VPN Initial connection insecurity

[Lost In Cyberia]

Hey everyone. I have a problem, but it may be my lack of understanding that is the cause. Ok so I attend a technical school, and needless to say there's a lot of wannabe hackers, pranksters and what not.

So from my laptop I'd like to connect to the wireless AP's around campus, but security is a concern of mine. So I'd like to use SSH to create a tunnel to the AP, and back to my house where I have an 'always on' connection. The whereabouts of my location doesn't matter, I'm doing it more just to have a secure connection to the wifi access point, from potential wireshark captures and man in the middle attacks. I expect the vpn tunnel to the wifi access point to be able to protect me from prying eyes.

My problem is thus, I want to do an ssh user@hostaddress -D 8080 from the terminal. This says create a secure connection to my user at my home address, and put all traffic through port 8080. But I can't execute this because my school has one of those "Login to use wifi" pages. Where you must supply your credentials that you are a student before any connections can be made.

So I'd have to put in my student ID and password, before I can even set up the tunnel to the wifi. This isn't just with my school, it's also at starbucks. You must supply a password to their wifi, unencrypted, before you can set up the vpn to the AP. So the ssh command doesn't work, until you input a valid password, but I don't want ANY of my credentials going out unencrypted. This first initial step may seem trivial, but it's the kind of thing I want to avoid. Is there anyway to set up the vpn to the AP before having to prove my access to the login page?

[newbi3]

Research how to by-pass captive portals and if you have a pineapple you can install the evil portal infusion and test by-passing it on there. I hope this sets you in the right direction and good luck!

[digip]

If using putty, there is a setting for adding the schools proxy login info that may work depending on how you login (connection > proxy > add schools info), and still be able to tunnel using the Connection > SSH > Tunnels part as well . In your browser though, you add the socks5 proxy settings for the SSH tunnel you setup and putty should log you through their proxy and then tunnel you to your home box(assuming you can SSH into it and its configured properly to work as a tunnel).

Then go to IPchicken.com, see what your IP is. If its the schools, your using their IP and tunnel is not setup properly. If its your homes, then you are using your home IP while putty passes the login details to the school portal for you and then sets the tunnel up. Just depends on how the schools portal works.

Edited September 24, 2013 by digip

[Lost In Cyberia]

Thanks guys, I knew there had to be a way around it. Yea I need to get a pineapple.. and digip do you reccommend putty over using the ssh command from the cli? I'm using linux

[digip]

Thanks guys, I knew there had to be a way around it. Yea I need to get a pineapple.. and digip do you reccommend putty over using the ssh command from the cli? I'm using linux

Aside from wine and putty, regular SSHd should be able to pass it as well as use proxychains. look up the man pages on SSH though.

[roobixx]

Brendan O'Connor created a solution in ruby that you might want to check out. You can provide your creds in a file and it will connect for you. add the ruby script into a script to start you ssh session and it should authenticate you and connect.

https://github.com/ussjoin/portalsmash