Jump to content

Evil Portal HTTPS don't block

FPSBrazil

By FPSBrazil
in WiFi Pineapple NANO

Recommended Posts

cheeto Newbie

cheeto

Posted
Posted
14 hours ago, FPSBrazil said:

HTTPS traffic is not blocked for un-authorized clients, this happens only if HTTPS, someone knows how I fix this?

The reason is that you need to issue SSL certificates.  (at least as far as i know)

Hopefully this will be available in the future.

This is possible to do with FLUXION.  The client can't steer away from a captive portal until the clients complies with he portal's requirements.

Link to comment
Share on other sites
FPSBrazil Newbie

FPSBrazil

Posted
  • Author
Posted
1 hour ago, trashbo4t said:

What?

What do you mean by "not blocked" and "un-authorized clients"? 

How are you serving an HTTPS page without a certificate?

The EvilPortal redirect the client and block hes acces to navegate, but the HTTPS services don't redirect the client for captive portal.

Link to comment
Share on other sites
trashbo4t Newbie

trashbo4t

Posted
Posted
26 minutes ago, FPSBrazil said:

The EvilPortal redirect the client and block hes acces to navegate, but the HTTPS services don't redirect the client for captive portal.

Ah; I think understand you, 

so if your target navigates to an HTTPS page they will NOT see the portal page? But, if they navigate to an unencrypted HTTP page they DO see the portal page?

 

If thats the case, verify your iptables or dns redirects are set up to handle 443 requests for redirection

Link to comment
Share on other sites
FPSBrazil Newbie

FPSBrazil

Posted
  • Author
Posted
1 hour ago, trashbo4t said:

Ah; I think understand you, 

so if your target navigates to an HTTPS page they will NOT see the portal page? But, if they navigate to an unencrypted HTTP page they DO see the portal page?

 

If thats the case, verify your iptables or dns redirects are set up to handle 443 requests for redirection

Up, i will try this

Link to comment
Share on other sites
  • 4 months later...
Nofix Newbie

Nofix

Posted
Posted

After a lot a reshearches, I found a way to block HTTPS pages, but you can't redirect directly to your splash page 100% of the time.

Edit the file /pineapple/modules/EvilPortal/api/module.php and add the following line at the end of the startEvilPortal() function : 

//EXPERIMENTAL
exec("iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 443 -j DNAT --to-destination 172.16.42.1:80");


Then add this at the end of stopEvilPortal() :
  

//EXPERIMENTAL
exec("iptables -t nat -D PREROUTING -i br-lan -p tcp --dport 443 -j DNAT --to-destination 172.16.42.1:80");


Those are just shitty iptables to make HTTPS fail its certificate check when a client asks for an HTTPS page. The downside is that you can't redirect your client to your captive portal directly as the certificate check failed :  your client doesn't even get connected to anything, so there no connection to redirect your client from. At least it blocks HTTPS request from your client, preventing him from browsing the internet without ever going trough your captive portal.

 

 

Link to comment
Share on other sites
  • 1 year later...
  • 5 months later...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...