Evil Portals

[mda1125]

Being new to Linux, I followed the directions to get Evil Portal 2.9 installed and then copied over the SBUX login.

Really nice work!  Directions were clear.  Seems to work on my Nano (no SD card) just fine in the Live Preview.  Very slick!

Now how do I get a Comcast one ported over?  hehe

Tried using this one I found...

https://github.com/MikeDawg/xfinity-pineapple

And while it does show up in the Portals area of Evil Portal (very cool) it doesn't active and it wasn't designed to use with this.  But it's cool.

Edited April 9, 2017 by mda1125

[b0N3z]

you would have to modify it for the Evil Portal and the file structure that EP uses

[mda1125]

It actually works!

It's just not obvious because when you click "Activate" it never looks like it works but when you do a Live Preview.. it's there.

I'm back to the Official 2.1 version.  I am thinking it would have worked with 2.9.. it just didn't look like it was going to work as I clicked "Activate" so I though it didn't.  In fact, the Live Preview shows the page I want.

Update:  While it works.. shows the mobile version of the page and does capture username/password.. no matter how many attempts you try, you never get past that page.  So it doesn't redirect you anywhere?

Edited April 9, 2017 by mda1125
Added an update

[b0N3z]

you have to allow the ip address that is connected to the pineapple to connect to the internet in the EP module. 

[kleo]

Update

Include cliqq-payload.

Internal IP, MAC, and hostname logging.

 

[Just_a_User]

Thank you kbeflo for your work. Its much appreciated.

[kleo]

Update

Included more info for using the cliqq-payload portal.

[Decoy]

On 1/24/2017 at 1:15 PM, mercredi said:

Hi!

Good job man! Do you know Wifiphiser? They have good template too. https://github.com/sophron/wifiphisher

Do you know how we can build a template like this for TETRA/NANO?

I think we can make an attack with wlan1 to deauth and force a client to connect on wlan0 with this portal

https://wifiphisher.org/ps/wifi_connect/

or

https://wifiphisher.org/ps/firmware-upgrade

I w'll try to make it. If you can give me a hand, you're welcome.

Has anyone actually done this for the Pineapple yet? This would be a great module.

[Lord_KamOS]

17 minutes ago, Decoy said:

Has anyone actually done this for the Pineapple yet? This would be a great module.

You dont really need a module for that. 

Just use evil portal and site survey.

 

[Decoy]

5 hours ago, Lord_KamOS said:

You dont really need a module for that. 

Just use evil portal and site survey.

 

True; however it would be nice to have the process automated.

[PoSHMagiC0de]

Has anyone thought of combining portal auth and evil portal with some of the abilities that SeToolkit, Fluxion, linset and all these others folks bring up.

I got my Nano not too long ago and been looking through the modules and researching and see some that seem to cover the same functions and could be combined.  What I have been doing lately is doing most of mitm stuff on my PC for the Nano only cause my php sucks (never latched to the language, nothing wrong with it just never got into it except for research for vulnhub VMs).

Idea I had in mind is the cloning ability of Set to clone a website or the captive portal you are behind.  Set can clone the active portal you are behind.  Not expecting the automated accuracy of Set.  I seen in demos that Portal Auth can clone and be used after some templating which is way okay in my book.  Would take me a bit to replicate that ability myself.  This ability mixed with the ability to set it either as a Captive or dnsspoofed site would be cool and combine evil portal with portal auth.  Under dns spoofed it could function like Set's portal where after they enter credentials, it just forwards them to the real site login page.  Adding a sub option under Captive to be used as Portal Auth would add the portal authentication to it.  Don't ask me to name it, my names are corny. :-P

Haven't given much though on how you could implement Fluxion (I assume wifiphisher is about the same) into the mix since fluxion captures the handshake of the real wifi point and then deauths it to oblivion while serving an open version that hopefully the person will connect to and get the captive portal that looks like their router model page asking them to validate their wifi password which checks against the handshake with aircrack and if successful drops the deauth and releases them from the rogue.

Edited June 21, 2017 by PoSHMagiC0de

[UnLo]

On 3/3/2017 at 10:21 AM, stilia.johny said:

Hi all. 

 

Great job @kbeflo

I have a suggestion for your captive portal templates. 

I am using it for a while and it is great! 

After searching for a while I found that you can put notifications at the Dashboard notifications tile by using the command 

pineapple notify [text]

 

so what I did, I edit the MyPortal.php from these templates and I add the following code 

exec("pineapple notify $email'-'$pwd");

after the line 18 before the "}"

 

the results are showing bellow at the screenshot! 

 

Let me know about your thoughts! 

 

 

Read this earlier today, just had the thought of adding an audible notification as well. So you could monitor the site in the background, and with headphones perhaps, be alerted to new loot. (?) even considered... 

[vanhawk]

I have a problem with the portals.
I have a PineApple V with Evil Portal v2.9 and cloned the template portals to it.

When I activate (let's say the starbuck-login portal) I can see the page correctly in the live preview.

When I test it on a client connected to it - the portal comes up but the pictures and javascript are not run on the client. The webpage is "text-only". I have read some things about problems with the sub directories etc.

The portals are located in the /root/portals directory.

Any help is appreciated.

Johan

[kpeezy]

5 hours ago, vanhawk said:

I have a problem with the portals.
I have a PineApple V with Evil Portal v2.9 and cloned the template portals to it.

When I activate (let's say the starbuck-login portal) I can see the page correctly in the live preview.

When I test it on a client connected to it - the portal comes up but the pictures and javascript are not run on the client. The webpage is "text-only". I have read some things about problems with the sub directories etc.

The portals are located in the /root/portals directory.

Any help is appreciated.

Johan

Did you try putting them in the /www/ folder on the pineapple?

[b0N3z]

Im pretty sure these portals were created for the 6th gen platform pineapple and the module for that device.  From what your saying, you are using the 5th gen pineapple.  Which if your using the EP for that pineapple it might be work differently with that version of the module.  

[jtkrl]

Hey there

Awesome work with the captive portals. Looks really realistic. I just have some issues.

When a client connects to the WiFi and accesses a web page (e.g. www.nfl.com), it doesn't redirect them to the captive portal page. Could anyone provide some insight on this?

[cheeto]

Hi, it's because the page you're accessing is https

try accessing an http page with your evil Portal up and running.  the page should be intercepted by EP. 

Cheers 

[Just_a_User]

13 hours ago, jtkrl said:

Hey there

Awesome work with the captive portals. Looks really realistic. I just have some issues.

When a client connects to the WiFi and accesses a web page (e.g. www.nfl.com), it doesn't redirect them to the captive portal page. Could anyone provide some insight on this?

Like cheeto says.

Also on some mobile devices once connected to a captive portal you get a popup saying "network requires you to sign in" kind of thing. Your evilportal will also be displayed in this window if clicked on on the mobile device.

This post is also worth a read

 

Edited October 7, 2017 by Just_a_User

[b0N3z]

dnsmasq spoof will fix that

[cheeto]

Hey guys,

I was wondering if anyone could give me some advice...

I'm REALLY trying to make some captive portals.  I'm doing this my carefully analyzing the scripts used in this section.  AWESOME!!

I able to make the captive portal and the nano is able to capture the creds but as soon as the client enters the creds, EP continues to be active thus denying the client internet access.   So my question is.... do think this problem could be in my index.php or Myportal.php?

I know it's a rather broad question but I'm sure this must have happened to someone else.

Thanks guys!!

 

[cheeto]

just wanted to reply to my own question.

The problem was in the index.php.

 

Thanks anyway D

[kleo]

Update

New template, twttr-login

[stilia.johny]

Hi all, 

 

I was thinking if it would be a good idea to have a page ( within the c.portal folder) so we can access this page and see all the saved data

Possibly the portal will export these data to a CSV file and the html page will create a table of the csv file ? 

 

Any opinions? 

 

John

[kleo]

@stilia.johny I don't think that's really necessary, you could use the Cabinet module to view the ep-logs. 

[aryakangler]

@cheeto Could you please explain? This is close to my issue. I can capture creds, but client receives message indicating unsuccessful login. If client could enter supersecretpassword and proceed to internet (not their acct, just google.com) it would increase time until suspicion

Edited November 2, 2017 by aryakangler