________ ____________________ __ .__
\______ \\______ \______ \____________/ |______ | |
| | \| ___/| ___/ _ \_ __ \ __\__ \ | |
| ' \ | | | ( <_> ) | \/| | / __ \| |__
/_______ /____| |____| \____/|__| |__| (____ /____/
\/ \/
written by: Double_D
This is a phishing tool that deploys a wireless (802.11) network via access point software 'berate_ap' with a captive portal with customisable branding and logo, with multiple sign-in options available, all of which will harvest the credentials entered.
Warning
This project is still under development. You will notice that files that should be bash scripts are currently plain text files. I will change them to .sh files once developed to an acceptable/functional v1.0 and will remove this warning message.
This program uses 'berate_ap' and a connected wireless network interface to bring up a an innocent looking public SSID, once connected the user will be presented with a captive portal offering various different login options of various social media networks and services. The currently installed options are:
- Google/GMail
- Microsoft Office 365
- Yahoo
These are all cloned pages with the login mechanism modified to steal the credentials entered all login details will be added to a MySQL database on your machine.
There is a 'Display Panel' page. The display panel you can access will show pull all of the database entries created from our phishing portals and load them into a HTML table showing you the attempted login, with columns for the username, password, date/time stamp of the entry and the page/service used in the attempt. It is protected by digest authentication. The username is 'pwner' and the password you will be asked to configure during the installation process.
You can also set the branding, either by creating your own using a wizard I built into the tool, or by chosing one already built in from a menu.
If you chose to create a new custom one the wizard will ask you for details including a local path to a background image and a smaller logo image. This will then create a new branding set you will be able to chose from the menu in the previous step.
This has been tested on Kali Linux 2023.2 onwards but will probably work with:
- Kali 2022.2+ (untested)
- Ubuntu 18.04+
- Raspberry Pi OS (Recommended Pi OS v9 (Stretch) onwards on a Pi3+ or better)
- Debian based Linux with GNU Bash v5.x+ & PHP v7.x+
-
berate_ap
-
eterm
-
airmon-ng
-
Apache2
-
MySQL/MariaDB
-
PHP7
-
hostapd-mana
-
bash
-
util-linux
-
procps or procps-ng
-
iproute2
-
iw
-
iwconfig (only if 'iw' doesn't recognise your attached W-NIC)
-
dnsmasq
-
iptables
-
Appropriate 802.11 drivers for your NIC
To install DPPortal on your machine run:
git clone https://github.com/ddwyer/dpportal.git
to clone the repository, then step into the parent directory:
cd dpportal
give the install script execution permissions by running:
chmod a+x install.sh
Then, finally, as root or with sudo privileges run the install script itself:
sudo ./install.sh
or
sudo bash install.sh
-
Run dp-portal from terminal with your main intended function as an arguement. There are three different options.
-
To fire up the portal run:
dpportal run
- To fire up the portal with the current configuration with no further user input needed (such as to setup a Pi appliance) run:
dpportal autorun
- To set the portal branding run:
dpportal setbrand
- To uninstall DPPortal run:
dpportal uninstall
To display help and usage:
dpportal -h
or
dpportal --help
Caution
This tool is meant for educational purposes only, please do not use this on any people, locations or devices that you do not have prior expressed permission to do so with. Using this in any other way is illegal in the USA, UK, EU and most other territories around the world, I am not responsible for any irresponsible or malicious use of this tool.
Double_D
-
0.3 Editing the README file to test and configure git on my dev box
- Reformatted some text, clarified instuctions and added credits
-
0.2
- Various bug fixes and optimizations
-
0.1
- Initial Commit and Push
This project is licensed under the MIT License. You're free to copy, edit or clone any part of my code for your own educational benefit, just please dont plagurise the project and claim credit for yourself, that's not cool.
Inspiration, code snippets, etc.
- awesome-readme - Markdown layout cheat sheet (First time I've written a markdown file myself).
- LitePhish - Bot detection PHP script and various fake login page clones.
- [Pedz] - For introducing me to bash/the UNIX command line in general.
- [Colin] - For additional help and support developing my Linux commandline skills.