Client not opening a Websocket

Question

Client not opening a Websocket

damudd opened this issue 8 years ago · 6 comments

Hello,

first excuse my english please. Everything is working, except the part that the client has to open a Websocket. I replaced in bot filed YOUR.DOMAIN with my public IP (not the DNS Name). The Server is Responding to 1337, i can verrify that by testing it via devtools. The animation shows up, i can see in the Logs on the pi zero that he is collecting the cookies, but the Client wont open a websocket on 1337 after i plug out the pi! So far great Work!

Kind Regards

TB

Answer 1 · 2017-02-17T18:05:18.000Z

I've got to see i'm having exactly the same problem. My server is also listening on port 1337, i've edited the YOUR.DOMAIN, i can curl commands to port 1337 on my server (so the port is open for sure). But i simply cannot get a check-in from a client to my CnC.

Answer 2 · 2017-02-17T19:37:17.000Z

Does it attempt to in the console/network inspector?

Answer 3 · 2017-02-18T12:47:05.000Z

I suggest uncomment line "document.body.appendChild(iframe);" in file "target_injected_xhtmljs.html".
But be warned that it will result in session for every domain in yo configuration.

Answer 4 · 2017-02-20T10:51:54.000Z

Hi

tanks for you response.

"Does it attempt to in the console/network inspector?"

i checkt an i see that no websocket ist openning! but i can Curl as well. Anny suggestions?

"I suggest uncomment line "document.body.appendChild(iframe);" in file "target_injected_xhtmljs.html".
But be warned that it will result in session for every domain in yo configuration."

i will try that later 2 day.

kind regards

Tilli

Answer 5 · 2017-02-21T11:01:01.000Z

Hi @samyk and @nonefaken,

First of all, thanks for the reply, I appreciate it.

Unfortunately i haven't been able to get poisontap to open a ws to my CnC. I've created a tcp dump and saw that there is no outbound connection to my CnC IP. (or whatever IP you put in backdoor.html). I also did try nonefaken's solution but this, unfortunately, did not make any difference.

Any clue what i'm doing wrong?

PS, maybe someone could make a .img of a fully functioning poisontap pi. I think this will help people figure out if the problem lies somewhere within poisontap, or some other external factor (I.E. server, host, OS, etc.)

Answer 6 · 2017-04-12T09:18:02.000Z

@LarsBehrens does your browser support websockets? You can check this by going to https://www.websocket.org/echo.html. some older browsers cause issues. I'm currently working on an Ajax fallback for poison tap, maybe that will help.