Jump to content
sud0nick

[Official] Portal Auth

Recommended Posts

There are help files throughout the module that explain how to use each part. Overall, the module is used to clone captive portals to display in Evil Portal. It can also inject code from Injection Sets to do nefarious things such as capturing credentials or delivering payloads.

Share this post


Link to post
Share on other sites

Sud0nick, i keep getting an error when trying to clone a portal. it will clone into /sd just fine (but) won't into root/portals. the error is

cannot create long filename

log.phphashUMjBvJEMznoh37FbK5Iesku72BXQnvzZOu0eHEw5Q9EG7eMjw6VzKVz3mBi5aXB4vt4uv1wxOq6NqDfTZLlvO2RGUqfl2UFrR6ZHtwTTq1e5dx82FlvZXZzq56keXL3syqZ2BEXWsJLrsU3w7Lt6x6IbvtGNOoqNWH1ebS4Q52BF4x0F9j2wLlaGp2ByiDj6AE0VzwRGx4zwXUZHucLcY7g7W2BUxeVi5ztfYkGj5ZqlRBIznf2B

it will create in /sd/portals but can't move it to my root portal dir as that is my working dir. also the successfully cloned portal only shows a blank screen. looking at the page source it seems to insert the same file and hash as the img src as such.

<img alt="not important image used for logging" src="resources/log.phphashUMjBvJEMznoh37FbK5Iesku72BXQnvzZOu0eHEw5Q9EFvOeFRtKUvLD1kiJHAS0kXl4OloSRyKVpOiO8Ix4Nl2F2FKWISOWHTMqry83Q1ttEpq2BrWBH7lmhxNfNs0tcfmy2F6ZJDLo16NF10c0Pq1WV0RXoDpNwbka5rzhoz8bB8XUSgDAPkQ22B2GprKVPGpsw2FyCK9Dh2BSFltXPEl2FPBSp82FthZSulpLS2FFH66qVpV3f" style="border:0"/>

also

<a class="_active" href="start.php?set_language=en&hash=VjvCi4HYZMYSbBLldZD%2FfGOq6YKgOIRGg%2Fuc11cn%2Bys0CYhCW1u1WkA426%2Fy6UZOKApn%2Fj1OQY5CEZIjKWb%2F4ODiitKkI7p3UnRq5ziLA8AlvgfdHiYChuACl0k7hE6KOR8vN%2FGkJ9L%2BZM8Wn4AG%2B0nnw1Y%2B9HJwEk%2F%2BR1RpZSaqbGK98lg2NSEyXKM3O7I%2FleAoqE8JBdY2pFWgpXwq1g%3D%3D">

from all this there is no useful portal cloned. I have tried cloning with all available options checked and unchecked with the same results. i'm using the nano for all this. any idea what may be going wrong?

Thanks,

Share this post


Link to post
Share on other sites

Hey _OuTLaW_, I've come across this before and I haven't found a way to fix it yet (I'm not sure if there is a way). What's happening is the site you are trying to clone seems to load images dynamically from a PHP script. The developer of the site could be doing this for many different reasons to include making it harder for someone to clone the site. Have a look at this post on SO on this subject. Essentially, the src attribute of the img tag points to the script that will load the image, passes a hash via GET that identifies that particular image, and the script returns the binary data of that image so it can be displayed. This means the image is coming from a directory that my portal cloning script can't determine and therefore it isn't downloaded. Since it uses the src attribute to get images it keeps the original value in there which is, in this case the PHP script, and of course that can't be downloaded over the web either since PHP is a server-side language. Unfortunately, the only thing I think you can do is clone the site then manually download those images and set the references yourself. It's a little more work but at least you still get the other benefits of Portal Auth.

Share this post


Link to post
Share on other sites

Sud0nick,

yea I ended up going back through and doing just that to get it to work, manually changing it all back to get things working. I just wasn't sure if there was a way to fix that, or even download the image and re-name to a image file when encountered.

Other than that, works great.

Thanks,

Share this post


Link to post
Share on other sites

v1.1 is now available on the Module Manager.  The only change made is an added API for C# to incorporate authentication with the Payloader injection set in payloads.  I'll be putting together a video soon that will show this feature along with the modules CursedScreech, Papers, and Evil Portal.

  • Upvote 1

Share this post


Link to post
Share on other sites

great tutorial video, really helped me understand how the modules can all work together!
thank you sud0nick!

 

Edited by Just_a_User

Share this post


Link to post
Share on other sites

@sud0nick

I recently upgraded my nano firmware and my nano can no longer clone sites using portalauth. Have tried reinstall etc but cant figure it out. any chance you could take a look at the logs below and see if you have a suggestion?

Traceback (most recent call last): File "/pineapple/modules/PortalAuth/includes/scripts/portalclone.py", line 42, in cloner.injectJS() File "/sd/modules/PortalAuth/includes/scripts/PortalCloner.py", line 262, in injectJS self.soup.head.append(injectJS.read()) AttributeError: 'NoneType' object has no attribute 'append'

Traceback (most recent call last): File "/pineapple/modules/PortalAuth/includes/scripts/portalclone.py", line 45, in cloner.injectCSS() File "/sd/modules/PortalAuth/includes/scripts/PortalCloner.py", line 269, in injectCSS self.soup.head.append(injectCSS.read()) AttributeError: 'NoneType' object has no attribute 'append'

Traceback (most recent call last): File "/pineapple/modules/PortalAuth/includes/scripts/portalclone.py", line 48, in cloner.injectHTML() File "/sd/modules/PortalAuth/includes/scripts/PortalCloner.py", line 276, in injectHTML self.soup.body.append(injectHTML.read()) AttributeError: 'NoneType' object has no attribute 'append'

Extra detail: -

If i disable all 3 injects before cloning i get a successful clone. I backed up my previous clones and there all still working in evilportal as expected. Also portalauth cloning on my tetra seems fine at the moment. So just nano and just new 1.1.0 firmware i think.

Great work and love what you have done so far, thank you

Share this post


Link to post
Share on other sites

Thanks for the detailed post.  I'm looking into the issue now and will hopefully have it resolved soon.

 

@Just_a_User I've updated the firmware on my Nano to the latest version and successfully cloned a portal.  Could you provide more details as to what you are doing when you get the errors?  Maybe some screenshots would help.  How I interpret the errors you received is that the HTML was not being cloned therefore the object that represents it in the code was null and of course you can't append anything to a null object.  It seems strange that you would be able to clone it without an injection set but not with one.  It could also be a problem with the website's code and it's not being parsed properly which results in a NoneType for the head and body of the document.  This would make sense as to why you can't clone with injection sets but you can without because the only place in the code where the calls from your errors are made are in the injection methods.  Look at the HTML for the site you're trying to clone and see if it has properly defined <body> and <head> tags.

Edited by sud0nick
Update
  • Upvote 1

Share this post


Link to post
Share on other sites

@sud0nick

Thank you for the reply, it explains a lot to me. After reading it I figured it must be my end. I went right for a firmware recovery flash using what i think is a new v1.1.1 factory recovery .bin. I only installed portalauth and evilportal and cloned sites I am familiar with successfully.

Don't know what it is, or rather was. Cant say for certain if it was linked to firmware update although it was using it just before and unable after.

Thank you for your quick response and investigation either way. If nothing else I learned something new about the process.

Edited by Just_a_User
typo

Share this post


Link to post
Share on other sites

As a suggestion - would it be possible to have a load Injects option in - Injection sets - manage injects.

I see them in /pineapple/modules/PortalAuth/includes/scripts/injects/ and can sftp etc but might make a nice addition to the PortalAuth interface and compliments the existing  backup facility.

Share this post


Link to post
Share on other sites
7 minutes ago, Just_a_User said:

As a suggestion - would it be possible to have a load Injects option in - Injection sets - manage injects.

I see them in /pineapple/modules/PortalAuth/includes/scripts/injects/ and can sftp etc but might make a nice addition to the PortalAuth interface and compliments the existing  backup facility.

That feature was implemented in the MKV version of Portal Auth but the new Pineapple API doesn't have a built-in way to upload files.  I recently worked on a project where I had to upload files via AngularJS so I have experience with it now it's just a matter of finding the time to do it.

  • Upvote 2

Share this post


Link to post
Share on other sites

Version 1.2 has been submitted to is available on the module manager.

Change Log:

- Renamed NetCli tab to Payloads and added a payload manager
- Added functionality to import injection sets
- Updated UI
- Added backend method to clear downloads directory when PortalAuth is launched
- Changed Payloader injection set to easily point to payload files (see InjectPHP)

 

Edited by sud0nick
  • Upvote 2

Share this post


Link to post
Share on other sites

Sud0nick. I travelled to a place today with a CP and ran the module. It detected the portal and I tried clone with various payload options (Blank and Harvester). The portal was very basic but was a PHP page. It seemed to take a very long time to clone and then when it finished the harvester payload set said failed check logs - I looked at the logs on the GUI and they didnt show anything.

Both versions created /portals/portalname/resoruces but folders were empty. Is there anything else I can push up for troubleshooting?

Share this post


Link to post
Share on other sites

Thanks for the info.  Sometimes connections timeout but there could be a number of reasons why this particular portal didn't clone.  If you want you can try cloning it from the command line by running the portalclone.py script in /pineapple/modules/PortalAuth/includes/scripts/.  If it throws an error it should help pinpoint the problem although that error should have ended up in an error log.  Here is an example of how to run the script:

python portalclone.py --portalName "MyPortal" --portalArchive "/root/portals/" --url "http://www.website.url" --injectSet "Blank"

You must put a trailing slash on the portalArchive and you must specify an injection set even if you don't supply any of the parameters to use it.  Here's the full list of parameters if you want to add more.  For this test you really only need those listed above.

--portalName:		The name of the cloned portal, required=True
--portalArchive:	The directory in which to store the portal, required=True
--url:			The URL of a site to clone.  If a captive portal exists it will be cloned instead, required=True
--injectSet:		The name of an injection set to use, required=True
--injectjs:		Inject JavaScript from injectSet into the cloned portal, required=False
--injectcss:		Inject CSS from injectSet into the cloned portal, required=False
--injecthtml:		Inject HTML from injectSet into the cloned portal, required=False
--injectphp:		Inject PHP from injectSet into the cloned portal, required=False
--stripjs:		Strip inline JavaScript from the cloned portal, required=False
--stripcss:		Strip inline CSS from the cloned portal, required=False
--striplinks:		Strip links from the cloned portal, required=False
--stripforms:		Strip form elements from the cloned portal, required=False

 

  • Upvote 1

Share this post


Link to post
Share on other sites

You should be able to.  If I get the time I'll run some tests to make sure the script can handle links that use GET requests.  Also, I hope you're doing this for research and not to steal from unsuspecting users at the coffee shop.

Share this post


Link to post
Share on other sites

absolutely research, I just didn't want to goto the effort of setting up my own captive portal to test with! Ive got no interest in stealing some random users creds

Share this post


Link to post
Share on other sites

Like I said, some sites just don't clone.  My guess is it's an issue with the GET request in the URL.  I'll need to test it to figure out the problem and find a solution.  When I get the time I'll work on it.

Share this post


Link to post
Share on other sites
9 hours ago, dubberrucky said:

Im not even getting the folders created when running it from bash...script completes without error though.

I tried cloning the site you posted and I actually got an error in my logs.

Traceback (most recent call last): File "/pineapple/modules/PortalAuth/includes/scripts/portalclone.py", line 42, in cloner.injectJS() File "/pineapple/modules/PortalAuth/includes/scripts/PortalCloner.py", line 262, in injectJS self.soup.head.append(injectJS.read()) AttributeError: 'NoneType' object has no attribute 'append'

I've seen this error before and essentially it means the HTML of the website isn't being parsed properly.  The script is trying to append the data in InjectJS to the <head> portion of the website and it can't because the object representing the website code is null.  I can't promise I'll find a fix soon but at least I have something to work with.

Update

I was able to clone the site from the command line using the following command:

python portalclone.py --portalName PortalTest --url http://sabwifi.uk/mf/view.php?id=15065 --injectSet Blank --portalArchive /root/portals/ --injectjs

It worked perfectly which made me question why it wasn't working from the GUI.  I went back to test it again and noticed an important piece of the URL missing, the ID.  The way the options are parsed when stored and loaded in the module caused the = in the URL to get cut off resulting in

http://sabwifi.uk/mf/view.php?id

instead of

http://sabwifi.uk/mf/view.php?id=15065

This still doesn't explain why you weren't able to clone the portal while visiting the site unless if you explicitly specified this URL.  If you used the default (which leads to the test page on my website) then it should have automatically pulled the page in, with the ID, if it were functioning as a captive portal.

Update 2

I've fixed the problem with the parser when loading configs to allow URLs with GET requests in them.  I'll wait to push an update for a day or two because there are other things I can roll into it.  Let me know if the command I posted above works for you to clone the site.  If not we can troubleshoot further.

Update 3

Got impatient, pushed update.

I tested it with the site you provided from the GUI and it cloned flawlessly.  I even tested it in Evil Portal and it looked good.  You shouldn't have any more problems with it.  @dubberrucky Thanks for providing feedback, otherwise I probably wouldn't have found this issue for a long time.  Considering this has been a bug since I implemented a config file I'm surprised it wasn't found sooner.

Edited by sud0nick
Update
  • Upvote 1

Share this post


Link to post
Share on other sites
22 hours ago, sud0nick said:

Update 3

Got impatient, pushed update.

I tested it with the site you provided from the GUI and it cloned flawlessly.  I even tested it in Evil Portal and it looked good.  You shouldn't have any more problems with it.  @dubberrucky Thanks for providing feedback, otherwise I probably wouldn't have found this issue for a long time.  Considering this has been a bug since I implemented a config file I'm surprised it wasn't found sooner.

Sud0nick, Thanks very much, your commitment to this module is admirable, rapid responses! I havent had a chance to test it out again yet but I was initially using all default values through the GUI and then also using the URL with the ID tag appended during the cmdline stuff. Ill update the module, give it another spin and if no luck ill try a fresh install of the module and go again. Thanks for the time and effort. 

Share this post


Link to post
Share on other sites

Hi Nick, I'm having a problem with the cloner, it fails every time with a similar error on various captive portals

 

Traceback (most recent call last): File "/pineapple/modules/PortalAuth/includes/scripts/portalclone.py", line 23, in cloner.fetchPage(args.url) File "/sd/modules/PortalAuth/includes/scripts/PortalCloner.py", line 109, in fetchPage response = self.follow_redirects(response, self.session) File "/sd/modules/PortalAuth/includes/scripts/PortalCloner.py", line 50, in follow_redirects r = self.follow_redirects(self.session.get(urlparse.urljoin(r.url, new_url)), s) File "/sd/modules/PortalAuth/includes/scripts/libs/requests/sessions.py", line 473, in get return self.request('GET', url, **kwargs) File "/sd/modules/PortalAuth/includes/scripts/libs/requests/sessions.py", line 461, in request resp = self.send(prep, **send_kwargs) File "/sd/modules/PortalAuth/includes/scripts/libs/requests/sessions.py", line 573, in send r = adapter.send(request, **kwargs) File "/sd/modules/PortalAuth/includes/scripts/libs/requests/adapters.py", line 415, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', gaierror(-2, 'Name or service not known'))

 

I'm very new to this and not sure I understand the error! (noob, i know). Looks like maybe a load of get requests aren't working, but I'm not sure how to fix it! Any tips?

 

Cheers

Share this post


Link to post
Share on other sites

It looks like at some point during the redirect process it's failing to find the site:

ConnectionError: ('Connection aborted.', gaierror(-2, 'Name or service not known'))

Do you have any more information about what you were trying to clone?  Is it publicly available so I can try it?

Share this post


Link to post
Share on other sites

Do you have a link to the portal?  I would like to test it to see where I can improve the cloner as I have not encountered this issue before.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...