Skip to content
/ xfinity-pineapple Public
forked from MikeDawg/xfinity-pineapple

Steal xfinity-comcast subscriber credentials.

0 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JimWas/xfinity-pineapple

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
login-page-option1
login-page-option1
 
 
login-page-option2
login-page-option2
 
 
README.md
README.md
 
 
splash.html
splash.html
 
 

Repository files navigation

#Xfinity-Pineapple Steal xfinity-comcast subscriber credentials.

  • This is a weaponized version of the Comcast shared WiFi interface, to steal users Xfinity/Comcast account credentials.

###Setup:

1. Read through the writeup for help http://blog.logrhythm.com/security/xfinity-pineapple/

2. Depending on whether you would like to store the source code on your WiFi Pineapple or an internet-accessible server,
   these steps may vary.

3. Change the name of your wireless access point's SSID to 'xfinitywifi'.

4. There are two options for the phishing site. Regardless, the back-end functionality for both is the same.
	a. 'login-page-option1' - The full web HTML version of the landing page.
	b. 'login-page-option2' - The mobile version of the landing page.

5. Navigate to one of these folders and copy the contents to a new web directory on the server / pineapple.

6. Configure either DNSSpoof or the Evil Portal within the Pineapple to display the false Xfinity logon pages.
   Details included in the writeup.

7. Enable the Pineapple's wireless access point.

8. Wait, then check in on the auth.log file / tail it / configure alarms to monitor this file.

9. Profit.

About

Steal xfinity-comcast subscriber credentials.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 49.1%
  • CSS 46.7%
  • PHP 4.2%