Jump to content
FPSBrazil

Evil Portal HTTPS don't block

Recommended Posts

What?

What do you mean by "not blocked" and "un-authorized clients"? 

How are you serving an HTTPS page without a certificate?

Share this post


Link to post
Share on other sites
14 hours ago, FPSBrazil said:

HTTPS traffic is not blocked for un-authorized clients, this happens only if HTTPS, someone knows how I fix this?

The reason is that you need to issue SSL certificates.  (at least as far as i know)

Hopefully this will be available in the future.

This is possible to do with FLUXION.  The client can't steer away from a captive portal until the clients complies with he portal's requirements.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, trashbo4t said:

What?

What do you mean by "not blocked" and "un-authorized clients"? 

How are you serving an HTTPS page without a certificate?

The EvilPortal redirect the client and block hes acces to navegate, but the HTTPS services don't redirect the client for captive portal.

Share this post


Link to post
Share on other sites
26 minutes ago, FPSBrazil said:

The EvilPortal redirect the client and block hes acces to navegate, but the HTTPS services don't redirect the client for captive portal.

Ah; I think understand you, 

so if your target navigates to an HTTPS page they will NOT see the portal page? But, if they navigate to an unencrypted HTTP page they DO see the portal page?

 

If thats the case, verify your iptables or dns redirects are set up to handle 443 requests for redirection

Share this post


Link to post
Share on other sites
1 hour ago, trashbo4t said:

Ah; I think understand you, 

so if your target navigates to an HTTPS page they will NOT see the portal page? But, if they navigate to an unencrypted HTTP page they DO see the portal page?

 

If thats the case, verify your iptables or dns redirects are set up to handle 443 requests for redirection

Up, i will try this

Share this post


Link to post
Share on other sites

After a lot a reshearches, I found a way to block HTTPS pages, but you can't redirect directly to your splash page 100% of the time.

Edit the file /pineapple/modules/EvilPortal/api/module.php and add the following line at the end of the startEvilPortal() function :

//EXPERIMENTAL
exec("iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 443 -j DNAT --to-destination 172.16.42.1:80");


Then add this at the end of stopEvilPortal() :
 

//EXPERIMENTAL
exec("iptables -t nat -D PREROUTING -i br-lan -p tcp --dport 443 -j DNAT --to-destination 172.16.42.1:80");


Those are just shitty iptables to make HTTPS fail its certificate check when a client asks for an HTTPS page. The downside is that you can't redirect your client to your captive portal directly as the certificate check failed :  your client doesn't even get connected to anything, so there no connection to redirect your client from. At least it blocks HTTPS request from your client, preventing him from browsing the internet without ever going trough your captive portal.

 

 

Share this post


Link to post
Share on other sites

The last version of the EvilPortal module, uses your fix, and works like your custom module, but i would like, to redirect https trafic, to the portal, now i am blocking the https trafic with your fix.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...