Captive Portal - Chillispot | OpenWrt vs DD-wrt - router

I've been trying to configure a captive portal using DD-wrt and Open-wrt, with my own radius server and I've also tried to configure them using a CSP page (http://worldspot.net).
DD-wrt
My first try was with a TP-LINK WR841N (v7.) and DD-wrt using the web interface. In dd-wrt web interface there is an option in Services -> HotsPot -> ChilliSpot. Here I tried both configurations, using my own server data, and also tried with WorldSpot data, and my issue was the same in both cases:
When I enable Chillispot on the router, I don't get IP assigned, meaning I can't connect to the wifi/lan. It seems the problem is obviusly with the router and It's something like the Chillispot configuration is not working, or the changes are not"applied"
Open-wrt
After some hours trying to make work dd-wrt I think that maybe with open-wrt it was easier to configure, and here I found another problem. After updating my TP-LINK to Open-wrt I realized that I cannot access to the router via WEB, so I have to connect via telnet and ssh to install some packages and make some configurations.
I tried to install "luci" the package for the web gui and I found with some errors:
- First It didn't find the package, and I have to change the /etc/opkg.conf file
- Once I downloaded the package and try to access web I get error uci_load: not found
- Once I fixed the uci package issue, I enable the uhttpd and start it, but when I try to connect via web I get another error "CGI didn't receive any response"
Questions
Someone with more experience than me could point me wich of these softwares is better to have a spot system/captive portal ?
It's possible that in dd-wrt case the configuration of chillispot wasn't applied to the router configuration ?
For open-wrt anyone has same errors with the web interface ?
I've been reading and it seems that it's possible to configurate ChilliSpot via SSH , but the tutorials I found were not very helpfull, anyone can point me to a good tutorial for this ?
I also have a D-Link dir-615 H2 but it seems to be less compatible with open-wrt and dd-wrt than the TP-LINK.
I would be thankfull for any information that can put me in a good direction, thanks!

Some months ago I found a very easy answer for this question about making a captive portal.
The best of this solution is that the router flashing part is very automatized and the Captive Portal configuration is made through a WEB UI very easy to understand and manage
You may also connect through ssh to the router if some software customization is needed, like VLANS
To use this solution your modem should be in this list(At the time the answer is wrote):
Linksys: WRT54G | WRT54GL | WRT54GS
MiniRouter: MR3201A
FonSpot / Fonera (Atheros)
Ubiquiti: Bullet-M | Nano-M | Rocket-M | Airrouter | UniFi | Bullet/Nano/etc/{2/5}
I used this method in several Ubiquiti AirRouters and now it just take me 5 minutes to configure a router for a HotSpot system using FreeRadius.
I tried with FreeRadius installed in a RaspBerry in LAN and also into an VPS through WAN
The steps to flash any of the above routers are:
Download coova-ap.jnlp from here
Open the file with Java Web Start
For Linux systems: sudo javaws coova-ap.jnlp
You have to click Flash CoovaAP and you will see a window like this where you should select your router model:
After the file is downloaded you will see the next window:
Here you should select your network device, usually eth0 (wired) is the best choice, anyways I strongly recommend to click Save firmware to File button to store a backup of the original firmware.
If youre using an Ubiquiti router, before clicking the Start Flashing
you need to:
. If you re using a Ubiquiti device you should put it in TFTP mode by unplugging the POE ethernet cable, and reconnecting it while holding the reset button for 8 seconds. If this doesnt work, you may have to press it for 16 seconds. The LED lights now should flash alternately indicating TFTP mode.
Once you hit Start Flashing and the flash is done, the router will restart and we will be able to access the router using the same Coova software.
Now the Configure CoovaAP button should be clickable and we will see a very fancy interface to configure the router Captive Portal, we will be able to use different HotSpot configurations.
If the button is not clickable make sure the CoovaAP IP is 192.168.1.1
One of the guides that help me most to configure the router using CoovaAP software was HotSpotSystem: Installation CoovaAP guide
On that tutorial you will have more information about some steps and the mainly configuration of the Captive Portal interface. I didn't add the HotSpot part because the question was about which was the best router configuration.

There are some ways to build a captive portal server:
1.
Regarding router compatibility I can only recommend DD-WRT build 22118 or later (coovachilli based dd-wrt).
Following versions are supported: mini_hotspot (broadcom_K26 non-nv60k , non-nv64k!), nokaid, standard, big or mega. Other versions (like mini or micro) don’t contain the hotspot module so they cannot be used for hotspot purposes.
Once you have a such build, you can start a simple Captive Portal with Chillispot.
All what you need is a FreeRadius server & Web Server.
2.
Using OptWARE
Here I used a router Asus RT N16, I've patched it with dd-wrt.v24-18024_NEWD-2_K2.6_mega.bin
The entire tutorial is here.

Related

A standalone Rasp pi running a web server. Possible?

I have a rasp pi 3 which controls an irrigation system. The pi is headless, and is controlled via the home network by running a Tomcat server, which creates a UI. Mostly, the irrigation system is automatic, but I can log in to the Tomcat server to see the log of its activities, or change settings, or update the planting plan or manually control the sprinklers.
Now I'd like something similar, but in a place where there is no internet available. That is, I'd like to use the pi as a standalone web server, so that I can access the UI using a browser on my phone. I've looked through the rasp pi documentation, but it describes setting up access points, which seem to depend on a wired connection between the pi and the router. I've read about connecting via SSH to a standalone setup, but that article said that support for a standalone server isn't available.
Is what I'm looking for possible?
Thanks,
John

RaspberryPi as AccessPoint with 2 Wifi usb running MITMProxy and ParosProxy

I was trying to study the HTTP(s) requests/response that the apps from my phone are sending so this is what I went ahead and created.
I turned my Raspberry Pi as an access point with 2 wifi usb dongles. One for my phone to connect to the "TEST" network and the second connected to the internet. Everything works fine and my phone is able to access internet via my RPi.
Now I setup MITMproxy (in transparent mode) so that I can sniff the traffic to-from from my phone apps. I installed the mitmproxy certificate on the phone and the traffic shows up fine on the mitmproxy console.
Final step - To make the web traffic data analysis part easier I found on the net that Paros Proxy might be able to help (show the traffic from mitmproxy) in a more readable way. - THIS IS NOT HAPPENING
I am assuming there is some setup required for ParosProxy so that it can be linked to mimtProxy / network interfaces which I am not able to achieve. Can any one please help with this?
ParosProxy dashboard doesnt show any traffic. As far as the settings (Tool->Options) the default settings are there i.e. for local proxy (host = localhost and port = 8080). I couldnt find much documentation about ParosProxy on the web.
My network interfaces on the RPi is as follows :
wlan0 (connected to internet) - DHCP
wlan1 (Access Point to which the phone apps connect to) - static IP (gateway 192.168.10.1)
Just in case there is some other tool that could help me achieve the same (a GUI/better dashboard to analyse mitmproxy traffic in real time) I am pretty open for it.
Yes there is a better option: OWASP ZAP https://www.owasp.org/index.php/ZAP :)
It was forked from Paros ~ 5 years ago, is very actively maintained and pretty well documented.
See https://github.com/zaproxy/zaproxy for links to the online user guide, FAQ user and developer groups.
FYI we have info on how to get ZAP runnin on a Pi: https://github.com/zaproxy/zaproxy/wiki/zappi but that doesnt include setting up wiki access - it would be great if we could update that page with the necessary steps :)
Simon (ZAP project lead)

Passive WiFi detection system using WiFi router

As part of my project requirement I want to make a system which will detect all the WiFi devices in my router range either its connected or not, I did some research on it then I found something like wireshark ,kismate etc I just tried the wireshark by making my Mac machine's WiFi as an adhoc network and its all fine I am able to list all the WiFi devices in wireshark, now I want to make a real-time system based on a real WiFi router I don't know how I will configure my router using my PC and how I will monitor the router from my PC , one more thing if I am using this wireshark how I will use this data for my requirement. If any one worked with similar scenarios please help me..thanks in advance
To do that you will need more than the usual API that you have on commercial WiFi routers (by that I mean a full SSH access). I would:
flash my router with OpenWRT (you can search for your router on this page for detailed instructions)
Install the aircrack-ng suite on the flashed router with
opkg update
opkg install aircrack-ng
Put my WiFi card in monitor mode and run the airodump service:
airmon-ng start wlan0 #Put your NIC in monitor mode
airodump-ng mon0 #Sniff surrounding packets
You don't necessarily have to install aircrack-ng, you can just put your card in monitor mode using command line (look at the documentation for your WiFi driver) and then run tcpdump (command line equivalent to wireshark) but aircrack works very well and has a nice format.
Also, I should warn you that you can brick your router by flashing it. I never had such a problem when flashing router mentioned on the OpenWRT wiki and there are (most of the times) ways to restore a bricked router depending on the brand but I am not responsible if you break it ;)

How to control modems inside a GoIP gateway with AT commands

We have acquired a 4 channel GSM Gateway, model GoIPx4-G610 (the manual is titled "GoIP Series SIM Card for GSM Voice Gateway - GSM VOIP Gateway").
We are looking to develop a custom application to control the GOIP gateway. We have developed in the past custom applications that controlled simple GSM modems through AT commands for sending/receiving SMS messages in particular.
Although the gateway can be controlled through SIP we would like to control the GSM modems embedded in the gateway through AT commands if possible. This is because of the fine grained control AT commands offer and because we do not need VoIP features since we need only to send/receive SMS messages.
The gateway runs an unknown Linux instance to which we can connect through telnet. Unfortunately we do not have the credentials to authenticate to it. The gateway also has a web http administration interface to which we can authenticate but we can't find there settings/information related to channels that we can use for AT commands.
The documentation is very poor and the provider could not offer us any helpful information regarding this.
If anyone knows how we can send AT commands to the modems inside the gateway it is highly appreciated.
Up to now we have tried a brute force attack on the telnet interface to find the credentials with no success. We hope that once we can connect to the Linux instance driving the gateway we can connect from there to the modems through serial connections (to send AT commands) and we can reconfigure it to redirect the connections outside of the modem or to make an interface for sending commands to the modems.
The device has an update firmware option (through the web interface) which always gives the error "download failed". Downloaded the firmware (.pkg file) manually from their update pages and extracted the files from the embedded Linux distribution that should correspond to the ones placed on the gateway. The files were kept in the pkg file as an ROMFS compressed image which we mounted on a test station to see the files (probably the running OS on the gateway is an uClinux distribution).
Did this hoping that we can find there the /etc/passwd file which could be cracked with classic attack. However didn't found it and probably that file is placed on the gateway flash memory (contrary to the Linux files which are stored on the ROM memory). So if there is a way to erase / reset this flash memory that could be a solution (in case the gateway doesn't refuse to boot without those files). Another solution would be to be able to access the flash memory with the passwd file if there is such thing.
You might take the lid off and see what parts are inside.
If it's a general purpose processor with a published data sheet and without a lot of code security features, you might be in luck. For example, you might find:
By guessing headers or tracing from known pins, a console serial port, either logic level or RS232, hopefully with a shell listening
A boot mode pin for the micro connected to a resistor, which you could jumper to cause the micro to boot to a uart bootloader where you could download a new system image, or patch the existing one. If you are lucky the bootloader would be something known, like u-boot.
A JTAG port for the processor
A removable storage device which you could remove and alter
an SPI flash which you could carefully tap into and alter
A flash chip which you could desolder and transplant to a programmer
You could also make a GPL sources request for the kernel and whatever else from the vendor. Or even just trying to identify versions of things like a web server could help you look up any known exploits. Since it seems you have a similar system image to that which is installed, looking through it could be helpful - look for additional daemons running, listening on ports you weren't previously aware of, left over debug support, etc.
I am the developer of the GoIP you've purchased. Instead of trying to hack the GoIP, did you contact us to support your development of custom applications? Here are the updates of GoIP for you.
GoIP now supports SMPP. This could be an alternative to using AT commands to send and receive SMS.
API (Application Programming Interface) for GoIP is now available to support your custom application development.
If AT commands are still the preferred method, please contact us and I would be happy to discuss with you further.

How do you monitor network traffic on the iPhone? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
The community reviewed whether to reopen this question 9 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
We are looking for a Wireshark-like tool to use on the iPhone to test a 3rd party application before partnering with the 3rd party. Any suggestions?
A man-in-the-middle proxy, like suggested by other answers, is a good solution if you only want to see HTTP/HTTPS traffic.
The best solution for packet sniffing (though it only works for actual iOS devices, not the simulator) I've found is to use rvictl. This blog post has a nice writeup. Basically you do:
rvictl -s <iphone-uid-from-xcode-organizer>
Then you sniff the interface it creates with with Wireshark (or your favorite tool), and when you're done shut down the interface with:
rvictl -x <iphone-uid-from-xcode-organizer>
This is nice because if you want to packet sniff the simulator, you're having to wade through traffic to your local Mac as well, but rvictl creates a virtual interface that just shows you the traffic from the iOS device you've plugged into your USB port.
Note: this only works on a Mac.
You didnt specify the platform you use, so I assume it's a Mac ;-)
What I do is use a proxy. I use SquidMan, a standalone implementation of Squid
I start SquidMan on the Mac, then on the iPhone I enter the Proxy params in the General/Wifi Settings.
Then I can watch the HTTP trafic in the Console App, looking at the squid-access.log
If I need more infos, I switch to tcpdump, but I suppose WireShark should work too.
I use Charles Web Debugging Proxy it costs but they have a trial version.
It is very simple to set up if your iPhone/iPad share the same Wifi network as your Mac.
Install Charles on your Mac
Get the IP address for your Mac - use the Mac "Network utility"
On your iPhone/iPad open the Wifi settings and under the "HTTP
Proxy" change to manual and enter the IP from step (2) and then Port
to 8888 (Charles default Port)
Open Charles and under the Proxy Settings dialogmake sure the
“Enable Mac OS X Proxy” and “Use HTTP Proxy” are ticked
You should now see the traffic appearing within Charles
If you want to look at HTTPS traffic you need to do the additional 2 steps download the
Charles Certificate Bundle and then email the .crt file to your
iPhone/iPad and install.
In the Proxy Settings Dialog SSL tab, add the specific https top
level domains you want to sniff with port 443.
If your Mac and iOS device are not on the same Wifi network you can set up your Mac as a Wifi router using the "Internet Sharing" option under Sharing in the System Preferences. You then connect your device to that "Wifi" network and follow the steps above.
Run it through a proxy and monitor the traffic using Wireshark.
For Mac OS X
Install Charles Proxy
In Charles go to Proxy > Proxy Settings. It should display the HTTP proxy port (it's 8888 by default).
For Windows
Install Fiddler2
Tools -> Fiddler Options -> Connections and check "Allow remote computers to connect"
General Setup
Go to Settings > Wifi > The i symbol > At the bottom Proxy > Set to manual and then for the server put the computer you are working on IP address, for port put 8888 as that is the default for each of these applications
ARP Spoofing
General notes for the final section, if you want to sniff all the network traffic would be to use ARP spoofing to forward all the traffic from your iOS to a laptop/desktop. There are multiple tools to ARP spoof and research would need to be done on all the specifics. This allows you to see every ounce of traffic as your router will route all data meant for the iOS device to the laptop/desktop and then you will be forwarding this data to the iOS device (automatically).
Please note I only recommend this as a last resort.
On a jailbroken iPhone/iPod capturing traffic is done nicely by both "tcpdump" and "pirni"- available in the cydia repository. Analysis of these data are done by tranfering the capture over to another machine and using something like wireshark. However, given the active development that seems to be going on with these tools it's possible that soon the iPhone will handle it all.
The best solution I have found that Works:
Connect your device thru USB
And type these commands:
rvictl -s UDID - (id of device 20 chars, you can locate 4t in iTunes or organiser in Xcode)
sudo launchctl list com.apple.rpmuxd
sudo tcpdump -n -t -i rvi0 -q tcp
OR just sudo tcpdump -i rvi0 -n
If rvictl is not working install Xcode
For more info:
Remote Virtual Interface
http://useyourloaf.com/blog/2012/02/07/remote-packet-capture-for-ios-devices.html
Without knowing exactly what your requirements are, here's what I did to see packts go by from the iPhone: Connect a mac on ethernet, share its network over airport and connect the iPhone to that wireless network. Run Wireshark or Packet Peeper on the mac.
Here is another way http://www.tuaw.com/2011/02/21/how-to-inspect-ioss-http-traffic-without-spending-a-dime/
I didn't see Roger Nolan's reply, the above link is same workflow with a different tool.
Depending on what you want to do runnning it via a Proxy is not ideal. A transparent proxy might work ok as long as the packets do not get tampered with.
I am about to reverse the GPS data that gets transferred from the iPhone to the iPad on iOS 4.3.x to get to the the vanilla data the best way to get a clean Network Dump is to use "tcpdump" and/or "pirni" as already suggested.
In this particular case where we want the Tethered data it needs to be as transparent as possible. Obviously you need your phone to be JailBroken for this to work.
Try Debookee on Mac OS X which will intercept transparently the traffic of your iPhone without need of a proxy, thanks to MITM, as stated before.
You'll then see in real time the different protocols used by your device.
Disclaimer: I'm part of the development team of Debookee, which is a paid application. The trial version will show you all functionnalities for a limited time.
A general solution would be to use a linux box (could be in a virtual machine) configured as a transparent proxy to intercept the traffic, and then analyse it using wireshark or tcpdump or whatever you like. Perhaps MacOS can do this also, I haven't tried.
Or if you can run the app in the simulator, you can probably monitor the traffic on your own machine.
Com'on, no mention of Fiddler? Where's the love :)
Fiddler is a very popular HTTP debugger aimed at developers and not network admins (i.e. Wireshark).
Setting it up for iOS is fairly simple process. It can decrypt HTTPS traffic too!
Our mobile team is finally reliefed after QA department started using Fiddler to troubleshoot issues. Before fiddler, people fiddled around to know who to blame, mobile team or APIs team, but not anymore.