All geek questions in one place

Captive Portal Page with MITM

I have a microcomputer designed to show clients a portal page when they enter a Wi-Fi network.

The problem is that for some reason they donโ€™t get the usual popup from the phone / PC, where when I do the same with my router it works.

I execute the whole process by passing the entire dns request to the local network (i.e. 10.0.0.2).

When they go to the browser, they get a portal page, but there is no behavior. (when connected to Wi-Fi, a pop-up window automatically appears with a message about the need to enter the network).

on local apache I have a simple index.php file with status code 401 (unauthorized).

The microcomputer connects through the Ethernet port to the router, and I have full control over the router, but I want the managed portal to be controlled from the microcomputer itself, so I do not use a router based on involuntary portals.

Tal.

+6
source share
2 answers

Solutions:

Option 1:

You must have a very specific configuration on your router, because it is a relay of your microcomputer, plus, as I think, your microcomputer is going over the Internet through a router, you also need to take this into account

  • Disable DNS on the router
  • Set DNS on the router to 10.0.0.2
  • Disconnect the gateway to the Internet on your router or set it to 10.0.0.2
  • Install all real servers / gateways manually on your microcomputer, and routes are very important in this case.

Opportunity 2:

Do not forget that some devices have their own DNS set manually or with a specific network configuration or have a specific firewall that monitors an unusual DNS server / query, then you should take this into account, the best solution to avoid using a DNS server on the gateway ip means your dhcp server must be on the minicomputer or use the gateway on the minicomputer or use feature 3 ... this implies checking the gateway you are using, I assume this is the gateway of the router,

You may also have a conflict between the task on the router and the task for working with the microcomputer, and in some cases the ip conflict, for example, the connection between the client and the microcomputer is blocked, and then check your ip configuration.

Opportunity 3:

If your router is open source, open source, you can use DDWRT or OpenWRT to manage your access point, there are many configurable access points in just a few clicks, and you can link them to the Micro-Computer server for a user database or dns or proxy or dhcp or redirect the request to your microcomputer or something else.

Option 4:

Take a look at this MITM Guide and check if you have something

Note:

If my answer didnโ€™t help, please provide additional technical information for debugging, because otherwise than just a description of the configuration, which we know little ... I will be happy to help :)) also give a complete configuration of your network, it seems that this is a network problem.

0
source

Your question is not very clear to me.

Do you use a browser on your phone / PC or application? Can you provide a screenshot of the expected behavior?

I will try to answer it from what I think you are asking: For the browser, you can use DNS or ICMP to redirect the client to your Captive Portal. ICMP is a layer 3 protocol, and some platforms (such as Android) can automatically trigger their own notification to the user, such as "Hey, you need to login." But DNS redirection will not initiate this, it requires user interaction with the browser after connecting to the network. They will open a browser, try to go to the overflow.com stack and redirect to your involuntary portal.

In addition, for an Android application, you need to check the URL connection. Here is an example taken from AOSP:

private static final String mWalledGardenUrl = "http://clients3.google.com/generate_204"; private static final int WALLED_GARDEN_SOCKET_TIMEOUT_MS = 10000; private boolean isWalledGardenConnection() { HttpURLConnection urlConnection = null; try { URL url = new URL(mWalledGardenUrl); // "http://clients3.google.com/generate_204" urlConnection = (HttpURLConnection) url.openConnection(); urlConnection.setInstanceFollowRedirects(false); urlConnection.setConnectTimeout(WALLED_GARDEN_SOCKET_TIMEOUT_MS); urlConnection.setReadTimeout(WALLED_GARDEN_SOCKET_TIMEOUT_MS); urlConnection.setUseCaches(false); urlConnection.getInputStream(); // We got a valid response, but not from the real google return urlConnection.getResponseCode() != 204; } catch (IOException e) { if (DBG) { log("Walled garden check - probably not a portal: exception " + e); } return false; } finally { if (urlConnection != null) { urlConnection.disconnect(); } } }
0
source

Source: https://habr.com/ru/post/988322/

More articles:


All Articles