Jump to content

newbi3

Recommended Posts

I take it back.  from my client on the 192 network.. I can not ping the pine directly at 172.16.42.1  so.. must be some kind of routing\dns issues.  

I tried to change the route table via the GUI.. update dns.  but not changes.  I will try from ssh.

tw

Link to comment
Share on other sites

  • Replies 263
  • Created
  • Last Reply
12 hours ago, -TW- said:

I installed the beta with hopes that it will solve some random issues I have with EP.

My setup:  tetra with alfa usb in client mode connected to a 192.168.1.x wifi ap.  (stand alone over in the corner)

I like the rules.. but they do not work, or not as they should and it could be due to my config.  I created a SSID rule for any SSID of "BOB" with Destination of "BOB.com"  Hit save.  went back in.. rule still there.  This is all for a default new portal, no other changes made. activated and started EP.   Live preview shows white page.  Clients connecting to BOB also get stopped and see the white page, but no way to auth.  this is the same for clients that connected to OTHER ssid's.  so I guess the rule doesnt care.??

Live preview does not show, or only 'sometimes' shows a preview.  I did get an error msg once stating that the 172.16.42.1 system did not send any data. ?  

From an ssh shell on the tetra by its 192 space.. I can ping the 172 interface just fine.  same from my mpb client that is on the 192 space.  Is this a module issue?  or something wrong with my routing and network configs?  (network tab shows 172.16.42.0 > br-lan)  I tried changing to all wlan the wifi is on.. no luck. 

thoughts?

 

TW

Okay so I think you have a few misconceptions here that I will address first:

The destination is not a destination URL that the client will be sent to after authorizing, but instead it is the destination landing page that EvilPortal will present to them. The default is default.php but you will need to make a new page for whatever your use case is. For example if I have a rule that sends all iphones to an iphone branded landing page the destination would be something like "iphones.php" or whatever you want to call it.

Also, I think I addressed this in the readme but I could be wrong. In order for the SSID rules to work you need to be logging associations with PineAP.

Finally, you will need to have a route to the 172.16.42.0 network in order for the live preview to load and in order to see the captive portal.

Let me know if you have any other issues!

Link to comment
Share on other sites

<?php
$destination = "http://". $_SERVER['HTTP_HOST'] . $_SERVER['HTTP_URI'] . "";
?>

<HTML>
    <HEAD>
        <title>Evil Portal</title>
        <script type="text/javascript">
            function redirect() { setTimeout(function(){window.location = "/captiveportal/index.php";},100);} 
        </script>
    </HEAD>

    <BODY>
        <center>
            <h1>Evil Portal</h1>
            <p>This is the default Evil Portal page</p>

            <form method="POST" action="/captiveportal/index.php" onsubmit="redirect()">
                <input type="hidden" name="target" value="<?=$destination?>">
 DELETE THIS LINE----> <button type="submit">Authorize</button
            </form>

        </center>

    </BODY>

</HTML>

just click edit on the index.php and delete the line noted above (<button type="submit">Authorize</button>)

Link to comment
Share on other sites

Ok I have a noob question here.  I am just playing with the default port that gets created. I have not made any code changes nor am I trying to with this post.

when I click "authorize" the browser tries to download a index.json file. if I cancel the download and go to a new page I can surf fine (and the IP is now in the white list

Link to comment
Share on other sites

31 minutes ago, Br@d said:

Ok I have a noob question here.  I am just playing with the default port that gets created. I have not made any code changes nor am I trying to with this post.

when I click "authorize" the browser tries to download a index.json file. if I cancel the download and go to a new page I can surf fine (and the IP is now in the white list

Is this the beta version or the current version in the pineapple bar?

Link to comment
Share on other sites

Also did

Quote

1. There is no redirect to the requested site once the client has been authorized. I followed the data flow and it appears the following files are accessed in order (index.php -> /www/captiveportal/index.php -> API.php -> Portal.php) and within Portal.php the methods handleAuthorization() and getResponse() are called. The problem is your redirect() method is never called in Portal.php. I tried adding it to handleAuthorization() but it appears the header does not get set because I still don't get redirected. I also tried adding it to MyPortal.php and removed the parent::showSuccess(); call.

Edit: I see now that redirect() is called in the authorizeClient() method but it still does not work.

get looked at? I'm having the same issue, I read trough the post but did not see the resolution (though I could have missed it)

Link to comment
Share on other sites

Hi!

Is there a way to have the 'splash page' mechanizm in this version ? When I connect with android to the portal, it seems chrome (on android) is launching google.com automatically. I'm not sure if it's some configuration of the portal or not.

Ideally, I would like the browser to be opened on the login page, because sometimes I users would just connect to the access point then continue their browsing on HTTPS websites.

How to achieve that ?

thanks !

Link to comment
Share on other sites

8 minutes ago, SatchBoogie said:

Hi!

Is there a way to have the 'splash page' mechanizm in this version ? When I connect with android to the portal, it seems chrome (on android) is launching google.com automatically. I'm not sure if it's some configuration of the portal or not.

Ideally, I would like the browser to be opened on the login page, because sometimes I users would just connect to the access point then continue their browsing on HTTPS websites.

How to achieve that ?

thanks !

This is something that I indeed need to address and sud0nick has pointed out a partial solution for this, however it involved modifying the nginx config and thats something I'm trying to avoid doing. When I have a free day on my hands this is something I'm going to be researching and implementing. Wether or not it will make it into the 3.0 release I can't say for sure but it will definitely be in a 3.x release.

Link to comment
Share on other sites

7 hours ago, newbi3 said:

This is something that I indeed need to address and sud0nick has pointed out a partial solution for this, however it involved modifying the nginx config and thats something I'm trying to avoid doing. When I have a free day on my hands this is something I'm going to be researching and implementing. Wether or not it will make it into the 3.0 release I can't say for sure but it will definitely be in a 3.x release.

Hi,

My problem is not HSTS, it's more : "how do captive portals make the mobile clients pop-up a browser for the login page ?"

I can't find any info on that. My google-fu is bad today :/ for HSTS I think there is nothing to do, unless we play with sslplit v2 and some hack but it's pretty hard to implement..

 

Here is what I just found : https://serverfault.com/questions/679393/captive-portal-popups-the-definitive-guide

another with some infos: https://unix.stackexchange.com/questions/212871/captive-portal-detection-popup-implementation

It seems to be my answer :)

Link to comment
Share on other sites

On 12/6/2016 at 3:21 AM, SatchBoogie said:

Hi,

My problem is not HSTS, it's more : "how do captive portals make the mobile clients pop-up a browser for the login page ?"

I can't find any info on that. My google-fu is bad today :/ for HSTS I think there is nothing to do, unless we play with sslplit v2 and some hack but it's pretty hard to implement..

 

Here is what I just found : https://serverfault.com/questions/679393/captive-portal-popups-the-definitive-guide

another with some infos: https://unix.stackexchange.com/questions/212871/captive-portal-detection-popup-implementation

It seems to be my answer :)

Oh, Android devices don't have the Captive Portal automatically pop up and there is nothing you can do about that. Apple devices do however.

Link to comment
Share on other sites

Hey guys. EP is not populating portal auth portals saved to sd. I poked around the EP files lookig for an obvious smoking gun, but was not able to find anything meanigful (to me). Any advice on how to correct?

Nano 1.1.3

All modules installed to sd.

Link to comment
Share on other sites

  • 2 weeks later...

Ok. Basic question, I apologize. I have successfully gotten PA to clone sites and the inject sets are working properly. The issue I am now facing is that on submit, the user is being redirected to /captiveportal/index.php 

What is the recommended way to get a redirect to a real URL on the interwebs?

Also, I am getting "You are not authorized." What could be causing that?

@sud0nick @newbi3

Link to comment
Share on other sites

  • 3 weeks later...

total noob question. I have been having a hell of a time setting up target portals. Everything I try I just get served with a blank page. Basic portals work fine. I just cant get targeted portal to serve even the default.php

What am I missing or doing wrong? thanks in advance.

Link to comment
Share on other sites

Good day @newbi3 currently using the Evil Portal 2.9, as user that haven't authorized in to the captive portal, using chrome/firefox redirects http sites to the portal, but the site gets broken and shows plain text and input boxes. 172.16.42.1 works fine though.

Additionally captive portal not working without internet connection shared from 172.16.42.42. I wanted to use it as a standalone device, make the captive portal available offline.

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

Would like to know how to add some code to my evil portal so that after the victim enters the credentials it fails and has to enter them again. Once they enter it the second time it allows them through. The purpose is to get two log files of the credentials in case they had a typo.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...