Jump to content

how can i force a captive portal to pop up using brup suite ?


mooooon

Recommended Posts

merry Christmas ...( i know that i am late , sorry)

16 hours ago, digininja said:

Does Chrome autofill on IP address based sites over HTTP rather than HTTPS?

 

@digininja Huh ? who said anything about waiting for the user browser to auto fill anything ? 

On 12/22/2020 at 12:28 AM, mooooon said:

then use chrome auto fill forms regex

by this i meant so we can auto input the password that we know whatever it's a (default one - hardcoded one - leaked one through serial number or what ever )

16 hours ago, digininja said:

Does Chrome autofill on IP address based sites over HTTP rather than HTTPS?

 

and to answer your question yes it does but a half auto fil it waits for the user to choose the saved account from a drop menu first( even if it was only one account) i think this can be taken advantage of by making the input bar size the same as the screen size so when he clicks anywhere the password gets auto filled .. also putting in mind that won't work at all on self signed https as chrome doesn't provide saving passwords for them nor generating new passwords nor anything related to auto filling. 

note : that it used to auto fil passwords over http but stopped a year ago maybe ?!

17 hours ago, digininja said:

And is a user likely to have their router creds stored in Chrome in their phone? I don't.

what did you just say ?! ................. if it's in your desktop browser "Chrome" it will be in your darn phone ... what do you think the sync function do in chrome.?! 

i do... and the most if not all of the people that doesn't use a default password or a one printed on the back of the thing and not hard enough .. got the password saved in their browser. just search configuring any router that comes on your mind and you will see that the people in the youtube videos got their passwords saved too.
 

 

Link to comment
Share on other sites

  • Replies 52
  • Created
  • Last Reply
8 hours ago, mooooon said:

Huh ? who said anything about waiting for the user browser to auto fill anything ? 

On 12/21/2020 at 10:28 PM, mooooon said:

then use chrome auto fill forms regex

You did. If you meant fill the form in using JavaScript then surely you would have said that.

Anyway, as before, you obviously know exactly how things will work so I'm out again. What I suggest is you go off and build this mighty project, show it working in a number of real world environments, and the come back here with a "See, I told so" post. Till then I still say it is way to over complicated to be practical in the real world.

Link to comment
Share on other sites

On 12/26/2020 at 11:22 AM, digininja said:

You did. If you meant fill the form in using JavaScript then surely you would have said that.

 

nah not really ... i meant auto fill by us with our values not chrome auto fill or the target browser saved info... i think You didn't get what i said by saying 

On 12/22/2020 at 12:28 AM, mooooon said:

speaking of general i got an idea for auto logging in so it works on all devices , not as he did in the article " generating the password hash and grabbing the tokens manually then sending them using a post request"

instead of us crafting the appropriate post request for each router login manually  ... we let the browser do it for us... just as it normally do ... 

On 12/26/2020 at 11:22 AM, digininja said:

you obviously know exactly how things will work so I'm out again

haha not exactly.

On 12/26/2020 at 11:22 AM, digininja said:

What I suggest is you go off and build this mighty project, show it working in a number of real world environments, and the come back here with a "See, I told so" post

ah that would probably take a year or so .... i haven't still found a fix for the captive P thing ... so at first i have to release a beta version showing the idea and asking others for suggestions ... then an official release with the fix or not and mark the attack as works on [ desktop devices - old android devices - some iphones i think] (they can be called vulnerable too maybe till manufacture change how the captive portal works) and you can use the useragent thing to determinate if the attack would work on a specific network or not.

It's surely a super complicated attack but cause it's kinda unique i will stick with it till the end.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...