Jump to content

Creating a Evil Xfinity Wi-Fi router.


Recommended Posts

I just was reading this article here http://www.networkworld.com/article/2365365/microsoft-subnet/evil-xfinity-wifi-access-point-poc-xfinity-pineapple-for-fun-profit-comcast-chaos.html and that got me thinking. I just bought a cheap $20 router on Amazon to have a little fun with it. Here is that link to the router I got http://www.amazon.com/TP-LINK-TL-WR841N-Wireless-Router-300Mpbs/dp/B001FWYGJS/ref=sr_1_1?s=pc&ie=UTF8&qid=1436891655&sr=1-1&keywords=wifi+router . I would like to use that router to broadcast the xfinity wifi login page and have people connect to it and save the passwords and user names to a log file in the router.

Link to comment
Share on other sites

I have not looked at the traffic, my phone auto associate with xfinity routers and I don't need to enter login creds...

I would think there is some kind cookie sent to xfininty.com (or some domain)... I would also assume there not sending plain text over wifi?

Im not a fan of the fishing stuff... it can work but... I would weather stay transparent, logg all the cookies, reuse cookies, inject meterpreter... fun stuff

This cookie I'm sure could be reusable,

Link to comment
Share on other sites

How should I start off this project?

For you to be able to do something like this your best bet would be to buy a router that can have OpenWRT installed on it much like the wifi pineapple using the wifi pineapple would be a lot easier since it has just about everything you need.

If you wanted to do this on your own you'd need a router that can run OpenWRT you'd need to setup a web server on that router and a bunch of other things the long run having a wifi pineapple would be better off for you the captive portal infusion would allow you to setup a fake comcast login using that evil xfinity page once users try to visit a website they will be redirected to the evil xfinity page if they have comcast or xfinity account and they submit the information it will save it on the wifi pineapple.

I have a copy of that evil xfinity since the maker of the script pulled it from github or it was removed from github for tos violation im not honestly sure if it still works or not i had no luck getting it to save the logins maybe i forgot to make the txt file writable when i did it.

Link to comment
Share on other sites

learning how to do this manually will be a fun learning experience.. i think the process is identical on both the pineapple and a linux computer...

i can think of 2 ways to do this, depending on the hardware you have available. a wifi card that supports master mode would allow you to perform karma like attacks...

if you dont have a card that supports master mode, its still simple...

airbase-ng wlan1 -e xfinity -c 11

now some iptables to direct the traffic and dnsmasq to passout valid ip's, you can find examples online or around the forum... i have posted some example start up scripts of this kind of attack using a kali/raspberry pi...

now for the fake login script, i would use set-tool kit, i believe there is a option to clone a website and that will be your template... simply add a few lines of php to write login creds to a file...

make your self a kali bootable usb stick ,-) search the forums for airbase-ng and follow some instructions and most impotently try to understand what each command does...

Link to comment
Share on other sites

http://www.matthewhknight.com/xfinity-pineapple/ i haven't had much luck with this script to be honest for some reason its not saving the username and password of the input fields into the auth.log so im not sure whats up but you can give it a try.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...