Hey there savy hackers and coders... I am in need of your help.
I want to setup a public AP. So far so good.. BUT I want every connection to be secure from the other users currently logged in.
This is what I have in mind:
I will build some cheap router, like Darren did some episodes ago, with a ITX-board onboard LAN and a WiFi-card... there I would want to install ubuntu and use coovachilli to redirect to the hotspotlogin.cgi... the hotspotlogin.cgi would be SSL-encrypted...
Now here is the thing I want to do, and can't find any kind of guide on the net... so let's work together:
I want the URL the user entered into his webbrowser caught by coovachilli, and thought of putting this one into a frame in the hotspotlogin.cgi... which then again would be SSL-encrypted... thus no one could sniff the traffic...
(besides using sslstrip, but that would suggest the missing 's' and lock)
So my main questions are:
How can I catch the URL the user has entered into his browser?
And would it actually work to put an unencrypted http-site into a frame of a https-site (hotspotlogin.cgi?), meaning: would it realy encrypt everything?
Will I need a radius-server for that?
Or is there another easier way to secure every users connection without them having to do anything but to connect to the AP (which would be way cooler, since they could use pop3 and smtp as well)?
At the moment I am as far as having installed ubuntu server 10.04 LTS and soon apache2 (which will provide the hotspotlogin.cgi - so the tutorials say)
lot's of thanks in advance...
RMH
p.s.: I hope I chose the right forum section, and please forgive any strange english since I am german...