RuudschMaHinda Posted June 29, 2010 Share Posted June 29, 2010 Hey there savy hackers and coders... I am in need of your help. I want to setup a public AP. So far so good.. BUT I want every connection to be secure from the other users currently logged in. This is what I have in mind: I will build some cheap router, like Darren did some episodes ago, with a ITX-board onboard LAN and a WiFi-card... there I would want to install ubuntu and use coovachilli to redirect to the hotspotlogin.cgi... the hotspotlogin.cgi would be SSL-encrypted... Now here is the thing I want to do, and can't find any kind of guide on the net... so let's work together: I want the URL the user entered into his webbrowser caught by coovachilli, and thought of putting this one into a frame in the hotspotlogin.cgi... which then again would be SSL-encrypted... thus no one could sniff the traffic... (besides using sslstrip, but that would suggest the missing 's' and lock) So my main questions are: How can I catch the URL the user has entered into his browser? And would it actually work to put an unencrypted http-site into a frame of a https-site (hotspotlogin.cgi?), meaning: would it realy encrypt everything? Will I need a radius-server for that? Or is there another easier way to secure every users connection without them having to do anything but to connect to the AP (which would be way cooler, since they could use pop3 and smtp as well)? At the moment I am as far as having installed ubuntu server 10.04 LTS and soon apache2 (which will provide the hotspotlogin.cgi - so the tutorials say) lot's of thanks in advance... RMH p.s.: I hope I chose the right forum section, and please forgive any strange english since I am german... Quote Link to comment Share on other sites More sharing options...
Netshroud Posted June 29, 2010 Share Posted June 29, 2010 One possibility is to do something similar to my university, which has a captive portal that, once authenticated, downloads, installs and runs Juniper Network Connect which connects to a SSL VPN. A cheaper possibility is to have 2 SSIDs. One one of them, capture all traffic and give each user a username and password. On the second one, run WPA2-Enterprise and let them authenticate with said username and password. I don't know how easy it would be to set up though. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 29, 2010 Share Posted June 29, 2010 (edited) I think a proxy server in this scenarion would work a lot better. The moment the proxy server, intercepts a connection going out to the internet, it coud use some form of redirection mechanism to reroute the client to a HTTPS server that contains the captitive portal sign on page. As soon as the client enters the login details it would send the client out to the internet. By the way, you could use squid to set up a proxy server, and for the authentication side of it, you could use Windows Active Directory. Edited June 30, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
RuudschMaHinda Posted July 1, 2010 Author Share Posted July 1, 2010 thanks for the fast answers... I think I'll try the proxy idea first, since this would be a little cheaper and I don't want to limit the use of the AP to windows users but then again I don't want anyone having to use a password... yet I think this should be possible (since it will be a public AP) yet there are questions to ask: could the proxy provide ssl encryption to every client? (as I said, I wouldn't want the AP users to spy on each other) I'll let you know about my advances.. in a few days... RMH Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 1, 2010 Share Posted July 1, 2010 @RuudschMahinda, I have found a wiki directly from squid website that explains how to configure HTTPS, however I did not have much success in getting it to work. I have also read in other forums that it may not be possible to configure squid as a HTTPS proxy. http://wiki.squid-cache.org/ConfigExamples...dcardCertifiate Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted July 2, 2010 Share Posted July 2, 2010 You are probably going to end up implementing SSH or VPN in one way or another. There are quite a few Java SSH clients that you could probably pre-configure. KiTTY is a great way to distribute a pre-configured SSH client for Windows users. A quick google seems to show that creating a VPN using ONLY Java isn't possible, although I wouldn't be surprised if I was wrong. Another problem with VPN is the user will have to have admin privileges. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.