NoDogSplash with no Internet and Autostart question

johnsteiner · February 17, 2015

Hi,

a) i noticed nodogsplash/evilportal is working very well WHEN the markv has a internet connection (via WLAN, 3G, LAN, does not matter). But nodogsplash is not splashing when you take the internet connection from the markv. Nodogsplash seems to start OK and the EP infusion shows that too but it simply don´t splashes when a client connects. When the internet comes back, it works again. Any ideas how to tell nodogsplash to even splash when there is no internet connection?

b) How to tell the markv to autostart all the pineap services, not just karma only?

Best regards

JS

johnsteiner · February 17, 2015

Note: I already saw this one here https://forums.hak5.org/index.php?/topic/34663-nodogsplash/?hl=nodogsplash but there was no answer, just to use evil portal. well, with evil portal the result is the same. Any ideas?

NullNull · February 17, 2015

hey johnsteiner, if you want just to serve a splash page ssh into your pineapple and try this:

/etc/init.d/dnsmasq stop
cp /var/etc/dnsmasq.conf /tmp/dnsmasq.conf
sed -i '/address=/a address=/#/172.16.42.1' /tmp/dnsmasq.conf
/usr/sbin/dnsmasq -C /tmp/dnsmasq.conf
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1
iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination 172.16.42.1
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1

This will make dnsmasq to resolve all domains to your pineapple's IP (172.16.42.1) if not cached from your browser and redirect all port 80 and port 53 traffic to it.

To undo

/etc/init.d/dnsmasq restart
rm /tmp/dnsmasq.conf
iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1
iptables -t nat -D PREROUTING -p tcp --dport 53 -j DNAT --to-destination 172.16.42.1
iptables -t nat -D PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1

Note that every time you restart dnsmasq (/etc/init.d/dnsmasq restart) the dnsmasq.conf file at /var/etc/ gets re-written. Edited February 17, 2015 by KiatoGS

johnsteiner · February 17, 2015

Hi, did all this, still nodogsplash will not "splash" when there is no internet. take a look:

root@Pineapple:/etc# cat /tmp/dnsmasq.conf

# auto-generated config file from /etc/config/dhcp

conf-file=/etc/dnsmasq.conf

dhcp-authoritative

domain-needed

localise-queries

read-ethers

bogus-priv

expand-hosts

domain=lan

server=/lan/

dhcp-leasefile=/tmp/dhcp.leases

resolv-file=/tmp/resolv.conf.auto

addn-hosts=/tmp/hosts

stop-dns-rebind

rebind-localhost-ok

dhcp-range=lan,172.16.42.100,172.16.42.249,255.255.255.0,12h

dhcp-option=lan,3,172.16.42.1

dhcp-option=lan,6,172.16.42.1

address=/Pineapple.lan/172.16.42.1

address=/#/172.16.42.1

ptr-record=1.42.16.172.in-addr.arpa,Pineapple.lan

root@Pineapple:/etc# /usr/sbin/dnsmasq -C /tmp/dnsmasq.conf

root@Pineapple:/etc# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1

root@Pineapple:/etc# iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination 172.16.42.1

root@Pineapple:/etc# iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1

root@Pineapple:/etc# nodogsplash -f

[5][Wed Jan 1 02:02:30 2014][23162](gateway.c:380) Reading and validating configuration file /etc/nodogsplash/nodogsplash.conf

[5][Wed Jan 1 02:02:30 2014][23162](gateway.c:388) Initializing signal handlers

[5][Wed Jan 1 02:02:30 2014][23162](gateway.c:244) Detected gateway br-lan at 172.16.42.1

[5][Wed Jan 1 02:02:30 2014][23162](gateway.c:252) Created web server on 172.16.42.1:2050

[5][Wed Jan 1 02:02:31 2014][23162](gateway.c:278) Initializing firewall rules

[5][Wed Jan 1 02:02:32 2014][23162](gateway.c:305) Waiting for connections

nothing - no connections ;-(

johnsteiner · February 17, 2015

i only get connections when my client tries to access 1.2.3.4 or a direct ip address. but with dns names no luck.

NullNull · February 17, 2015

No need to run nodogspalsh with all that. reboot your pineapple and try it again.

Also before testing it clear you browsers cache.

Edited February 17, 2015 by KiatoGS

johnsteiner · February 17, 2015

Did all this - multiple times - every time i reconnect and the splash should open i only get a "502 bad gateway".

johnsteiner · February 17, 2015

i think it has to do with the standard gateway. if connected to internet, a standard gateway is in place and working. if not, there is not. i tried using standardgateways of NONE, 172.16.42.1 - all with no luck.

NullNull · February 17, 2015

can you post the "cat /etc/dhcp" output?

EDIT: just saw your dnsmasq.conf, no opendns server there. :/

Edited February 17, 2015 by KiatoGS

johnsteiner · February 17, 2015

hu? there is no /etc/dhcp

what do you mean by my dnsmasq.conf - what is missing? the dnsmasq works. from within ssh i could ping asldfgksdf.sdfgsdfg and it resolves 172.16.42.1 quite ok.

johnsteiner · February 17, 2015

aah /etc/config/dhcp

config 'dnsmasq'

option 'domainneeded' '1'

option 'boguspriv' '1'

option 'filterwin2k' '0'

option 'localise_queries' '1'

option 'rebind_protection' '1'

option 'rebind_localhost' '1'

option 'local' '/lan/'

option 'domain' 'lan'

option 'expandhosts' '1'

option 'nonegcache' '0'

option 'authoritative' '1'

option 'readethers' '1'

option 'leasefile' '/tmp/dhcp.leases'

option 'resolvfile' '/tmp/resolv.conf.auto'

config 'dhcp' 'lan'

option 'interface' 'lan'

option 'start' '100'

option 'limit' '150'

option 'leasetime' '12h'

option 'ignore' '0'

list 'dhcp_option' '3,172.16.42.1'

list 'dhcp_option' '6,172.16.42.1'

NullNull · February 17, 2015

hu? there is no /etc/dhcp

Sorry for that..

You get the same 502 error on all your browsers and clients?

johnsteiner · February 17, 2015

yep. only when i direct access an ip like http://1.2.3.4 the splash opens at once.

NullNull · February 17, 2015

i run out of ideas.....

johnsteiner · February 17, 2015

yeah me too ;-) but one question: did you actually test this with your own pineapple or did you just use theory? because if you managed nodogsplash WITHOUT internet connection - that would be something new - i found NO ONE (i googled a lot) who did the trick.....

NullNull · February 18, 2015

did you actually test this with your own pineapple or did you just use theory?

yes and it is working every time ...

if you managed nodogsplash WITHOUT internet connection - that would be something new - i found NO ONE (i googled a lot) who did the trick.....

As you can see here: https://forums.hak5.org/index.php?/topic/34663-nodogsplash/#entry257631 i did not said i managed nodogsplash to work with out internet connection. Actualy i said that none of the captive protal "managers" i used, worked with out internet connection. The above commands have nothing to do with nodogsplash. I dont even have it installed right now. I just placed a simple html file in the www folder and configured dnsmasq. Try searching the web for "dnsmasq captive portal" , "dnsmasq walled garden" "dnsmasq splash screen" Edited February 18, 2015 by KiatoGS

johnsteiner · February 18, 2015

Hi, yep, thanks, i will also give this a try (i will give your idea a try, no splasher but direct, but i assume, the browser will drop ssl connections and will not use default pages located in www when client forces ssl, because of hsts)

My other question - autostart pineap, dogma, beacon response, harvester - any idea how to do that - is there a script located somewhere which we simply can trigger (e.g. via dip switches)?

best, John

Edited February 18, 2015 by johnsteiner

NullNull · February 18, 2015

Hi, yep, thanks, i will also give this a try (i will give your idea a try, no splasher but direct, but i assume, the browser will drop ssl connections and will not use default pages located in www when client forces ssl, because of hsts

yes. this will not redirect https or hsts but i think neither will nodogsplash...

johnsteiner · February 18, 2015

you are right - but nodogsplash will appear whatever happens when joining the network - even if the user does nothing.

btw. i think i found a way to get nodogsplash working WITHOUT internet connection. The technique its totally crazy - i will do a few tests....

the main idea is this: somehow nodogsplash doesn´t care about standard gateway or dns in general. WHAT it cares about seems to be if dns responses point to 172.16.42.1 (he himself) or somewhere else on the internet (e.g. 1.2.3.4). SO the network of the pineapple has to say....hey...whatever dns request comes in...i will forward to 1.2.3.4. That is enough for nodogsplash to be happy. Now on the other hand, you want your clients to get dns replies pointing to 172.16.42.1. Hmmmm - how to do THAT? The secret is using dnsmasq and dns spoofing at the same time together in parallel. Dnsmasq has to be configured to forward anything you give him to 1.2.3.4 (or whatever you like on the internet). At the same time, dns spoofing has to be configured to 172.16.42.1, so the clients will be served by the pineapple. in parallel, the nat rules you gave me must be in place. That way - nodogsplash will slash - even when NOT connected to the internet

johnsteiner · February 18, 2015

OK i did a few tests - it totally works - as crazy as this "construct" is - yay ;-)

NullNull · February 18, 2015

you are right - but nodogsplash will appear whatever happens when joining the network - even if the user does nothing.

Are you referring to Android/iOS captive portal detection?

So let my get that straight :P

1) You are running dnsmasq with lets say "address=/#/8.8.8.8"

2) Then dnsspoof with "*" redirecting everything to 172.16.42.1

3) Then nodogsplash.

4) And finaly the iptables from the second post redirecting all port 80 and 53 traffic to 172.16.42.1

Am i correct?

johnsteiner · February 18, 2015

a) yes, Android/IOS captive portal detection.

b) correct. try that. bring everything on, wait about 5 mins, refresh your dns cache on client and browser cache, try it out. works for me. many times reproduced now. If it says bad gateway, give it some time, leave network and rejoin, try again. i don´t know by now why that behaviour occurs (maybe a performance thing or a race condition between dnsmasq and dnsspoof) but after about 5 mins it does the trick.

Edited February 18, 2015 by johnsteiner

NullNull · February 18, 2015

i'm glad you figured it out ;) next days i will have some free time, i will test it and post the results :)

Edited February 18, 2015 by KiatoGS

johnsteiner · February 18, 2015

OK, great, please let me know if it worked.

johnsteiner · February 20, 2015

Hmmmm, that sounds very interesting. a very simplistic approach - i like that very much ;-)

It seems to work (IOS) at first (it opens the pseudo browser) but then says 502 bad gateway.

What is your landing page in /www ? I located an index.html and also a splash.html in /www but it seems the client is "looking" for something else.

Edited February 21, 2015 by johnsteiner

Sign In

NoDogSplash with no Internet and Autostart question

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members