[Official] EvilPortal

[PineapplePrince]

Hey all,

I'm not sure if this is the right place to post or not. I just got my Pineapple tetra yesterday and I've been messing around with Evil Portal and Portal Auth. I can clone a site and get everything working in Evil Portal so far. My issue is that it doesn't redirect to the portal. You can connect to the pineapple but say for example I cloned gmail.com. If I enter gmail.com I won't go to the fake gmail, it will go to the real gmail unless I enter the IP of my pineapple. Is there a way to get it to redirect?

If this is the wrong area I can remove this post.

[newbi3]

Evil Portal 3.1 has been released!

Change Log

• Added ability to write and view logs on a per-portal basis
• Created method writeLog($message) that writes to the portal log file
• Created method notify($message) that sends a notification to the web ui
• Added ability to download files
• Tab button in file editor will now insert four spaces
• Revamped the file editor modal
• Showing file sizes in the portal workbench
• Various quality of life improvements

[LuckyFish]

I am using Nano

please help me I want each user of the PinaAP module to receive a portal authentication page.

However, the authentication page will not be automatically popped up after connecting to the AP!

[LuckyFish]

Hello, newbi3! I have a problem, after I opened EvilPortal, the phone could not open the portal automatically after connecting to WIFI.

[theUNK0WN]

@LuckyFish Did you have an "active" portal and Evil portal enabled? Works just fine for me.

[b0N3z]

Redirect with dns

[whazzup]

Hi newbi3,

Thanks for creating the evil portal plugin. With the Tetra + latest firmware (2.2.0) i've found the plugin to be unreliable and i've spent the entire day to find solutions to the following issues. But to no avail. Since you're still actively developing, i hope you can help me and other people out that are willing to use the evil portal:

1: Clicking the "authorize" button on a standard and targeted framework does nothing. It is unclear what it should do.

2: Do i have to call onSuccess() myself from the handleAuthorization() method? Why isn't that implemented (and commented out) by default? There is really nothing describing how the plugin works, what the default workflow is and what i should do.

3: Once every 5 to 10 join attempts on the wifi network (after "forgetting" it on my iPhone) the captive portal will show up. Most of the time it wont. Some other times it only shows up if i browse to insecure sites, but not as a captive portal dialog. Even after i've been authorized (and in the authorized list), the portal pops up on every site i visit.

4: It's weird that i've seen a dozen videos describing how to handle a username / password combination example, but that is not a default. This is what everyone is doing with the plugin. So why not have this implemented by default anyway?

Regards,

Whuzzap

[Ramez]

I keep having an issue where when I use any of kbeflo's Evil Portals from Github, I click on 'log In' or 'submit' or whatever the confirmation button might be. The browser (I have tried both IE and Firefox) prompts me to open or save an index.json file. I have even tried other portals found across the forum but all of them keep resulting in that index.json file! Anyone know the solution to this? Am I missing something?

[b0N3z]

@whazzupNewbi3 only makes the module.  It is up to you to make your portal and have it do what you need it to do.  @Ramez kbeflos portals are older and not updated to the new version of EP.  That is something either he will have to do or you can modify it yourself to get it working.

[LuckyFish]

On 2018/7/29 at AM9点38分, _0NiTy said:

@LuckyFish  您是否启用了“活动”门户并启用了Evil门户？对我来说工作得很好。

@b0N3z     I've updated it to the latest version of 2.2.0 nano,evilportal is also the latest and the correct operation and opening of this plugin, but often does not work!

 

Thank you for answering my question.

 

[LuckyFish]

On 2018/7/29 at AM9点38分, _0NiTy said:

@LuckyFish  您是否启用了“活动”门户并启用了Evil门户？对我来说工作得很好。

@_0NiTy  I've updated it to the latest version of 2.2.0 nano,evilportal is also the latest and the correct operation and opening of this plugin, but often does not work!

 

Thank you for answering my question.

[b0N3z]

1 hour ago, LuckyFish said:

@b0N3z     I've updated it to the latest version of 2.2.0 nano,evilportal is also the latest and the correct operation and opening of this plugin, but often does not work!

 

Thank you for answering my question.

 

works just fine for me,  Do you have a portal in the workbench and is it enabled?

[whazzup]

16 hours ago, b0N3z said:

It is up to you to make your portal and have it do what you need it to do. 

I know that, and have made a very nice page etc. Nice form, saves data, looks legit. Yet that doesn't explain how i can make sure the captive portal pops up when selecting the wifi. Or how to get rid of the captive portal page if the authorization is clicked? This should not be magic: there is a way how that stuff works but that isn't explained anywhere. Should the PHP redirect on_succes? And when is that triggered? Should i return true? There is really little more to do than to reverse engineer the code and even then...

Any pointer to real live examples or documentation is appreciated. Now i'm reading through the code, which isn't that hard, but i would hate that every user of this plugin would have to start from scratch discovering the same stuff that has been posted here since 2016.

I do like the effort that is being put into this plugin, the more usable it is, the better ?

[whazzup]

I also have difficulty with caching. Once i've redirected the user to the target url, the captive portal page keeps showing up. After a certain amount of time hitting the refresh button on the page does let me show the right page.

And yes, i've added various headers in the meta and the headers that should prevent this.

Examples:

header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

https://stackoverflow.com/questions/13640109/how-to-prevent-browser-cache-for-php-site

[whazzup]

Here is some information on how the captive portal page works on iOS devices:

https://socifi-doc.atlassian.net/wiki/spaces/SC/pages/27689029/The+Splash+Page+is+not+triggered+when+iOS+devices+connect+to+WiFi

 

[Ramez]

Does anyone else have an issue with the redirect? Once I enter in the details and click submit through the cloned landing page, it fails to redirect me to the initial requested website. Everything else works fine.

[newbi3]

On 7/31/2018 at 12:34 PM, whazzup said:

Hi newbi3,

Thanks for creating the evil portal plugin. With the Tetra + latest firmware (2.2.0) i've found the plugin to be unreliable and i've spent the entire day to find solutions to the following issues. But to no avail. Since you're still actively developing, i hope you can help me and other people out that are willing to use the evil portal:

1: Clicking the "authorize" button on a standard and targeted framework does nothing. It is unclear what it should do.

2: Do i have to call onSuccess() myself from the handleAuthorization() method? Why isn't that implemented (and commented out) by default? There is really nothing describing how the plugin works, what the default workflow is and what i should do.

3: Once every 5 to 10 join attempts on the wifi network (after "forgetting" it on my iPhone) the captive portal will show up. Most of the time it wont. Some other times it only shows up if i browse to insecure sites, but not as a captive portal dialog. Even after i've been authorized (and in the authorized list), the portal pops up on every site i visit.

4: It's weird that i've seen a dozen videos describing how to handle a username / password combination example, but that is not a default. This is what everyone is doing with the plugin. So why not have this implemented by default anyway?

Regards,

Whuzzap

Hello @whazzup,

I've started working on typing up official documentation for Evil Portal that will go over everything from simple usage to implementation but its an on going effort and if I'm being honest typing up docs is my least favorite activity on earth. With that being said, I'm also planning on creating a video series that will go over the same material (I'll probably do it in parallel with writing the docs) but this will have to wait until after defcon.

Quote

1: Clicking the "authorize" button on a standard and targeted framework does nothing. It is unclear what it should do.

When clicking the authorize button the form on the page is submitted to /captiveportal/index.php (which is the file under EvilPortal/includes/api/index.php) which then will instantiate your portals MyPortal object and call the handleAuthorization method (see EvilPortal/includes/api/API.php).

Quote

Do i have to call onSuccess() myself from the handleAuthorization() method? Why isn't that implemented (and commented out) by default? There is really nothing describing how the plugin works, what the default workflow is and what i should do.

onSuccess is being called in the parents handleAuthorization method so you do not need to call it again assuming you're supering it (see EvilPortal/includes/api/Portal.php for default implementations)

Quote

Once every 5 to 10 join attempts on the wifi network (after "forgetting" it on my iPhone) the captive portal will show up. Most of the time it wont

Make sure you are also removing the client from the white list in the Evil Portal module if you don't do this then EvilPortal will see that the client has already been authorized and wont show them the captive portal. You might be getting assigned a new IP 1 out of 5-10 times when you reconnect which is why you see it open up then.

Quote

Some other times it only shows up if i browse to insecure sites, but not as a captive portal dialog

This is a known issue and I'm waiting on a firmware feature that should allow me to fix this easily.

Quote

Even after i've been authorized (and in the authorized list), the portal pops up on every site i visit.

Try doing a hard refresh of the page by holding F5 when clicking the refresh button or manually clearing your browsers cache. I can probably set a header that says to not cache the page.

Quote

It's weird that i've seen a dozen videos describing how to handle a username / password combination example, but that is not a default. This is what everyone is doing with the plugin. So why not have this implemented by default anyway?

I don't feel comfortable providing a username/password input form right out of the box legally. If someone needs to do that for a legitimate reason I think its reasonable to assume that they know how to write html and add inputs to a form.

 

Hope this clears things up for you. Let me know if you have any other issues or want clarification on what I've said.

[Bigbiz]

Thanks for the documentation this explains alot

[Charlie86]

Hi,

I am new to Pineapple Nano world. Just got my few days ago.
I am having problems with EvilPortal. I successfully uploaded it to Nano and also activate it and start it, so I can view it from preview tab. Also cleared White list and Authorized Clients.

I Networking I unchecked "hide open SSID".

If I try to connect to open network with my phone I can access network directly without visiting EvilPortal page. What I am missing here?

[DchiFly]

I'm having a weird issue, the captive portal pops up and displays properly, however the signin window automatically closes after a few seconds (4 - 6 sec), regardless of any input or pressing submit, this is a problem as it leaves little time for the average user to type in their creds, let alone a chance to read the page before deciding to give it the info. 

I'm working on page to test the users ability to read and discern portals before submitting info, so i need the portal signin popup to stay up until it is submitted or cancelled. 

I am able to type in an email and password (if i am fast) and submit the form. It does log properly in the portal name.txt file. so everything is working. 

i am using kbeflo's evil portals, i tested the google & starbucks templates and both have this issue. 

I was thinking there might be a timeout coded but i couldn't find where. 

Any tips on how to fix this? 

[w1cked5mile]

Hopefully this is correct place to ask...

I've configured a cloned portal (portal auth) and I'm getting consistent results from the submitted forms but after the form is submitted I'm redirected to a page that says "You have not been authorized."  Is this normal or is there another website that needs to be configured for the landing page?  I can browse the Internet through the shared connection and I'm able to collect the data entered.  I'd just like to give them a little warmer, fuzzier feeling that everything is OK and they can browse the Internet.

Thanks.

[nrohsakul]

I've got myself a nice little Portal together now. Just have one problem left:

After my iPhone connects to the evil portal, it correctly shows the apple captive portal. But after successful authorization the page just reloads and does not close automatically. This looks quite suspicious, even though I can close the window and am connected to the evil portal afterwards. Is there any way to fix this behaviour ? 

[bakedmuffinman]

wondering what im doing wrong. I had evil portals running previously with evil portal templates working.  Now after a clean reload of FW 2.4.2 and evil portal module 3.1 when ever I load a captive portal none of the images load.

 

the index.php appears to be showing the correct path src="assets/img/dtnk16mcjo.png">

the image files are there. both installed on SD card.  none of the supplied portals are loading images.

[Hackituria]

Hi,

I have a problem with the Start on Boot option, as I asked in this post.  When I active this option and reboot the device, I only can see a white captive page. This is because the Landing Page option is enabled, but if i disable it, it is enabled again when I reboot the device.

How can I fix it?

Thx!

[Jair]

HI,

I have a problem with EP on my nano.

After reset it by press reset button 10 seconds, I got clean 2.4.2 FW. 

Then I only installed EvilPortal modules on internal system and Create a new Basic portal.

Activate that poral and start EP.

No matter how I restart open SSID ap, I can only connect to open ssid without popup any windows. The network connection is good. Seems EP can not redirect my portal request.

I can see redirect rule already in iptables.

DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.16.42.1:80

My Tetra is working fine.