Jump to content

Improving Evil Portal


SDFUK

Recommended Posts

Hi,

I've been experimenting with the Evil Portal module. It's really nice to use and works well when easily loading new templates etc in. 

I'd like to improve the hit rate at which new clients are being redirected to the captive portal. I've used the DNSSpoof module to redirect all to the portal, but I suspect this is hit and miss due to many clients caching DNS. I am finding that many clients will connect straight through without ever seeing the Evil Portal.

Is there a good way to increase the chance of the portal popping up - e.g does anyone have a list of the various domains such as captive.apple.com? Or should I be looking at IPTables rules to block the traffic similar to WiFiPhisher?

Thanks

Link to comment
Share on other sites

@SDFUK I was playing around with Evil Portal today and I got every client to direct to my Portal page.

If the portal doesn't come up every time, make sure there isnt another module interfering with the Evil Portal module & reboot the Pineapple.

 

On a different note; if there are any experienced Evil Portal users. I could use some help on my other thread:

"My objective is to phish the usernames and passwords by sending them to a txt file or log entry."

 

 

Link to comment
Share on other sites

On 10/4/2018 at 8:22 AM, SDFUK said:

Is there a good way to increase the chance of the portal popping up - e.g does anyone have a list of the various domains such as captive.apple.com? Or should I be looking at IPTables rules to block the traffic similar to WiFiPhisher?

If you spoof all dns to your pineapple you'll get basically everyone but obviously this isn't a good solution because you'll want clients to use the internet as normal after they go through the portal. In the long term I want to write a program that spoofs DNS conditionally but thats down the road. Right now your best bet is to improve the iptables for Evil Portal. If you end up writing better iptables please make a PR to the project https://github.com/frozenjava/EvilPortalNano

  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...

I am pretty new to this stuff and have just started messing around in it. I came across the same https problems and searching for an answer came across this here.
I am just wondering if it wouldn't be possible to generate a certificate and strip the ssl just like the SSLsplit does? ( https://forums.hak5.org/topic/37107-official-sslsplit/ ) Thus changing the traffic to http and beeing able to redirect it to the captive portal.

Link to comment
Share on other sites

  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...