Jump to content

[Support] Portal Auth


sud0nick

Recommended Posts

I am building it to work specifically with Evil Portal. You will not HAVE to modify anything but you will be able to. I am building a new tab into the infusion where you can customize the HTML form and JS that you want to inject into the portal you clone. All images will be downloaded automatically and placed in the appropriate directory (I'm still working on doing the same for CSS stylesheets). You will be able to save portals to the location that Evil Portal saves them and activate them immediately if you so desire. I'll post the whole change log here right before I submit the update.

Link to comment
Share on other sites

  • Replies 262
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Some ideas for Portal Auth:

provide users with a simple construction tool like: add email or password form with submit button so as to submit all the information to auth.log.

This would e HUGE.

Another idea, perhaps for you and Newbi3 would be to make a Portal suite that includes: Evil Portal, Portal Auth and DNSspoof.

Not to sure if Dns spoof is working correctly. (That will be my next learning challenge).

The problem I see with Dns spoof is HSTS. Let's say you clone gmail.com with Portal Auth. If I understand correctly, we can't pretend to be a https site unless it's the first time the victim has actually entered the https page.

Anyway, I can't wait to get my hands on this infusion!

Cheers

Link to comment
Share on other sites

Some ideas for Portal Auth:

provide users with a simple construction tool like: add email or password form with submit button so as to submit all the information to auth.log.

There will be two files holding the code to inject: injectJS.txt and injectHTML.txt. You will be able to modify these and the code will automatically be placed in the portal as it is cloned. As for creating buttons to include multiple forms, I don't think this is necessary. The form will already be set up in the portal. My script clears the form of the portal and injects your HTML into it but it does not create a whole new form. Besides newbi3's infusion, bobthebuilder, already does this and you could copy and paste the code from there.

The default injectHTML file will include an email and password field with a button that is linked to a javascript function. In the JS function will be a post request that is sent to auth.php. If you guys think its a good idea I can include a standard auth.php script and place it in the appropriate directory. Then I could make that editable as well from the infusion.

Remember, though, this is not a portal editing infusion. It copies a portal, configures it to work with nodogsplash, and sets it up to work immediately with Evil Portal. If you want to edit a portal you will either have to use Evil Portal II or SSH into your Pineapple. There is no need for me to rebuild what newbi3 has already done.

Edited by sud0nick
Link to comment
Share on other sites

I could see this being a part of either evil portal or portalauth. As you said DataHead, I could easily use the code I have already written to accomplish this. I'm going to do this for myself anyway but would be glad to hand the code over to newbi3 and let him add it to evil portal if he wishes. If not I will add it to my infusion. I'm thinking along the lines of this process:

1. Pull HTML from portal

2. Replace the value of all action attributes, in form tags, with $authtarget

Remove value of action attributes and leave redirection up to the JavaScript.

3. Inject username and password fields

4. Inject an AJAX call to log the credentials

5. Place in portal directory on Pineapple.

The basics are simple. Then I might add some options to insert images like the Facebook or GMail icon in order to make it look more official when asking for creds from a specific site.

Its all you man, I've had this in my que of stuff to get done but I'm the busiest person in the world right now with work and I just started teaching night classes. I will ask though if you can make it super clear that the portal will be replaced if the user chooses that so this way I don't get the users coming to me saying "my portal got deleted!"

Link to comment
Share on other sites

Its all you man, I've had this in my que of stuff to get done but I'm the busiest person in the world right now with work and I just started teaching night classes. I will ask though if you can make it super clear that the portal will be replaced if the user chooses that so this way I don't get the users coming to me saying "my portal got deleted!"

Of course. I will actually set it up to alert the user if they name the newly copied portal something that already exists. That way they know that one will be replaced instead of added.

Link to comment
Share on other sites

Also, once a portal is cloned/ripped, it would be nice if we could save it to sd/portals this way we can have it in the Evil portal library.

If you guys think its a good idea I can include a standard auth.php script and place it in the appropriate directory.

YES! PLEASE! Simplicity is definitely a plus!!

This fusion of infusions is looking nice!!!

Link to comment
Share on other sites

Also, once a portal is cloned/ripped, it would be nice if we could save it to sd/portals this way we can have it in the Evil portal library.

If you look at my previous posts you will see this is the idea. Evil Portal stores portals in /sd/portals so that is where Portal Auth will store cloned portals. You will also have the option of copying it to /etc/nodogsplash/htdocs immediately so it will be your current active portal.

Link to comment
Share on other sites

I think that adding an option to add username password fields might be important because some Captive portals simply don't require that you type anything at all. Some are just 1 click access to internet.

So cloning a page that does not require any input from the user and modifying it to a point where you do need to input information might be a plus.

By the way, the Library idea is BRILLIANT!

Link to comment
Share on other sites

I think that adding an option to add username password fields might be important because some Captive portals simply don't require that you type anything at all. Some are just 1 click access to internet.

So cloning a page that does not require any input from the user and modifying it to a point where you do need to input information might be a plus.

By the way, the Library idea is BRILLIANT!

I'm not sure if you're reading my previous posts correctly. Inputting the username and password fields will be done by default. The injectHTML and injectJS files will come with working code. You will be able to modify it to suite your needs. The injectHTML file will include username and password fields but not the form tags. The script will find the form in the portal, clear it, and inject the code from injectHTML.

Edited by sud0nick
Link to comment
Share on other sites

I just uploaded v2.0 of Portal Auth. It will hopefully be available within the next 24 hours. Here is a copy of the changelog

[->] Added the ability to clone a captive portal.  The portal can be activated upon cloning and managed with Evil Portal II.
[->] Updated user interface.
[->] Added Injects tab to allow user-defined JavaScript and HTML for injecting into a cloned portal.
[->] Included JS and HTML injects for creating a basic username & password form.
[->] Included a standard auth.php file for capturing credentials.

Some things to note:

1. When cloning a site if a linked item does not have a file extension (I've only seen CSS files like this) the cloner will automatically label it as a CSS file.

2. When specifying a portal archive you need to ALWAYS place a forward slash at the end of the path.

3. You will only see the options to auto-authenticate and clone a portal if one is detected. If not you will only see the check for portal button.

If there are any issues please let me know ASAP. I tested this version to fullest extent I could but I can't account for every possibility. I want to make sure this works for everyone so please bring every issue to my attention.

Enjoy!

Link to comment
Share on other sites

Well, I went out for my 1st Captive portal cloning hunt.

The idea was to clone a nearby gas station's Splah screen.

The portal does not require users to type any kind of credentials. It's simply "click a button for internet access".

So I turned on my mkv, connected to the target's AP.

PortalAuth then gave me the option to CLONE the site.

So I clicked clone and waited for about 20 seconds.... and afterwards got this message:

The page at 172.16.42.1: 1471 says: An error occurred. Please check your settings and try again.

I tried this 3 times and got the same error.

Anyone else having this problem?

Cheers,

Link to comment
Share on other sites

Try something for me, Cheeto.

SSH into your Pineapple while connected to the AP with the captive portal and run the following commands.

cd /pineapple/components/infusions/portalauth/
python includes/scripts/portalclone.py TestPortal /sd/portals/

Place the error you get here so I can see it. Also check /sd/portals/ for the TestPortal directory. Let me know what actually copied into it and if the splash.html file has any content in it.

Edited by sud0nick
Link to comment
Share on other sites

The problem is that im using my smartphone for this.... So using CLI might seem a bit difficult. I'll try to do it with my directional beam.

What i can tell you however, is that when it asks me to input the file name to be saved, all seems fine but i get the error. When looking in the sd/portals directory, the newly created folders are there (along with the image folder) but it´s empty.

:(

I'l keep you posted.

Link to comment
Share on other sites

If you have an Android based phone try using JuiceSSH. That's what I use to get into my Pineapple and other devices from my phone. Also, if you can, try to grab a copy of the portal without any of the modifications for nodogsplash and send it to me. I want to load it up in my test environment and see what's causing the problem.

EDIT:

There may be a problem with the HTML of the splash page you are trying to copy. I just ran another test and everything copied perfectly for me, images, HTML, and CSS.

Edited by sud0nick
Link to comment
Share on other sites

After speaking with Cheeto I have found a couple of bugs in my scripts. Since most of my testing was completed with captive portals through nodogsplash I was not able to account for the situation cheeto ran into but I should be able to fix it rather easily.

1. There is an issue with auto-authentication. Most captive portals use a <form> tag to gather credentials and submit forms for authentication. This is what my portalauth python script looks for, however, the captive portal Cheeto came across actually uses an <a> tag. I will need to update the script to either search for strictly these two elements or allow them to be user-defined. I am leaning toward the latter so the script does not need to updated every time web standards change.

2. When nodogsplash presents a captive portal the URL that the user was trying to reach stays in the browser's address bar. When this occurs it is easy to grab images and CSS file relatively from this point. However, in Cheeto's encounter the traffic is redirected to a site that hosts the captive portal. To fix this I will need to grab that URL instead of just using my website on the internet. That is the way it's configured now and the reason why images could not be found through relative URLs.

Thank you, Cheeto for bringing this to my attention. If anyone else finds any bugs please don't hesitate to bring it up. I will hopefully have an update for you all soon.

Link to comment
Share on other sites

Not really a bug, but what about also trying to detect if the portal you are trying to capture / log into, is infact another pineapple running a captive? Maybe a simple check on port 1471 to see if there's a pineapple login page, if so compare and detect

Link to comment
Share on other sites

Not really a bug, but what about also trying to detect if the portal you are trying to capture / log into, is infact another pineapple running a captive? Maybe a simple check on port 1471 to see if there's a pineapple login page, if so compare and detect

I'll look into this as it might be a good heads up when trying to authenticate. Right now I'm focused primarily on the auto authentication and cloning functions. I think I've got the cloner working perfectly since I made it account for URL redirects (read my previous post for more info) but I still need to make the auto authentication more robust. Cheeto has been a big help in testing the infusion so the next release should be a lot better for everyone.

Link to comment
Share on other sites

Here is the change log for version 2.1! I am going to send the new version to Cheeto first for some extra testing before I submit it to the Pineapple Bar. If anyone else would like to test the infusion before I submit it please PM me and I will send you a script to download and install it.

[->] Removed Check Portal button. Refreshes can now be performed by clicking the refresh button in the top right corner of the small tile.
[->] Made the auto-authenticator more robust.  It now searches for more content and accounts for redirects and relative URLs.  *still in beta though*
[->] Made the portal cloner more robust.  It now searches for files based on relative URLs and accounts for possible redirects by captive portals.
[->] Updated the configuration script.	
[->] Modified the default InjectJS and InjectHTML files.
[->] Added an InjectCSS file.
[->] Added the ability to restore InjectJS, InjectCSS, InjectHTML, and auth.php files.
[->] Fixed a bug where the small tile displayed 'Captive Portal Detected' when the Pineapple is offline.  The new message displays 'Pineapple must be online to use PortalAuth'.
[->] Fixed a bug in the Portal Cloner that would add multiple login forms to the document.
Link to comment
Share on other sites

I need some more details. Where is your captive portal? Is it on the Pineapple? If so, you shouldn't see it there. The point of the portal tab is to show you a captive portal on the AP that your client radio is connected to so you can authenticate if the auto authentication feature fails.

EDIT: I'm thinking that maybe you thought the Portal tab was supposed to show you your own portal as it would appear to a victim?

Edited by sud0nick
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...