Announcement

Collapse
No announcement yet.

How to... test an internet link when....

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    How to... test an internet link when....

    I am trying to distuingish two cases:

    one is when I am behind (no access) a public wifi hotspot that requires a licence thing.
    two is when I am past it.

    Now the local firewall of that wifi hotspot disallows everything but 80 and 443, and redirects every request for those ports to its own authentication servers.

    Meaning, if I "nc -z $host 80" I always get a success because it simply redirects me to itself. Pings don't work.

    I mean currently I can probably check my routing table to see if it agrees with the local wifi that I am talking about. But that is a not very general approach. I would have to check the default route but that doesn't tell me whether I am past the firewall or not. Past the router/gateway or not.

    I can retrieve a random webpage that I know for sure should have a certain content, such as certain identification strings. But a problematic thing is that the thing often bugs out and starts endlessly redirecting me.

    A random web page retrieval would then either retrieve something fishy (uncongruent with my request) or I get a redirect loop which in this case indicates the same condition.

    Alright thanks for reading. I have been able to concoct something within a minute or 10. Regular bash scripting this time without fancy conditionals. Makes coding a dozen of times faster. Makes it possible to actually know what you're doing and read what you're writing ;-).

    Going to try it again, hope my links come back. Cya.

    #2
    Yeah, it works. Here is the script for those who care:

    Code:
    #!/bin/bash
    
    # check whether we already have a link to some site:
    
    testlink="www.dds.nl"
    loginserver="star.parnassiagroep.nl"
    
    case $MODE in
        start)
            if [[ $IFACE == "wlan0" && $PHASE == "post-up" ]]; then
                echo "  Waiting 5 seconds for the routing table to be updated:" >&2
                sleep 5s
                echo "  Retrieving known port 80 page:" >&2
                wget $testlink --wait=1 --retry=2 -o /tmp/testpage.log -O /tmp/testpage.html --max-redirect=3
                if [ $? -ne 0 ]; then
                    grep "exceeded" < /tmp/testpage.log > /dev/null
                    if [ $? -eq 0 ]; then
                        echo "  Thing is redirecting me. Assuming gateway auth failure, and exiting with 8" >&2
                        exit 8
                    fi
                    echo "  There is an error and I am not really sure but here is the data:" >&2
                    echo >&2
                    cat /tmp/testpage.log >&2
                    exit 1
                fi
                grep "rechten DDS" < /tmp/testpage.html > /dev/null
                if [ $? -ne 0 ]; then
                    echo "  They gave me a different page!! Assuming for the moment Parnassia login page. Otherwise need to analyse login page." >&2
    
                    wget --max-redirect=3 --post-file=/etc/network/login.postdata -o /tmp/login.log --output-document=/tmp/wba_login.html http://$loginserver/aaa/wba_form.html || {
                        result=$?
                        echo "  The login failed, ideally this should not happen because we have already had the login page from them. Here is the log:" >&2
                        cat /tmp/login.log >&2
                        exit 2
                    }
                else
                    echo "  We already have a link then. No login needed anymore. Proceed with care. The dogs are watching." >&2
                    exit 0
                fi
                echo "  Grepping login result for key string:" >&2
                grep "connecting you" < /tmp/wba_login.html > /dev/null
                if [ $? -ne 0 ]; then
                    echo "  Hmm.. something went wrong again apparently. Here is the output again:" >&2
                    echo >&2
                    cat /tmp/wba_login.html >&2
                    echo >&2
                    echo "  Just repeating the initial test to make sure:" >&2
                    wget $testlink -o /tmp/testpage2.log -O /tmp/testpage2.html --max-redirects=3
                    grep "rechten DDS" < /tmp/testpage2/html > /dev/null
                    if [ $? -eq 0 ]; then
                        echo "  We have a link regardless!" >&2
                        exit 0
                    else
                        echo "  There is no link, and the output of the login script failed, but who knows what fishy **** might be happening beneath the surface. Exiting with error. Test your default test server to see if that is not the problem. Bye." >&2
                        exit 3
                    fi
                fi
                exit 0
            fi
            exit 0
            ;;
        stop)
            #nothing to do
            exit 0
            ;;
    esac
    Last edited by xennex81; Mar 05, 2015, 12:00 PM.

    Comment


      #3
      waay off in left field.

      install KDE connect on a phone and the machine.

      ping.

      woodsmoke

      Comment


        #4
        That's a pretty neat trick.

        In many cases these days, the captive portal is handled by the wi-fi access points themselves. These can be a lot more challenging to circumvent than ones that use captive portals on separate web servers and rely on DNS trickery to (try to) force you to log on. I know you weren't specifically asking about circumvention in your post, but I just thought I'd mention my observations...

        Comment


          #5
          Originally posted by woodsmoke View Post
          install KDE connect on a phone and the machine.
          Not sure what THAT would do. I have no wifi here other than that portal. I take it KDE connect would rely on a wifi or internet link (??) from the phone. I usually have neither.

          These can be a lot more challenging to circumvent than ones that use captive portals on separate web servers and rely on DNS trickery to (try to) force you to log on.
          Hmm, unless I am mistaken there is truly no routing for me until I am past that license thing. I must have attempted direct IP links many times. I once played with hacking a Fonera router. The Fonera required access to a RADIUS server to get a login okay. The hack consisted of introducing a custom DNS server that would redirect the auth request to your custom RADIUS server. But it never worked for me and in the end I discovered that my Fonera was of a model that did not need the hack because its bootloader was accessible from an IP link ;-).

          But actually in this case the access portal is located perhaps more than a 100km away. One of the people working for IT support that I was able to corner for a while ;-) told me so. But he also related not knowing anything useful about anything useful ;-P. The wifi is probably connected by VPN to that network. And the outgoing link then happens at that network junction or exit node.

          Which means I can probably access any node on the current subnet and I could use it to connect my own devices indeed. Even without internet. Not that that has much use at the moment, but still. Routing is probably based just on IP addresses from this subnet being added to the auth pool.

          Relinquishing DHCP immediately forgoes your access rights... .

          I actually think Linux/Kubuntu has this daemon that does stuff when your laptop (in this case) goes into standby such as telling the DHCP daemon to send a RELEASE?

          Which can hurt me more than it knows .

          My god, I had made an error in one of the scripts I was writing which caused ifup eth0 to exit with an error, which cause "upstart" to never run, which caused the bootprocess to halt for 2 minutes for "failsafe" measure Weirdness.

          Waiting anguishly for a link that will never come for 2 minutes. Never had anything more annoying in my life . The thing carelessly sleeps for 20 seconds, then writes a message, sleeps for 40 seconds, writes another message, waits for 59 seconds and then as a form of marvelous surrender waits for another 1 second just to show off ;-) ;-).

          It's a bit weird, the address pool is 3x 255 subnets (255.255.252.0) and it is a pretty large organisation. I could spend my time hacking other clients connected to it, but I think my time is better spent hacking the employee wifi that also exists here .

          The original DHCP server should be the same as the gateway, which is 192.168.103.254. But the auth server is 192.168.103.244 unless the redirect loop happens and you are sent elsewhere?. But when I check my logs or the DHCP release happens it goes to 192.168.100.99 sometimes? Something I don't know. IT here is terrible. The physical link that I am now working on (just using a weird I.E. 6 computer) is meant to have a MAC isolation/protection/disallow but actually you can just use it and you'll have a link, only it will be a very different subnet.

          They have computers that are probably fast enough to run anything but the software on it (site kiosk something) is so bad that you've probably never used a slower or badder computer. I also have to take care it doesn't randomly goes into lock mode. A single website script accessing an illegal link can cause this, probably. So have to post now.
          Last edited by xennex81; Mar 05, 2015, 12:31 PM.

          Comment


            #6
            This is just too insane.

            I have this automated script now that will fire attempts at getting the appropriate logon page from the auth gateway.

            I has never been successful. It is like it knows I am uncertain about any kind of success (hence, why other try to run an automated "hope I get lucky script?") and therefore always fails to logon.

            Now some guy goes and throws some positive karma at it.....and bang.

            It gets the page and logs on.

            Impossible.... at times. I've had it before. I threw a bit of positive karma at a woman who made a good symbol of "reception". I told her since she came from the outside, she would be a good person for drawing in outside signals (I needed to receive a text message in an area that has poor coverage). I had been trying to get the reception for like 30 minutes already. I did my little ritual with her, gave her my phone, she held it for 20 seconds, gave it back, 10 seconds later (at most) I got my text.

            This guy goes like "come on, give us some juice, signal please, come on, we can do this, just log me on now" and the next attempt the script does.... bam success.

            Impossible.

            First success ever for this script in a million attempts thus far :P :P :P :P.

            Oh my god.

            How negative must I be about everything? It must be incredible.

            I had noticed before that personal attempts (just fire up the same script by myself) (as part of an if-up.d sequence) would often be successful.

            The same script (at least, the same commands for logging on) fired as part of a "hope I get lucky" script/sequence, never succeeds.

            I have never had an automated result with it.

            Incredible.
            Last edited by xennex81; Mar 14, 2015, 12:50 PM.

            Comment

            Working...
            X