davidl/capport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #6 from splash-networks/ruckus

Browse Source 
Ruckus
This commit is contained in:
Nasir Hafeez
2025-02-24 11:31:33 +05:00
committed by GitHub
parent 0d71534d55 ccf24ff004
commit 7a997b466b
2 changed files with 133 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
Ruckus/README.md
View File

@@ -13,3 +13,43 @@ Apache access log for Ruckus Unleashed:
``` ```
"GET /?sip=192.168.0.253&mac=b479c83c4b20&client_mac=5edec34d503d&uip=192.168.1.106&lid=&dn=&url=http%3a%2f%2fcaptive.apple.com%2fhotspot%2ddetect.html&ssid=Captive+Ruckus+Test&loc=&vlan=1 HTTP/1.0" 200 5193 "-" "CaptiveNetworkSupport-443.40.1 wispr" "GET /?sip=192.168.0.253&mac=b479c83c4b20&client_mac=5edec34d503d&uip=192.168.1.106&lid=&dn=&url=http%3a%2f%2fcaptive.apple.com%2fhotspot%2ddetect.html&ssid=Captive+Ruckus+Test&loc=&vlan=1 HTTP/1.0" 200 5193 "-" "CaptiveNetworkSupport-443.40.1 wispr"
``` ```
When using Ruckus virtual SmartZone (vSZ) the access log is like this:
```
"GET /?nbiIP=192.168.200.211&client_mac=ENCd2dbf9a1f1689ed0e5ab4c59c6ea8055bb6673892a41751e&domain_name=Administration+Domain&reason=Un-Auth-Captive&wlanName=ruckus&dn=scg.ruckuswireless.com&ssid=ruckus&mac=00:33:58:16:ef:20&url=http%3A%2F%2Fconnectivitycheck.gstatic.com%2Fgenerate_204&proxy=0&vlan=1&wlan=1&sip=scg.ruckuswireless.com&zoneName=8DT35_ORh3sMfx-OkfQWdsVkUHecuUNVnVoM7abVZ-Q_1740048752130&apip=192.168.200.32&sshTunnelStatus=1&uip=ENCb2579826807a6430655a4e4d78347972&StartURL=https%3A%2F%2Fwww.google.com HTTP/1.1" 200 4378 "-" "Mozilla/5.0 (Linux; Android 14; SM-A336E Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/133.0.6943.49 Mobile Safari/537.36"
```
We can use the command `no encrypt-mac-ip` in vSZ commandline to get unencrypted MAC and IP in the query parameters:
```
"GET /?nbiIP=192.168.200.211&client_mac=2A:27:69:06:54:D7&domain_name=Administration+Domain&reason=Un-Auth-Captive&wlanName=ruckus&dn=scg.ruckuswireless.com&ssid=ruckus&mac=00:33:58:16:ef:20&url=http%3A%2F%2Fconnectivitycheck.gstatic.com%2Fgenerate_204&proxy=0&vlan=1&wlan=1&sip=scg.ruckuswireless.com&zoneName=9cnnpXWnSBXgaxwcB5hfZLjF4XXDk0VPL61R2DOf-nA_1740227749817&apip=192.168.200.32&sshTunnelStatus=1&uip=192.168.200.34&StartURL=https%3A%2F%2Fwww.google.com HTTP/1.1" 200 636 "-" "Mozilla/5.0 (Linux; Android 14; SM-A336E Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/133.0.6943.49 Mobile Safari/537.36"
```
FreeRADIUS debug log:
```
(0) Received Access-Request Id 51 from 192.168.200.211:51082 to 192.168.200.38:1812 length 356
(0) User-Name = "test"
(0) User-Password = "test"
(0) NAS-IP-Address = 192.168.200.32
(0) Service-Type = Login-User
(0) Framed-IP-Address = 192.168.200.34
(0) WISPr-Logoff-URL = "http://192.168.200.38"
(0) Ruckus-VLAN-ID = 1
(0) Ruckus-SSID = "ruckus"
(0) Ruckus-Wlan-Name = "ruckus"
(0) Ruckus-Zone-Name = "Default Zone"
(0) Ruckus-Client-Host-Name = "Nasir-s-A33"
(0) Ruckus-Client-Os-Type = "Android"
(0) Ruckus-Client-Os-Class = "Android"
(0) Ruckus-Client-Device-Type = "Smartphones"
(0) Called-Station-Id = "00-33-58-56-EF-20:ruckus"
(0) Calling-Station-Id = "2A-27-69-06-54-D7"
(0) NAS-Identifier = "00-33-58-56-EF-20"
(0) Acct-Session-Id = "815dfcc8-855c-453f-a3e2-fd57c5110165"
(0) NAS-Port-Type = Wireless-802.11
(0) Event-Timestamp = "Feb 24 2025 05:44:20 UTC"
(0) Message-Authenticator = 0x3659ab5f1b72213ad75c26c56219b0b5
(0) Proxy-State = 0x323439
```

93
Ruckus/vsz/index.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
session_start();
########### Set the following parameters according to your environment #########
// Northbound Portal Interface credentials
$username = 'admin';
$password = 'Admin@123';
// Redirect URL after successful user authorization
$redirectURL = "https://www.google.com";
################################################################################
if (!isset($_POST['submit'])) {
$_SESSION['url'] = "http://" . $_GET['nbiIP'] . ":9080/portalintf";
// In case of https: $_SESSION['url'] = "https://" . $_GET['nbiIP'] . ":9443/portalintf";
$_SESSION['client_mac'] = $_GET['client_mac'];
$_SESSION['uip'] = $_GET['uip'];
} else {
$postData = [
"Vendor" => "ruckus",
"RequestUserName" => $username,
"RequestPassword" => $password,
"APIVersion" => "1.0",
"RequestCategory" => "UserOnlineControl",
"RequestType" => "Login",
"UE-IP" => $_SESSION["uip"],
"UE-MAC" => $_SESSION["client_mac"],
"UE-Proxy" => "0",
"UE-Username" => $_SESSION['client_mac'],
"UE-Password" => $_SESSION['client_mac']
];
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $_SESSION['url'],
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => json_encode($postData),
CURLOPT_HTTPHEADER => array(
'Content-Type: application/json'
),
));
$response = curl_exec($curl);
curl_close($curl);
if ($response !== false) {
$json = json_decode($response, true);
$responseCode = $json['ResponseCode'];
if ($responseCode == 201 || $responseCode == 101) {
header("Location: " . $redirectURL);
} else {
echo "Error: check with your network administrator";
}
}
else {
die("Error: check with your network administrator");
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>WiFi Portal</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
</head>
<body>
<p>Welcome!<br>
Please login to our Wifi service</p>
<form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<input type="submit" name="submit" value="LOGIN" />
</form>
</body>
</html>