Jump to content
Hak5 Forums
SDFUK

Improving Evil Portal

Recommended Posts

Hi,

I've been experimenting with the Evil Portal module. It's really nice to use and works well when easily loading new templates etc in. 

I'd like to improve the hit rate at which new clients are being redirected to the captive portal. I've used the DNSSpoof module to redirect all to the portal, but I suspect this is hit and miss due to many clients caching DNS. I am finding that many clients will connect straight through without ever seeing the Evil Portal.

Is there a good way to increase the chance of the portal popping up - e.g does anyone have a list of the various domains such as captive.apple.com? Or should I be looking at IPTables rules to block the traffic similar to WiFiPhisher?

Thanks

Share this post


Link to post
Share on other sites

@SDFUK I was playing around with Evil Portal today and I got every client to direct to my Portal page.

If the portal doesn't come up every time, make sure there isnt another module interfering with the Evil Portal module & reboot the Pineapple.

 

On a different note; if there are any experienced Evil Portal users. I could use some help on my other thread:

"My objective is to phish the usernames and passwords by sending them to a txt file or log entry."

 

 

Share this post


Link to post
Share on other sites
On 10/4/2018 at 8:22 AM, SDFUK said:

Is there a good way to increase the chance of the portal popping up - e.g does anyone have a list of the various domains such as captive.apple.com? Or should I be looking at IPTables rules to block the traffic similar to WiFiPhisher?

If you spoof all dns to your pineapple you'll get basically everyone but obviously this isn't a good solution because you'll want clients to use the internet as normal after they go through the portal. In the long term I want to write a program that spoofs DNS conditionally but thats down the road. Right now your best bet is to improve the iptables for Evil Portal. If you end up writing better iptables please make a PR to the project https://github.com/frozenjava/EvilPortalNano

  • Like 1

Share this post


Link to post
Share on other sites

Couldn’t you set some of that (conditional stuff) up in the iptables?

Share this post


Link to post
Share on other sites

I am pretty new to this stuff and have just started messing around in it. I came across the same https problems and searching for an answer came across this here.
I am just wondering if it wouldn't be possible to generate a certificate and strip the ssl just like the SSLsplit does? ( https://forums.hak5.org/topic/37107-official-sslsplit/ ) Thus changing the traffic to http and beeing able to redirect it to the captive portal.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×