mirror of
				https://github.com/iiab/iiab.git
				synced 2025-03-09 15:40:17 +00:00 
			
		
		
		
	Create README.md
This commit is contained in:
		
							parent
							
								
									85577aaf13
								
							
						
					
					
						commit
						32b3753e18
					
				
					 1 changed files with 23 additions and 0 deletions
				
			
		
							
								
								
									
										23
									
								
								roles/captiveportal/README.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								roles/captiveportal/README.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,23 @@ | |||
| ## Theory of Operation | ||||
| 
 | ||||
| * The captive portal function is a feature of most modern operating systems. With the increased use of https/ssl (secure sockets layer), the automatic diversion to a specific web page runs the risk of being detected as a "man in the middle" attack. | ||||
| * Each Operating System (OS) provides a mechanism that IIAB can use to break into a conversation, when SSL is not being used. This is an initial attempt by the OS to talk to one of its own web sites, to determine if the host os is connected to the internet. It is always performed without SSL. | ||||
| * The IIAB captive portal uses a list of these OS supported web sites, and diverts these requests to the IIAB server, which in turn forwards to the IIAB home page. | ||||
| 
 | ||||
| ## Components of the IIAB Captive Portal | ||||
| 
 | ||||
| * Files used | ||||
|     1. checkurls -- the list of urls use by at least one of the OS's. | ||||
|     1. iiab-divert-to-nginx -- Bash script writes dnsmasq config file which points to IIAB server | ||||
|     1. iiab-make-cp-servers.py -- Python script writes nginx configuration file to /etc/nginx/sites-enabled | ||||
|     1. capture-wsgi.py -- the script which determines the client agent, records it in sqlite database, and responds with redirects as appropriate for each OS. | ||||
|     1. uwsgi-captiveportal.service -- systemd unit file which runs uwsgi which makes capture-wsgi.py available on port 9090. | ||||
|      | ||||
|  ## Extending and Debugging Captive Portal | ||||
|  * The python capture script can be run interactively in terminal (use systemctl stop uwsgi-captiveportal to free up the port). This will expose any python errors easily. | ||||
|  * Run the capture-wsgi.py with "-l" in a terminal to increase logging to /var/log/apache2/portal.log | ||||
|  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for. | ||||
|   | ||||
|  ## Known Problems | ||||
|  1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep. | ||||
|  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do). | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue