Evil Portal issues...

[olympus_mons]

Hi all,

I have uploaded the Kleo portals to my Pineapple and I am now doing some testing.

It kind of works but then kind of doesn't work.

The first issue is, when I try to stop the Evil portal by clicking Stop, I get an error saying Error stopping Evil Portal. When I click Stop Web Server, the Evil Portal seems to stop. Has anyone seen tis before? Is there a solution / fix?

The other issue is, when I connect to the Open Access Point from my mobile, I see the Evil Portal I activated, for example, the Google login Evil Portal, I then enter creds and the creds are captured as expected. However, If I disconnect my phone from the Open Access Point then try to reconnect to the Open Access Point, the Evil Portal does not display again. Even if I tell my phone to forget the Open Access Point and reconnect, I still do not see the Evil Portal page. If I reboot the Pineapple and then reconnect my phone to the Open Access Point, I then see Evil Portal as expected.

I then tried to connect my PC to the Open Access Point but Windows 10 said "cant connect to the network".

Any help would be greatly appreciated.

Thank you,

[dark_pyrro]

40 minutes ago, olympus_mons said:

The first issue is, when I try to stop the Evil portal by clicking Stop, I get an error saying Error stopping Evil Portal. When I click Stop Web Server, the Evil Portal seems to stop. Has anyone seen tis before? Is there a solution / fix?

Does this happen every time you stop the Evil Portal module or just random? In other words, if you for example try to stop the module 10 times, how many times will it fail? The EP module might throw errors a few times now and then, but most often it works as it should. That's why I'm asking.

43 minutes ago, olympus_mons said:

However, If I disconnect my phone from the Open Access Point then try to reconnect to the Open Access Point, the Evil Portal does not display again

The IP of the phone should be added to the "allowed client" list (don't remember the exact name now and I don't have the Pineapple up and running at the moment). The chance that the phone gets the same IP address as a DHCP lease from the Pineapple when it reconnects (even if you remove the network on the phone itself) is rather possible. So, if the IP is still in the allowed list, and the phone gets that same IP when reconnecting, then..... it's allowed (and the EP is not shown because of that fact). This is reset, if I recall it correctly, when you reboot the Pineapple and therefore the phone is greeted with the EP login page upon next connection to the Pineapple.

[olympus_mons]

Many thanks for the reply.

The error seems to happen every time I press Stop. However, I did notice that when I close the error windows and refresh the browser, the Evil Portal has stopped but the so has the Web Server. So technically it works but I feel its a bit buggy. I am on the latest firmware (1.1.1). I cannot see this as a common issue online. Are there alternative Evil Portals from Kleo? Could the bug be in the Evil Portals I have uploaded?

Thank you re the IP / DHCP / filter suggestions, I will look at what you said and go from there.

Thanks again for the help.

[dark_pyrro]

I haven't experienced any real problems with the Kleo portals and not really with the portal module itself either, so not sure what you might be experiencing. There has been some things lately but that seems to be (not verified) linked to some issue with the upstream OpenWrt package for nginx. That shows up in a different way than you are describing though. There are other portals available but the ones most often referred to are the Kleo ones. I just use them since they are a good way of showing the concept to others in demo/FUD situations and if there's some need for some specific engagement/red team exercise, it's possible to create your own that fits the exact scenario.