View previous topic :: View next topic |
Author |
Message |
dequeued n00b
Joined: 16 Oct 2007 Posts: 19 Location: NYC
|
Posted: Tue Oct 16, 2007 12:34 am Post subject: Using curl to authenticate on a public wireless network |
|
|
This is a compound question that I hope someone can help with.
My school has an open wireless network, which, once you associate with it, firewalls all traffic, except for port 80 which uses a transparent proxy to redirect you to an https page where you enter your school userid and password, in order to be able to get access to the network.
What I wanted to do -- and I am sure it's possible, is run curl as soon as my computer associates with the school's network, and make a POST to the login server.
That way I could be online by the time xdm starts.
I can think of a few clumsy ways to do this, but I wanted your input on how the most elegant way to do this would be.
1. How would I run an external script when my wireless device associated with a specific ssid.
Can I do that from /etc/init.d/net? If not is there some kind of Daemon that can do certain actions when a connection is made under certain circumstances?
2. I looked through the html form code, and I didn't see any unique tokens or session data that would require me to fetch and process the login page, so I am assuming that I can just submit the same https form data over and over to authenticate.
Does anyone have any experience with this?
What would be the best way to capture http post data?
I could use a packet sniffer, or try to extrapolate it by dissecting the html form, but it feels like there should be an easier way to do this, especially for more complex forms, perhaps some firefox plugin I don't know about?
This may also apply to authenticating on any number of access points at coffee houses or businesses which require you to see a user agreement before use.
Cheers. |
|
Back to top |
|
|
no_hope Guru
Joined: 23 Jun 2003 Posts: 482
|
Posted: Tue Oct 16, 2007 8:14 pm Post subject: Re: Using curl to authenticate on a public wireless network |
|
|
What you are trying to do will create a new security risk and you shouldn't do it.
With that out of the way, here are my 2 cents.
dequeued wrote: | firewalls all traffic, except for port 80 |
Most likely DNS is not firewalled either. If you are hardcore,and have a little free time, you could come up with a way to piggyback all your traffic to DNS packets
dequeued wrote: | 1. How would I run an external script when my wireless device associated with a specific ssid. |
you could use the postup function (see /etc/conf.d/net.example) or write a new gentoo init script (you'll want to use the depend function, see /etc/init.d/ for examples)
I think the easiest way to achieve what you want would be to use www-client/lynx and dev-tcltk/expect. lynx is a text-mode browser and expect is a "tool for automating interactive applications". The basic idea is to use lynx to authenticate once and then use expect to replay the keystrokes you used.
If you emerge expect with the doc useflag, you'll have autoexpect script installed in /usr/share/expect-XXX. Run it and a new shell will be started. run lynx and authenticate, quit lynx and the new shell. You should get the expect script to authenticate. It will require some modification to work reliably, but format is pretty simple.
The downside of the above approach is that it requires you to store your password in clear text. What you really should do is steal authenticated MAC addresses. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|