to clone? Edited March 10, 2015 by cheeto Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.