davidl/capport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added opennds

Browse Source
This commit is contained in:
Nasir Hafeez
2023-08-15 12:11:49 +05:00
parent 6445d5b12d
commit 195b42f96d
7 changed files with 194 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
NoDogSplash/README.md
View File

@@ -1,17 +0,0 @@
# NoDogSplash External Captive Portal Using FAS
This is an example of a PHP based external captive portal for NoDogSplash (NDS) using its Forwarding Authentication Service (FAS). The code given here can be used to setup a basic captive portal featuring an HTML login form.
NDS supports sending the client token to the external captive portal aka FAS in clear text as well as in encrypted format. This portal is for the latter case in which `fas_secure_enabled` option is set to `2` in NDS config file. NDS while redirecting the user to fas passes two encrypted parameters `fas` and `iv` in the HTML GET request. The code given here decrypts them to reveal the following parameters:
```
clientip, clientmac, gatewayname, tok, gatewayaddress, authdir, originurl
```
The original code for this can be found here:
https://github.com/nodogsplash/nodogsplash/blob/master/forward_authentication_service/fas-aes/fas-aes.php
The `$redir` parameter may be set to redirect the client after successful authorization.
The NDS documentation is very clear and detailed and can be found here:
https://nodogsplashdocs.readthedocs.io/en/stable/overview.html

27
NoDogSplash/connecting.php
View File

@@ -1,27 +0,0 @@
<?php
session_start();
$authaction = $_SESSION["authaction"];
$tok = $_SESSION["tok"];
$redir = $_SESSION["redir"];
?>
<html>
<head>
<meta charset="utf-8">
<title>WiFi Portal</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<link rel="stylesheet" href="bulma.min.css" />
<script defer src="fontawesome-free-5.3.1-web\js\all.js"></script>
</head>
<body onload="document.hiddenform.submit()">
<form method="get" name="hiddenform" action='<?php echo htmlspecialchars($authaction);?>'>
<input type="hidden" name="tok" value='<?php echo htmlspecialchars($tok);?>'>
<input type="hidden" name="redir" value='<?php echo htmlspecialchars($redir);?>'>
</form>
</body>
</html>

60
NoDogSplash/index.php
View File

@@ -1,60 +0,0 @@
<?php
session_start();
$key="12345";
date_default_timezone_set("UTC");
if (isset($_SERVER['HTTPS'])) {
$protocol="https://";
} else {
$protocol="http://";
}
$cipher="AES-256-CBC";
$docroot=$_SERVER['DOCUMENT_ROOT'];
$me=$_SERVER['SCRIPT_NAME'];
$home=str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);
$header="NDS Captive Portal";
if (isset($_GET['fas']) and isset($_GET['iv'])) {
$string=$_GET['fas'];
$iv=$_GET['iv'];
$decrypted=openssl_decrypt( base64_decode( $string ), $cipher, $key, 0, $iv );
$dec_r=explode(", ",$decrypted);
foreach ($dec_r as $dec) {
list($name,$value)=explode("=",$dec);
if ($name == "clientip") {$clientip=$_SESSION["clientip"]=$value;}
if ($name == "clientmac") {$clientmac=$_SESSION["clientmac"]=$value;}
if ($name == "gatewayname") {$gatewayname=$_SESSION["gatewayname"]=$value;}
if ($name == "tok") {$tok=$_SESSION["tok"]=$value;}
if ($name == "gatewayaddress") {$gatewayaddress=$_SESSION["gatewayaddress"]=$value;}
if ($name == "authdir") {$authdir=$_SESSION["authdir"]=$value;}
if ($name == "originurl") {$originurl=$_SESSION["originurl"]=$value;}
}
}
// Add headers to stop browsers from cacheing
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
$authaction=$_SESSION["authaction"]="http://".$gatewayaddress."/".$authdir."/";
?>
<html>
<head>
<meta charset="utf-8">
<title>WiFi Portal</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
</head>
<body>
<p>Welcome!<br>
Please login to our Wifi service</p>
<form method="post" action="connecting.php">
Name
<input type="text" name="name" placeholder="Insert Name"><br>
Email
<input type="email" name="email" placeholder="Insert Email"><br>
<input type="submit" value="Sign up">
</form>
</body>
</html>

37
OpenNDS/README.md Normal file
View File

@@ -0,0 +1,37 @@
# OpenNDS External Captive Portal Using FAS
This is an example of a PHP based external captive portal for OpenNDS using its Forwarding Authentication Service (FAS).
OpenNDS supports FAS in 4 modes. The following files contain external portal code for each mode respectively.
| Level | Filename |
|---------|------------|
| 0 | fas-0.php |
| 1 | fas-1.php |
| 2 and 3 | fas-23.php |
The code contained in these files is a simplified version of files that come with OpenNDS: `fas-hid.php`, `fas-aes.php` and `fas-aes-https.php`.
Apache access logs for these modes are given below:
Level 0:
```
"GET /?authaction=http://192.168.1.1:2050/opennds_auth/?clientip=192.168.1.249&gatewayname=openNDS%20Node%3ae4956e4d641c%20&tok=89db8dfe&redir=http%3a%2f%2fconnectivitycheck.gstatic.com%2fgenerate_204 HTTP/1.1" 200 439 "-" "Mozilla/5.0 (Linux; Android 13; SM-A336E Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/115.0.5790.166 Mobile Safari/537.36"
```
Level 1:
```
"GET /fas-1.php?fas=aGlkPTJlNjA3MzA0ZjZmNjk4M2IzZjUyYjZlMTBiNGU0YzYyZGRjNzQ0MDk5MTY4YzI3ZGRhMGZjNzZkYjMwZjIyNTIsIGNsaWVudGlwPTE5Mi4xNjguMS4yNDksIGNsaWVudG1hYz0wZToyYTo2OTo3NTo5NzoxOCwgY2xpZW50X3R5cGU9Y3BkX2NhbiwgZ2F0ZXdheW5hbWU9b3Blbk5EUyUyME5vZGUlM2FlNDk1NmU0ZDY0MWMlMjAsIGdhdGV3YXl1cmw9aHR0cCUzYSUyZiUyZnN0YXR1cy5jbGllbnQsIHZlcnNpb249MTAuMS4yLCBnYXRld2F5YWRkcmVzcz0xOTIuMTY4LjEuMToyMDUwLCBnYXRld2F5bWFjPWU0OTU2ZTRkNjQxYywgb3JpZ2ludXJsPWh0dHAlM2ElMmYlMmZjb25uZWN0aXZpdHljaGVjay5nc3RhdGljLmNvbSUyZmdlbmVyYXRlXzIwNCwgY2xpZW50aWY9d2xhbjAsIHRoZW1lc3BlYz0sIChudWxsKShudWxsKShudWxsKShudWxsKQ== HTTP/1.1" 200 608 "-" "Mozilla/5.0 (Linux; Android 13; SM-A336E Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/115.0.5790.166 Mobile Safari/537.36"
```
Level 2 and 3:
```
"GET /fas-23.php?fas=SHNBbnkrOEgxNnRia0dFY21nNEYyT3p5ZFBTZVJUN3JobTMyeUFhNDRVT3Z0NWdYWFBJTFdGcUxpelpjYnNveEpnaFcyREJLZmMySTczSU9rU1FSWlE2SUpjV2sxYVQ0Q3Z5bHAyV2EwdWprY2Z0V2plUXZIN2tNVk5rTXlPc1VyeXJSeFREOUc5dEwwKzF4NUZuQ2x1amptVGpCZEx0YjJZYzV5N0x5aTVBSElWeWpaYmVsYXMzRHlaMWwxc2JTS1JsdjAyeXE1WlhueTNhVXVGdytnTTJWbUlycEUxTGl1TVVJNlF2b2VXU0JaS2ZscjB4ZUJpZFF6K01XanhaandZYU9QQXh4YUQrQkwwWlBDZ25wRWlrYURhaXU2YTBNSWk3bll5a0lJaWNxUFlQUFk1ZUZwZmtIek8vZmFJOGVETiswMWMvdGtxQzlva1VnV3c3cUtFZStxZll5aENlbStpTmVGS3lhWVEweDNiNkVNckQ3K2RuMTg3WXlUdEsyeUVHU0pzQ0RFRkVicmVOTVl5ak84RVE1dWxNVlVTUHo0UHpoaTNvZ0FGSkZMeUxkeC9CNVlnYyt1c09aSVVTNER0MS9EM1pmb3dNQjIvd1BvbzFCLy9CSmZHSDZ2WEZ3QWNRbE9pb1NweVBZQ1lkQWN5MTRoalgrSVMybmZkc0p4OEJ5b1RCVm5TYkJqckE3VHZrK3VzWUEwblNJOVM5RzZjOWpoSzVXS0t3VFpUY2hQRjdRdFNhNW50K0plNmE5L3JYT21CUVpsNzFoMVB3QU5uSEkrZz09&iv=3ef72fdbb9cc115b HTTP/1.1" 200 5899 "-" "Mozilla/5.0 (Linux; Android 13; SM-A336E Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/115.0.5790.166 Mobile Safari/537.36"
```
The `$redir` parameter may be set to redirect the client after successful authorization.
OpenNDS documentation is very clear and detailed and can be found [here](https://opennds.readthedocs.io/en/stable/index.html).

31
OpenNDS/fas-0.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
$authaction = $_GET['authaction'];
$tok = $_GET['tok'];
$redir = $_GET['redir'];
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>
Free WiFi
</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<p>Connecting</p>
<form id="form1" name="form1" method=GET action="<?php echo htmlspecialchars($authaction); ?>">
<input name=tok value="<?php echo htmlspecialchars($tok); ?>" type="hidden">
<input name=redir value="<?php echo htmlspecialchars($redir); ?>" type="hidden">
</form>
<script type="text/javascript">
window.onload = function () {
window.setTimeout(function () {
document.form1.submit();
}, 2);
};
</script>
</body>
</html>

56
OpenNDS/fas-1.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
$fullname=$email=$gatewayname=$clientip=$gatewayaddress=$hid=$gatewaymac=$clientif=$redir=$client_zone="";
$key="128bcddbf4df3e16147dbb31b3b1b16472a3d2608f10b5407c8cdc352433761f";
$fas=$_GET['fas'];
$decoded=base64_decode($fas);
$dec_r=explode(", ",$decoded);
foreach ($dec_r as $dec) {
@list($name,$value)=explode("=",$dec);
if ($name == "clientip") {$clientip=$value;}
if ($name == "clientmac") {$clientmac=$value;}
if ($name == "gatewayname") {$gatewayname=$value;}
if ($name == "gatewayurl") {$gatewayurl=rawurldecode($value);}
if ($name == "version") {$version=$value;}
if ($name == "hid") {$hid=$value;}
if ($name == "client_type") {$client_type=$value;}
if ($name == "gatewayaddress") {$gatewayaddress=$value;}
if ($name == "gatewaymac") {$gatewaymac=$value;}
if ($name == "authdir") {$authdir=$value;}
if ($name == "originurl") {$originurl=$value;}
if ($name == "clientif") {$clientif=$value;}
if ($name == "admin_email") {$admin_email=$value;}
if ($name == "location") {$location=$value;}
}
$authaction = "http://" . $gatewayaddress . "/opennds_auth/";
$tok=hash('sha256', $hid.$key);
$redir="https://www.google.com";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>
Free WiFi
</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<p>Connecting</p>
<form id="form1" name="form1" method=GET action="<?php echo htmlspecialchars($authaction); ?>">
<input name=tok value="<?php echo htmlspecialchars($tok); ?>" type="hidden">
<input name=redir value="<?php echo htmlspecialchars($redir); ?>" type="hidden">
</form>
<script type="text/javascript">
window.onload = function () {
window.setTimeout(function () {
document.form1.submit();
}, 2);
};
</script>
</body>
</html>

70
OpenNDS/fas-23.php Normal file
View File

@@ -0,0 +1,70 @@
<?php
$fullname=$email=$gatewayname=$clientip=$gatewayaddress=$hid=$gatewaymac=$clientif=$redir=$client_zone="";
$key="128bcddbf4df3e16147dbb31b3b1b16472a3d2608f10b5407c8cdc352433761f";
$cipher="AES-256-CBC";
$iv=$_GET['iv'];
$string=$_GET['fas'];
$ndsparamlist=explode(" ", "clientip clientmac client_type gatewayname gatewayurl version hid gatewayaddress gatewaymac authdir originurl clientif admin_email location");
$decrypted=openssl_decrypt( base64_decode( $string ), $cipher, $key, 0, $iv );
$dec_r=explode(", ",$decrypted);
foreach ($ndsparamlist as $ndsparm) {
foreach ($dec_r as $dec) {
@list($name,$value)=explode("=",$dec);
if ($name == $ndsparm) {
$$name = $value;
break;
}
}
}
if (isset($gatewayurl)) {
$gatewayurl=rawurldecode($gatewayurl);
}
$me=$_SERVER['SCRIPT_NAME'];
$host=$_SERVER['HTTP_HOST'];
$fas=$GLOBALS["fas"];
$iv=$GLOBALS["iv"];
$clientip=$GLOBALS["clientip"];
$gatewayname=$GLOBALS["gatewayname"];
$gatewayaddress=$GLOBALS["gatewayaddress"];
$gatewaymac=$GLOBALS["gatewaymac"];
$key=$GLOBALS["key"];
$hid=$GLOBALS["hid"];
$clientif=$GLOBALS["clientif"];
$originurl=$GLOBALS["originurl"];
$authaction="http://$gatewayaddress/opennds_auth/";
$tok=hash('sha256', $hid.$key);
$redir="https://www.google.com";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>
Free WiFi
</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<p>Connecting</p>
<form id="form1" name="form1" method=GET action="<?php echo htmlspecialchars($authaction); ?>">
<input name=tok value="<?php echo htmlspecialchars($tok); ?>" type="hidden">
<input name=redir value="<?php echo htmlspecialchars($redir); ?>" type="hidden">
</form>
<script type="text/javascript">
window.onload = function () {
window.setTimeout(function () {
document.form1.submit();
}, 2);
};
</script>
</body>
</html>