[Support] Portal Auth

[sud0nick]

So far it seems this version is working out quite better than the previous versions. Cheeto was able to clone a portal successfully and the auto authentication function worked too! I'm sure we will still run into some cases where something doesn't work in a particular environment but please make sure you are looking at the Element Tags field in the config tab if Portal Auth is unable to authenticate. These tags are used to build the POST and GET requests that authenticate the Pineapple with the AP. If you find an element in the source code of the portal that is used for authentication you must ensure it is listed in the Element Tags field. You can read the associated help file for more information.

Please keep submitting any bugs here as this process has obviously worked so far in making Portal Auth a better infusion.

[sud0nick]

I created a page on my website this morning for Portal Auth. It describes the basic functions of the infusion and has a tutorial video on it for cloning portals.

http://www.puffycode.com/extracode.php?appName=PortalAuth

[cheeto]

Very nicely done.

[DataHead]

One thing, can we have an option where to install dependencies?

[sud0nick]

I assume this is because of internal space issues? Otherwise, why would you need to do this? The dependencies that get installed are python libraries, Beautiful Soup and Requests, which go into /usr/lib/python2.7/site-packages/ with other user installed libraries. The other two files that are downloaded are jquery.min.js and auth.php which go into /www/nodogsplash/.

Edited February 1, 2015 by sud0nick

[DataHead]

Yes sir. For internal space reasons :-) I obsessively like to keep as much on the sd card and away from the internal as possible. So thanks for listing those dependencies and locations, when I'm back home I will just move and symlink those suckers.

[sud0nick]

You bring up a good point. I'll work on a way to move them to the sd card and give people the option.

[sud0nick]

@DataHead

Here is a quick script I wrote up to move the dependencies for python to the sd card. It will put them in /sd/depends/ and create symlinks.

#!/bin/bash

if ! [ -d "/sd/depends/" ]
then
        mkdir /sd/depends/;
fi

mv /usr/lib/python2.7/site-packages/bs4/ /sd/depends/;
mv /usr/lib/python2.7/site-packages/requests/ /sd/depends/;
mv /usr/lib/python2.7/site-packages/beautifulsoup4-4.3.2-py2.7.egg-info /sd/depends/;
mv /usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg-info /sd/depends/;
ln -s /sd/depends/bs4 /usr/lib/python2.7/site-packages/bs4;
ln -s /sd/depends/requests /usr/lib/python2.7/site-packages/requests;
ln -s /sd/depends/beautifulsoup4-4.3.2-py2.7.egg-info /usr/lib/python2.7/site-packages/beautifulsoup4-4.3.2-py2.7.egg-info;
ln -s /sd/depends/requests-2.5.1-py2.7.egg-info /usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg-info;
echo "Complete";

I'll probably include this in the next release.

Edited February 1, 2015 by sud0nick

[WPA3]

@DataHead

Here is a quick script I wrote up to move the dependencies for python to the sd card. It will put them in /sd/depends/ and create symlinks.

#!/bin/bash

if ! [ -d "/sd/depends/" ]
then
        mkdir /sd/depends/;
fi

mv /usr/lib/python2.7/site-packages/bs4/ /sd/depends/;
mv /usr/lib/python2.7/site-packages/requests/ /sd/depends/;
mv /usr/lib/python2.7/site-packages/beautifulsoup4-4.3.2-py2.7.egg-info /sd/depends/;
mv /usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg-info /sd/depends/;
ln -s /sd/depends/bs4 /usr/lib/python2.7/site-packages/bs4;
ln -s /sd/depends/requests /usr/lib/python2.7/site-packages/requests;
ln -s /sd/depends/beautifulsoup4-4.3.2-py2.7.egg-info /usr/lib/python2.7/site-packages/beautifulsoup4-4.3.2-py2.7.egg-info;
ln -s /sd/depends/requests-2.5.1-py2.7.egg-info /usr/lib/python2.7/site-packages/requests-2.5.1-py2.7.egg-info;
echo "Complete";

I'll probably include this in the next release.

Worked a treat thanks very much.

Edited February 1, 2015 by z3roc00l

[sud0nick]

I've made some changes to the infusion and added the build to my website. These are minor changes but include the ability to move dependencies to the sd card (from the config tab) and a more mobile friendly interface (minus the injects tab). If anyone wants to test it just grab the script at the bottom of the Portal Auth page to download and install it. This is currently labeled as 2.1.1 so if you want to revert you must uninstall it and reinstall from the Pineapple Bar. When I release the next version on the Bar it will be labeled 2.2 so you will be able to update instead.

[sud0nick]

I'm trying to implement an additional option for Auto Authentication that steals the MAC address of another client connected to the portal's AP. This will be useful for portal's that require login credentials. I have a shell script that relies on nmap's ping sweep to get the MAC addresses of all of the clients on the network. It works flawlessly and even grabs the IP and netmask of the client radio automatically and converts the mask to CIDR notation for use with nmap, that way the IP and bits don't have to be entered manually. Then Portal Auth will iterate over the array of MAC addresses, assign one to the client radio, and test for a captive portal. It will repeat this process until either no portal is detected or it runs out of addresses. What I want to know from the community is if this is normally a successful operation nowadays. It seems too trivial to work everywhere but I'm sure it will work somewhere.

Here is the script, let me know what you think.

#!/bin/sh

mask2cidr() {
    nbits=0
    IFS=.
    for dec in $1 ; do
        case $dec in
            255) let nbits+=8;;
            254) let nbits+=7;;
            252) let nbits+=6;;
            248) let nbits+=5;;
            240) let nbits+=4;;
            224) let nbits+=3;;
            192) let nbits+=2;;
            128) let nbits+=1;;
            0);;
            *) echo "Error: $dec is not recognised"; exit 1
        esac
    done
    echo "$nbits"
}

# Get the IP address of the client radio
ip=$(ifconfig $1 | grep 'inet\ addr' | cut -d: -f2 | cut -d" " -f1)

# Get the netmask of the client network
netmask=$(ifconfig $1 | grep 'inet\ addr' | cut -d: -f4)
bits=$(mask2cidr $netmask)

# Use nmap to ping sweep the target network
scan=$(nmap -sn $ip/$bits)

# Echo only the MAC addresses of the result
echo $scan | grep -o -E '([[:xdigit:]]{1,2}:){5}([[:xdigit:]]{1,2})'

Edited February 3, 2015 by sud0nick

[cheeto]

Please look at my post #68 (page 4 of this thread)

I'm experimenting with the same thing. There is a script available for Linux and for Android.

What it does is connects to the captive portals and scans all the clients. Clones their mac and dumps it onto your phone.

The phone then disconnects and re-connects to the captive portal using the same mac address.

I think it also captures the clients cookies. Therefore no password id needed to access the portal.

Of course, if the cookie expires, then so does your access.

I've tried this a few times but havent had luck on my S4. I hope others will try it out. Acording to what I read, it really works.

[sud0nick]

Please look at my post #68 (page 4 of this thread)

I'm experimenting with the same thing. There is a script available for Linux and for Android.

What it does is connects to the captive portals and scans all the clients. Clones their mac and dumps it onto your phone.

The phone then disconnects and re-connects to the captive portal using the same mac address.

I think it also captures the clients cookies. Therefore no password id needed to access the portal.

Of course, if the cookie expires, then so does your access.

I've tried this a few times but havent had luck on my S4. I hope others will try it out. Acording to what I read, it really works.

I understand the concept and I've seen your post. What I need to know is if it is still a viable attack on today's networks. People can post POCs all they want but that doesn't mean it will work in the real world.

[cheeto]

The post that claim that it works are pretty recent.

If you have a chance try installing "hotspot-bypass"

https://play.google.com/store/apps/details?id=org.eslack.hotspotbypass

Note, you'll be asked to install additional software like "Radare2 Android" & I think, "Terminal Emulator"

good luck

[sud0nick]

A new test version is available on my site for anyone interested. I still have quite a bit of work to do before I release v2.2 on the Pineapple Bar so if you have any feedback about the current features please let me know.

[masler77]

a little thing ... when I Cloning portal ....

maybe a text informing me that the menu disappears or a popup that says it's ready ...

so I do not think it stopped responding ...

otherwise I like it very much

[sud0nick]

a little thing ... when I Cloning portal ....

maybe a text informing me that the menu disappears or a popup that says it's ready ...

so I do not think it stopped responding ...

otherwise I like it very much

When cloning do you not see the progress bar at the top of the clone window? If not, what browser are you using and what version is it?

[sud0nick]

Final test version is up before I submit 2.2 to the Pineapple Bar. Cheeto brought an issue to my attention about the cloner window not looking right on mobile devices so I've fixed that. Along with it I have added the ability to pull all of the MAC addresses from other clients on the network so you can spoof them to gain access if a portal requires credentials. I tried making it automatically spoof each MAC but the problem is the interface must go down to change the MAC address and when it's brought back up it doesn't automatically associate with an AP again. So that may be included in a future release (but maybe not because it would also take FOREVER to spoof each one and check for a portal every time).

Also, Seb requested that I add a confirmation before installing depends so that everyone knows they are coming from my server and not Hak5's so you'll see that. He also mentioned it would be a good idea to verify the checksum of each dependency so that has been included as well. You won't see any messages about the verification unless it fails at which point the process will stop and the file will automatically be deleted.

I'm gonna wait a day or two before submitting v2.2 to the Pineapple Bar to see if there is anything else that needs to be changed.

EDIT: One last thing, I recommend a clean install before you move to the next version. Open up the large tile and, under the Config tab, click Uninstall Dependencies. Then download the new version.

Edited February 5, 2015 by sud0nick

[cheeto]

just an idea....

When cloning some captive portals, there are 2 versions. 1 for laptops and 1 for mobile devices.

Although they have the same function they are cosmetically different.

I sent you a script that i partialy cloned the other day. (Won't mention the name of the fastfood chain)

Would it be possible for Portal Auth to make 2 versions of the cloned site? I managed to do this manually with 2 css files.

So when i log into the portal with my smartphone, the portal layout perfectly fits onto my phone. When using a laptop it perfectly fits on my screen.

Anyway, just an idea.

[sud0nick]

Portal Auth will clone the site as it is. If that site supports mobile devices, great. If not, then it will not add additional CSS to account for different screen resolutions. That would require parsing the available CSS, duplicating the classes, and modifying them for different resolutions. Needless to say it would probably not work out very well. I also don't like the idea of making two copies of every portal cus that will cause problems in itself.

Edited February 5, 2015 by sud0nick

[jorgeivan]

Do i need to connect the wifi pineapple as client on the captive portal to use the PortalAuth?

[cheeto]

If i connect to a portal using a moble phone, will portal auth clone it with the mobile version only?

And vece-versa, if i connect with a laptop, will portal auth clone both versions? (mobile/desktop version)

I have a template composed of 2 css files and one splash screen and it detects if the victim is on a mobile or computer, works like a charm.

If anyone plans to make an adaptable portal page this setup worked for me:

The demensions used are:

Landscape version

width: 873px; height: 650px;

Portrait version (mobile phones)

Mobile phone version:

width: 900px; height: 1172px;

[sud0nick]

Do i need to connect the wifi pineapple as client on the captive portal to use the PortalAuth?

Yes.

If i connect to a portal using a moble phone, will portal auth clone it with the mobile version only?

And vece-versa, if i connect with a laptop, will portal auth clone both versions? (mobile/desktop version)

No. Portal Auth copies the source code that is delivered when requesting a page. Typically for mobile devices, the CSS simply detects whether the resolution is at a certain width or height before enabling style classes for that resolution. Two separate files are not required and don't make a design appear fluid.

For example, I have these two blocks that detect screen resolution and apply the changes when the window is resized.

@media screen and (min-width: 610px) {
	#msgBox,#macStealerBox{
		top: 50%;
		left: 50%;
		width: 600px;
		height: auto;
		max-height: 430px;
		margin-top: -175px;
		;
		z-index: 10;
		display: none;
	}
}
@media screen and (max-width: 609px) {
	#msgBox,#macStealerBox{
		top: 50%;
		left: 0px;
		width: 100%;
		height: auto;
		max-height: 430px;
		margin-left: 0px;
		margin-top: -175px;
		z-index: 10;
		display: none;
	}
}

Landscape version

width: 873px; height: 650px;

Portrait version (mobile phones)

Mobile phone version:

width: 900px; height: 1172px;

Keeping your width set to a fixed number of pixels is not a good idea when trying to make something look the same regardless of window size. It works perfectly on your devices but it most likely won't on other devices.

Edited February 5, 2015 by sud0nick

[cheeto]

Very true, but having a portrait version running on a mobile phone works better than having a landscape version on a mobile phone. (at least in my case and the phones that I've been testing so far)

[sud0nick]

Usually people only create two version of their website if they can't reasonably fit things into a mobile resolution. I think if you continue to use fixed width and height you are eventually going to run into problems. If the captive portal has a mobile version then it won't be cloned because the regular version will be displayed first. There might be a way to trick it into cloning the mobile version by manipulating some headers but I will have to do some research.