Jump to content

NoDogSplash with no Internet and Autostart question


johnsteiner

Recommended Posts

Hi,

a) i noticed nodogsplash/evilportal is working very well WHEN the markv has a internet connection (via WLAN, 3G, LAN, does not matter). But nodogsplash is not splashing when you take the internet connection from the markv. Nodogsplash seems to start OK and the EP infusion shows that too but it simply don´t splashes when a client connects. When the internet comes back, it works again. Any ideas how to tell nodogsplash to even splash when there is no internet connection?

b) How to tell the markv to autostart all the pineap services, not just karma only?

Best regards

JS

Link to comment
Share on other sites

hey johnsteiner, if you want just to serve a splash page ssh into your pineapple and try this:

/etc/init.d/dnsmasq stop
cp /var/etc/dnsmasq.conf /tmp/dnsmasq.conf
sed -i '/address=/a address=/#/172.16.42.1' /tmp/dnsmasq.conf
/usr/sbin/dnsmasq -C /tmp/dnsmasq.conf
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1
iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination 172.16.42.1
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1
This will make dnsmasq to resolve all domains to your pineapple's IP (172.16.42.1) if not cached from your browser and redirect all port 80 and port 53 traffic to it.

To undo

/etc/init.d/dnsmasq restart
rm /tmp/dnsmasq.conf
iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1
iptables -t nat -D PREROUTING -p tcp --dport 53 -j DNAT --to-destination 172.16.42.1
iptables -t nat -D PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1
Note that every time you restart dnsmasq (/etc/init.d/dnsmasq restart) the dnsmasq.conf file at /var/etc/ gets re-written. Edited by KiatoGS
Link to comment
Share on other sites

Hi, did all this, still nodogsplash will not "splash" when there is no internet. take a look:

root@Pineapple:/etc# cat /tmp/dnsmasq.conf

# auto-generated config file from /etc/config/dhcp

conf-file=/etc/dnsmasq.conf

dhcp-authoritative

domain-needed

localise-queries

read-ethers

bogus-priv

expand-hosts

domain=lan

server=/lan/

dhcp-leasefile=/tmp/dhcp.leases

resolv-file=/tmp/resolv.conf.auto

addn-hosts=/tmp/hosts

stop-dns-rebind

rebind-localhost-ok

dhcp-range=lan,172.16.42.100,172.16.42.249,255.255.255.0,12h

dhcp-option=lan,3,172.16.42.1

dhcp-option=lan,3,172.16.42.1

dhcp-option=lan,6,172.16.42.1

dhcp-option=lan,6,172.16.42.1

address=/Pineapple.lan/172.16.42.1

address=/#/172.16.42.1

ptr-record=1.42.16.172.in-addr.arpa,Pineapple.lan

root@Pineapple:/etc# /usr/sbin/dnsmasq -C /tmp/dnsmasq.conf

root@Pineapple:/etc# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1

root@Pineapple:/etc# iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination 172.16.42.1

root@Pineapple:/etc# iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1

root@Pineapple:/etc# nodogsplash -f

[5][Wed Jan 1 02:02:30 2014][23162](gateway.c:380) Reading and validating configuration file /etc/nodogsplash/nodogsplash.conf

[5][Wed Jan 1 02:02:30 2014][23162](gateway.c:388) Initializing signal handlers

[5][Wed Jan 1 02:02:30 2014][23162](gateway.c:244) Detected gateway br-lan at 172.16.42.1

[5][Wed Jan 1 02:02:30 2014][23162](gateway.c:252) Created web server on 172.16.42.1:2050

[5][Wed Jan 1 02:02:31 2014][23162](gateway.c:278) Initializing firewall rules

[5][Wed Jan 1 02:02:32 2014][23162](gateway.c:305) Waiting for connections

nothing - no connections ;-(

Link to comment
Share on other sites

aah /etc/config/dhcp

config 'dnsmasq'

option 'domainneeded' '1'

option 'boguspriv' '1'

option 'filterwin2k' '0'

option 'localise_queries' '1'

option 'rebind_protection' '1'

option 'rebind_localhost' '1'

option 'local' '/lan/'

option 'domain' 'lan'

option 'expandhosts' '1'

option 'nonegcache' '0'

option 'authoritative' '1'

option 'readethers' '1'

option 'leasefile' '/tmp/dhcp.leases'

option 'resolvfile' '/tmp/resolv.conf.auto'

config 'dhcp' 'lan'

option 'interface' 'lan'

option 'start' '100'

option 'limit' '150'

option 'leasetime' '12h'

option 'ignore' '0'

list 'dhcp_option' '3,172.16.42.1'

list 'dhcp_option' '3,172.16.42.1'

list 'dhcp_option' '6,172.16.42.1'

list 'dhcp_option' '6,172.16.42.1'

Link to comment
Share on other sites

did you actually test this with your own pineapple or did you just use theory?

yes and it is working every time ...

if you managed nodogsplash WITHOUT internet connection - that would be something new - i found NO ONE (i googled a lot) who did the trick.....

As you can see here: https://forums.hak5.org/index.php?/topic/34663-nodogsplash/#entry257631 i did not said i managed nodogsplash to work with out internet connection. Actualy i said that none of the captive protal "managers" i used, worked with out internet connection. The above commands have nothing to do with nodogsplash. I dont even have it installed right now. I just placed a simple html file in the www folder and configured dnsmasq. Try searching the web for "dnsmasq captive portal" , "dnsmasq walled garden" "dnsmasq splash screen" Edited by KiatoGS
Link to comment
Share on other sites

Hi, yep, thanks, i will also give this a try (i will give your idea a try, no splasher but direct, but i assume, the browser will drop ssl connections and will not use default pages located in www when client forces ssl, because of hsts)

My other question - autostart pineap, dogma, beacon response, harvester - any idea how to do that - is there a script located somewhere which we simply can trigger (e.g. via dip switches)?

best, John

Edited by johnsteiner
Link to comment
Share on other sites

Hi, yep, thanks, i will also give this a try (i will give your idea a try, no splasher but direct, but i assume, the browser will drop ssl connections and will not use default pages located in www when client forces ssl, because of hsts

yes. this will not redirect https or hsts but i think neither will nodogsplash...

Link to comment
Share on other sites

you are right - but nodogsplash will appear whatever happens when joining the network - even if the user does nothing.

btw. i think i found a way to get nodogsplash working WITHOUT internet connection. The technique its totally crazy - i will do a few tests....

the main idea is this: somehow nodogsplash doesn´t care about standard gateway or dns in general. WHAT it cares about seems to be if dns responses point to 172.16.42.1 (he himself) or somewhere else on the internet (e.g. 1.2.3.4). SO the network of the pineapple has to say....hey...whatever dns request comes in...i will forward to 1.2.3.4. That is enough for nodogsplash to be happy. Now on the other hand, you want your clients to get dns replies pointing to 172.16.42.1. Hmmmm - how to do THAT? The secret is using dnsmasq and dns spoofing at the same time together in parallel. Dnsmasq has to be configured to forward anything you give him to 1.2.3.4 (or whatever you like on the internet). At the same time, dns spoofing has to be configured to 172.16.42.1, so the clients will be served by the pineapple. in parallel, the nat rules you gave me must be in place. That way - nodogsplash will slash - even when NOT connected to the internet

Link to comment
Share on other sites

you are right - but nodogsplash will appear whatever happens when joining the network - even if the user does nothing.

Are you referring to Android/iOS captive portal detection?

So let my get that straight :P

1) You are running dnsmasq with lets say "address=/#/8.8.8.8"

2) Then dnsspoof with "*" redirecting everything to 172.16.42.1

3) Then nodogsplash.

4) And finaly the iptables from the second post redirecting all port 80 and 53 traffic to 172.16.42.1

Am i correct?

Link to comment
Share on other sites

a) yes, Android/IOS captive portal detection.

b) correct. try that. bring everything on, wait about 5 mins, refresh your dns cache on client and browser cache, try it out. works for me. many times reproduced now. If it says bad gateway, give it some time, leave network and rejoin, try again. i don´t know by now why that behaviour occurs (maybe a performance thing or a race condition between dnsmasq and dnsspoof) but after about 5 mins it does the trick.

Edited by johnsteiner
Link to comment
Share on other sites

Hmmmm, that sounds very interesting. a very simplistic approach - i like that very much ;-)

It seems to work (IOS) at first (it opens the pseudo browser) but then says 502 bad gateway.

What is your landing page in /www ? I located an index.html and also a splash.html in /www but it seems the client is "looking" for something else.

Edited by johnsteiner
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...