PHP not executing on Rogue AP webpage

apache
mysql
php

(Joshep) #21

Yea it worked but what are w e gonna do?


(Hardeep Singh) #22

Test on you fake AP webpage. It should not show the source code but execute PHP and save the credentials in MySQL DB.


(Joshep) #23

oh… i see and how bout redirecting me to the fake ap webpage?
i have to go manually and dnspoof command also didn’t redirected me to the fake AP webpage?


(Hardeep Singh) #24

dnsspoof is indeed working as your data suggests.

It would never work on sites with HSTS enabled. Can’t do anything with that at the stage/level you are at.

I would suggest you to test this with http websites and get familiar with the attack first. then we can go deeper and understand how to bypass this.

Stuck to the current attack. understand. then move deeper.
else you’ll stay confused and end up wasting a lot of time.
you gotta keep it under you own control (not limit, but control your self).


(Joshep) #25

:slight_smile:
Well i had learned a lot of things about evil twin attack from you and your guide.
I knew nothing about that some days ago. Thanks a lot for that.
Well, will captive portal guide gonna help me out from your wireless pentesting and security pdf?


(Hardeep Singh) #26

For sure!

Go ahead. Just keep learning!
and thanks for your kind words :slight_smile:


(Hardeep Singh) #27

A post was split to a new topic: Captive Portal Issue on Android Lollipop