• Registered: 2008-05-08
  • Posts: 2

Topic: Trouble getting through capture page workaround

Hello everybody.

Just got my first Chumby. Definitely won't be my last. But I first need to get past my capture page and log on. I saw the workaround on the wiki, but don't know how to change the script to work with my page. Here is a snippet from the source code.



<!DOCTYPE html
        PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head><title>Vernier Secure Logon</title></head>
<body bgcolor="#ffffff" onload="document.forms.logonForm.username.focus(); document.forms.logonForm.javaworks.value = 1" scroll="auto">
<center>

       

<form method="post" enctype="application/x-www-form-urlencoded" name="logoffForm">

       

<p><table cellspacing="0" cellpadding="0" border="0" width="500">
<tr><td align="center" colspan="3"><a href="http://www-no.ucsd.edu"><img src="/locations/UCSD Logon/custom_logo_1_1.gif" border="0" alt="Vernier Networks, Inc."></a></td></tr>
<tr><td colspan="3" height="5"><img src="/dot-clear.gif" border="0" width="1" height="5"></td></tr>
<tr><td colspan="3"><img src="/dot-black.gif" border="0" width="100%" height="1"></td></tr>
<tr><td colspan="3" height="5"><img src="/dot-clear.gif" border="0" width="1" height="5"></td></tr>

<tr><td align="center"><font size="2" color="#000000" face="arial,helvetica,sans-serif">You are not logged on.</font><P></td></tr></table>

       

</form>

        <font size="2" color="#000000" face="arial,helvetica,sans-serif"><HR>
<p>
<strong><font color=Red>
This wireless service is not secure.  You must protect sensitive transmissions,
including passwords,
with additional encryption using SSL, SSH, or VPN.
</font></strong>
<HR>
<P>

<P>
</font>

<form method="post" action="https://wireless-cs2.ucsd.edu:443/logon" enctype="application/x-www-form-urlencoded" name="logonForm">

            <INPUT name=query_string type=hidden value=""><INPUT name=javaworks type=hidden value=0>
<INPUT name=vernier_id type=hidden value="VernierNetworks">
<INPUT name=product_id type=hidden value="VNSS">
<INPUT name=releast_id type=hidden value="1.0">
<INPUT name=logon_status type=hidden value="0">
<INPUT name=guest_allowed type=hidden value="0">
<INPUT name=realm_required type=hidden value="0">
<INPUT name=secret type=hidden value="ae77980453865a03a86febc4faa66014c16da1428bcad6e844d86c954d6c646005dfcbdf44431136003ee4a5bdc98a3d">
<INPUT name=verify_vernier type=hidden value="57604d4d20b6364a0d011f934ceac909">

<font face="arial,helvetica,sans-serif"><table cellspacing="0" cellpadding="1" border="0" width="500" bgcolor="#666699"><tr><td><table cellspacing="0" cellpadding="5" border="0" width="100%"><tr><td align="center" bgcolor="#666699"><font size="4" color="#ffffff"><b>Registered Users</b></font></td></tr><tr><td align="center" bgcolor="#ffffff"><table cellspacing="0" cellpadding="2" border="0"><tr align="right"><td><font size="2">Username:</font></td><td><font size="2"><input type="text" name="username" size="15"></font></td></tr><tr align="right"><td><font size="2">Password:</font></td><td><font size="2"><input type="password" name="password" size="15"></font></td></tr></table></td></tr><tr><td align="center" bgcolor="#ffffff"><input name="logon_action" type="submit" value="Logon User"></td></tr></table></td></tr></table><p></font>

           

</form>

           
        <p>

<font size="1" face="arial,helvetica,sans-serif">Copyright © 2001-2006 Vernier Networks, Inc. All rights reserved.</font>

</center>

        

</body></html>

   

Any help on how I should change the script would be hugely appreciated.


#!/bin/sh
# bind to wifi network...replace "mysid" with the ESSID
iwconfig rausb0 essid "mysid"
# DHCP config; should be pretty standard
udhcpc -t 5 -n -p /var/run/udhcpc.rausb0.pid -i rausb0
# this outputs your IP address from the dhcp connect...you may need it (I did)
IP=`ifconfig rausb0 | perl -n -e 'if (m/inet addr:([\d\.]+)/g) { print $1 }'`;
fbwrite "$IP"
# post to capture login page. this has to be customized per form (I needed the ip addy from above for the source field)
# the -k is for the insecure https connection; you can remove if the post is to http:// rather than https://
OP=`curl -k -d "_FORM_SUBMIT=1" -d "which_form=guest" -d "bs_email=email@foo.bar" -d "source=10.12.44.66" https://10.34.23.27/login.pl`;
## if you need further debugging, uncomment the next line
fbwrite "$OP"

Joseph

  • Duane
  • Duane
  • Blue Octy
  • Offline
  • From: San Diego, CA
  • Registered: 2006-08-24
  • Posts: 8,203

Re: Trouble getting through capture page workaround

The trick is replacing this line:

OP=`curl -k -d "_FORM_SUBMIT=1" -d "which_form=guest" -d "bs_email=email@foo.bar" -d "source=10.12.44.66" https://10.34.23.27/login.pl`;

What you need to do is substitute the values that your serve wants, which is in the form on your HTML page:

OP=`curl -k -d "query_string=" -d "javaworks=0" -d "vernier_id= VernierNetworks" -d "product_id=VNSS" -d "releast_id=1.0" -d "logon_status=0" -d "guest_allowed=0" -d "realm_required=0" -d "secret=ae77980453865a03a86febc4faa66014c16da1428bcad6e844d86c954d6c646005dfcbdf44431136003ee4a5bdc98a3d" -d "verify_vernier= 57604d4d20b6364a0d011f934ceac909" -d "username=YOURUSERNAME" -d "password=YOURPASSWORD" https://wireless-cs2.ucsd.edu:443/logon`;

One possible issue here is that the "secret" and "verify_vernier" fields may change each time you visit the page, in which case you'll need to fetch the HTML and pull them out with some regexes and substitute them accordingly.

There's a strong possibility that some of these fields aren't actually used - I suspect that "releast", for instance, is a typo.

Duane's Website

  • Registered: 2008-04-02
  • Posts: 17

Re: Trouble getting through capture page workaround

I didn't even bother with the workaround and instead found my Chumby's MAC address, used my computer to spoof it (search Google for instrcutions for your OS) and then registered. I then switched the PC back to the original MAC and then the Chumby logged on like it was registered with the WiFi.

  • Registered: 2008-05-08
  • Posts: 2

Re: Trouble getting through capture page workaround

Thank you so much for your help folks! I'll give it a try and get back to you with my success story (cross fingers).

Joseph

  • Duane
  • Duane
  • Blue Octy
  • Offline
  • From: San Diego, CA
  • Registered: 2006-08-24
  • Posts: 8,203

Re: Trouble getting through capture page workaround

briguyd wrote:

I didn't even bother with the workaround and instead found my Chumby's MAC address, used my computer to spoof it (search Google for instrcutions for your OS) and then registered. I then switched the PC back to the original MAC and then the Chumby logged on like it was registered with the WiFi.

Yeah, that's a very common and easy trick if your OS and adaptor support it.

Duane's Website

  • Registered: 2008-04-02
  • Posts: 17

Re: Trouble getting through capture page workaround

Duane wrote:
briguyd wrote:

I didn't even bother with the workaround and instead found my Chumby's MAC address, used my computer to spoof it (search Google for instrcutions for your OS) and then registered. I then switched the PC back to the original MAC and then the Chumby logged on like it was registered with the WiFi.

Yeah, that's a very common and easy trick if your OS and adaptor support it.

Should that tip be added to the wiki? When I was setting up my Chumby, I really didn't want to have to use the current solution on the wiki, so I thought about it and tried this one on my own (not looking it up elsewhere, I was proud of myself :-P ). Should it be added under the current solution as an alternative?

  • Duane
  • Duane
  • Blue Octy
  • Offline
  • From: San Diego, CA
  • Registered: 2006-08-24
  • Posts: 8,203

Re: Trouble getting through capture page workaround

Sure - the wiki is meant to be edited by the community.

Feel free to add it on the "tricks" page.

Duane's Website