Recently, I was on a wireless assessment, and one of our objectives was to obtain the Access Code to a guest wireless network. To do this, we decided to use a Wifi Pineapple - Tetra.
For this post, I will go over the process of cloning a website to use for your captive portal using the Portal Auth module, then host it with the Evil Portal Module. I will not be going over the initial setup of the Wifi Pineapple. For more information on the initial setup, I suggest you look here.
So let’s get started! The first thing we need to do is download the “Portal Auth” and “Evil Portal” modules.
Click install and then click internal storage to install the module
After they are both installed, we can start to setup Portal Auth! Portal Auth is going to help us capture and create a captive portal to host. First, click “use default” to populate all of the configuration options.
Next, we have to pick a website to clone for the portal. For this example, I am going to use https://www.starbucks.com/. Under “Test Site” put the URL of the site you would like to clone then, click “save” . If the Pineapple can find and connect to the test site, the Clone Portal Button should appear. :)
Now that we have a webpage set we need to make some slight changes to an injection set. Under Injection Sets click “Edit Injects” and select “Harvester”
Here we will edit the HTML for the situation. In my case I was looking for an Access Code and Name. Below is my modified HTML:
After you have made changes to the code, click “Save HTML” to overwrite the previous injection.
Now all that is left is to click “Clone Portal” and set a Portal Name, and under Injection Set select Harvester.
Once it has finished cloning we have to use the “Evil Portal” Plugin to host the newly created captive portal. Navigate to the Evil Portal Module, and Activate the captive portal by pressing “Start” on the controls panel. Once Started Activate your saved portal. You can view a preview of the portal after the portal is activated and started
Finally, all we have to do is set up the public AP for our target to connect too! Under “Networking” set the “Open AP SSID” to something that fits your target, ensure that “Hide Open AP” is not checked, then Click “Update Access Point”. Now your captive portal should be up and running!
You can test it by connecting to your malicious SSID and using the captive portal. Here is our example running!