poisontap icon indicating copy to clipboard operation
poisontap copied to clipboard

Published 20 hours ago verified publisher icon samyk

Client not opening a Websocket

Open damudd opened this issue 8 years ago • 6 comments

Hello,

first excuse my english please. Everything is working, except the part that the client has to open a Websocket. I replaced in bot filed YOUR.DOMAIN with my public IP (not the DNS Name). The Server is Responding to 1337, i can verrify that by testing it via devtools. The animation shows up, i can see in the Logs on the pi zero that he is collecting the cookies, but the Client wont open a websocket on 1337 after i plug out the pi! So far great Work!

Kind Regards

TB

damudd avatar Feb 12 '17 13:02 damudd

I've got to see i'm having exactly the same problem. My server is also listening on port 1337, i've edited the YOUR.DOMAIN, i can curl commands to port 1337 on my server (so the port is open for sure). But i simply cannot get a check-in from a client to my CnC.

LarsBehrens avatar Feb 17 '17 18:02 LarsBehrens

Does it attempt to in the console/network inspector?

samyk avatar Feb 17 '17 19:02 samyk

I suggest uncomment line "document.body.appendChild(iframe);" in file "target_injected_xhtmljs.html". But be warned that it will result in session for every domain in yo configuration.

nonefaken avatar Feb 18 '17 12:02 nonefaken

Hi

tanks for you response.

"Does it attempt to in the console/network inspector?"

i checkt an i see that no websocket ist openning! but i can Curl as well. Anny suggestions?

"I suggest uncomment line "document.body.appendChild(iframe);" in file "target_injected_xhtmljs.html". But be warned that it will result in session for every domain in yo configuration."

i will try that later 2 day.

kind regards

Tilli

damudd avatar Feb 20 '17 10:02 damudd

Hi @samyk and @nonefaken,

First of all, thanks for the reply, I appreciate it.

Unfortunately i haven't been able to get poisontap to open a ws to my CnC. I've created a tcp dump and saw that there is no outbound connection to my CnC IP. (or whatever IP you put in backdoor.html). I also did try nonefaken's solution but this, unfortunately, did not make any difference.

Any clue what i'm doing wrong?

PS, maybe someone could make a .img of a fully functioning poisontap pi. I think this will help people figure out if the problem lies somewhere within poisontap, or some other external factor (I.E. server, host, OS, etc.)

LarsBehrens avatar Feb 21 '17 11:02 LarsBehrens

@LarsBehrens does your browser support websockets? You can check this by going to https://www.websocket.org/echo.html. some older browsers cause issues. I'm currently working on an Ajax fallback for poison tap, maybe that will help.

marnixbouhuis avatar Apr 12 '17 09:04 marnixbouhuis