Evil Portal with Wifi Pineapple Nano
This documentation will show how easy it is to setup an evil portal, a fake website to receive credentials, with the Wifi Pineapple Nano. This is only for educational purposes and is illegal when used without permission.
- Wifi Pineapple Nano and included equipment
- SD Card 8gb or above
The setup was tested on Kali Linux.
In order to complete these steps, you must have followed [] for preparation.
In order to use the SD Card the right way, it must formated previously. This is done on "Advanced" -> "USB & Storage" drop down arrow in the right corner -> "Format SD" This will take couple of minutes. When it's done you can go to the next step.
Go the "Modules" section, click "Manage Modules" then on "Get Modules from Hak5 Community Repositories" and look for the "Evil Portal" option. Click "Download" and enter the "Download to SD Card" option.
Now there will be the "Evil Portal" option listed in the Modules section.
To check if everthing works fine so far:
- Enter a name for the test portal
- Click "Create New Portal"
- Activate new portal
- Captive Portal Start
- Start On Boot enable
- Reload the page to prevent errors
- Enter 172.16.42.1
The result will look similar to this:
Next, the pages with the realistic visuals must be downloaded. For this project the Evil Portals from https://github.com/kleo/evilportals.git are used. In the shell use the command:
- git clone https://github.com/kleo/evilportals.git
Then transfer the portals either all of them or just specific ones to the Wifi Pineapple Nano.
- Enter the folder where the portals are located
- scp -r choose-portal firstname.lastname@example.org:/root/portals OR WHEN AN ERROR OCCURS scp -r -O choose-portal email@example.com:/root/portals
Now the preferred portal should be copied to the Nano.
Enabling the new portals:
- Go to the Modules section again
- The new Modules are listed in the work bench
- Deactivate or delete the test portal
- Activate the new portal
- Refresh the page
- Enter 172.16.42.1
- Enter the allowed client's MAC addresses in the white list
The Evil Portal is now ready.
You can see on the picture that when entering the IP address you will be redirected to the fake Google page. On the Tab the name "Google" appears.
To see the entered credentials of the targets, click on "View" of the activated portal. There you will see a list of logs from the users.