Solved Connect to "open" network from command line

Panadestein

Panadestein

Hello everyone!

I just recently installed FreeBSD 11.0 for the very first time and I'm really exited about it. I know I will learn a lot of things by using it. At the current moment I'm dual booting FreeBSD and Arch Linux, but I'm having some troubles to connect to the internet on my fresh FreeBSD install. Before to explain my issue, I would like to say that I used this excellent guide to perform the config.

The problem is that the network that I use on the university (ESS network, I think is very common in students residences and malls etc.) requires a login with a web browser, and even when I created successfully my wlan0 interface and connected to the desired network with DHCP modifiying /etc/rc.conf, I still can't access to the internet.

Without internet it would be virtually impossible install software and truly enjoy the new system. I would really appreciate any help or suggestion. Thanks in advance.
 
You need to find out the direct address of the captive portal (domain or IP). Then it should be possible to simulate a login using the fetch(1) system utility on te command line:

fetch https://LOGINNAME:PASSWORD@captive-portal-ip-or-domain.nam

You could also place your user name and the password in to the file ~/.netrc, then you won't need to pass the login information as part of the URI.
 
obsigna said:
fetch https://LOGINNAME:PASSWORD@captive-portal-ip-or-domain.nam
Click to expand...
My LOGGINGNAME is my email address, and this is giving me parsing issues with the command. Any idea of how to quote @ symbol?
Otherwise I will try one of the console based web browsers suggested by aragats. But how to compile the port if I don't have internet?
 
Phishfry said:
Failing this method I would investigate wpa_supplicant. It works on many wireless connection types as well.
wpa_cli is the command line program.
Click to expand...
This looks nice, but how can I install wpa_cli without connection?

aragats said:
I guess it's pretty standard to use # symbol instead.
Click to expand...
I tried several ways to quoting this
fetch https://myself@mail.ext:PASSWORD@portal.selfcare/new including double (" ") and single (' ') quotes in the mail address (also tried your suggestion), but still have parsing error
 
wpa_cli is part of wpa_supplicant which is in the base install.

That said I am not finding much on it. It supports a mode called hs20 or Hotspot2.0 and that is all I see.
 
Panadestein said:
... I tried several ways to quoting this
fetch https://myself@mail.ext:PASSWORD@portal.selfcare/new including double (" ") and single (' ') quotes in the mail address (also tried your suggestion), but still have parsing error
Click to expand...

This is an URL and in URL's, you may use URL encoding. The url encoded at sign is %40, so you would use:

fetch https://myself%40mail.ext:PASSWORD@portal.selfcare/new

The whole scheme would only work in the case of the two HTTP authentication schemes, i.e. the browser shows the login dialog box. If the username/password is asked on the web page itself, then this won't work anyway with fetch, and the more versatile ftp/curl which could be used in this case, is not in the base system.
 
obsigna said:
The whole scheme would only work in the case of the two HTTP authentication schemes, i.e. the browser shows the login dialog box. If the username/password is asked on the web page itself, then this won't work anyway with fetch, and the more versatile ftp/curl which could be used in this case, is not in the base system.
Click to expand...
This is my case I'm afraid, so fetch will not work. Now I will try the Phishfry's wpa_supplicant suggestions, but I recognize myself in a really inconvenient situation...

Anyway, sorry if the next idea sounds stupid, but I wan to use all my resources: is it possible to use some configuration file (or any other information available) on my Arch Linux system (which does have internet access to the cited network) to help me with this issue? Again, I'm speaking from my ignorance.
 
I suggest you contact the sysadmin staff for your schools wireless network. They might have a sample wpa_supplicant.conf to use.
They should be able to help with which authenticator is in use.

Sidestepping that you could fire up a Linux Live and see what that uses for http authentication protocol. Wicd shows it.
Dunno about networkmanager.
 
Panadestein said:
This is my case I'm afraid, so fetch will not work. Now I will try the Phishfry's wpa_supplicant suggestions, but I recognize myself in a really inconvenient situation...
Click to expand...

I can tell you what I would do in your case, and with a little bit help of us, presumably you can do the same. If the credentials are passed by the way of a web page, then the browser would send a so called GET or POST request to the web server with all the parameters passed in the form of varname1=value1&varname2=value2&varname3=value3&.... This POST or GET request is not very complicated and it can be prepared into a text file, and this text file can be submitted to the server using the openssl s_client command.

The things that we need to know are, the URL on which the server expects incoming GET/POST requests, and of course we need to know the variable names, perhaps it is as simple as user= and password=.

  1. Enter the login page (the one where you would enter the username/password combo) using Firefox on your Linux system,

  2. Enter the developers menu and let Firefox display the HTML source code of that particular page,

  3. Copy this HTML source and annex this to your response on the forum, and I will tell you how to mount the request text file and send it to the web server using openssl(1).
 
If you cannot retrieve pkgs using FreeBSD, use ArchLinux to get them and save them to a FAT32 formatted USB stick, which you can later access form FreeBSD using mount /dev/da0s1 /mnt.
 
obsigna said:
Copy this HTML source and annex this to your response on the forum, and I will tell you how to mount the request text file and send it to the web server using openssl(1).
Click to expand...
Here it is my friend, I should learn a little of web development, one never knows when you need it.
Code: 
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible">
<link href="/assets/url_icon-4ebe679e322d14356e5018aad8666d33.png" rel="shortcut icon" type="image/x-icon">
<title>Portail Wifirst</title>
<link href="/assets/application_v2-047481ac8e383dd29d5123ec0263e182.css" media="all" rel="stylesheet" type="text/css" />
<script src="/assets/application-4af8eb7ef5ce1c551937b768a2fdca59.js" type="text/javascript"></script>
<meta content="authenticity_token" name="csrf-param" />
<meta content="hVztN0Kp2aZP057Fist7Ty9eGZyriAM4roQ7zbSW3R0=" name="csrf-token" />
<meta name="description" content="Accédez à votre espace personnel en vous authentifiant sur le portail Wifirst. Pour consulter les offres disponibles, vous devez être connecté sur le réseau Wifirst.">
<meta name="keywords" content="internet haut débit, fournisseur d’accès, internet illimité, résidence, étudiants, WiFi, téléphonie, télévision, logements, réseau, communauté, internet, haut débit, illimité, sans fil, FAI, étudiant, France">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1">
<style>
  /*<![CDATA[*/
    body.portal #content #message { color: #00749C;}
    body #banner .border-bottom, body .navbar-inner { background-color: #00749C;}
    body #message .wifi {color: #00749C;}
    body h2, body h3, body h4, body a { color: #00749C; }
    body .bg-primary { background-color: #00749C;
    }
  
    body .btn.btn-primary {
        color: #FFF;
        background-color: #00749C;
    }
    body .btn.btn-primary:hover,
    body .btn.btn-primary:active,
    body .btn.btn-primary.active,
    body .btn.btn-primary.disabled,
    body .btn.btn-primary[disabled] {
        color: #FFF;
        background-color:  #00749C;
    }
  
    body .navbar .navbar-inner { background-color: #00749C}
    body .navbar.custom .nav > .active > a,
    body .navbar.custom .nav > .active > a:hover,
    body .navbar.custom .nav > .active > a:focus {
      background: #00749C;
    }
  
    body.selfcare.application fieldset a.with_row:before, body.selfcare.application fieldset .wifirst-documents li:before {
      color: #00749C;
    }
    body #help .phone-number { background: #00749C;}
    body ul.steps li.current .count, body ul.steps li.past .count, body ul.steps li.current .title {color: #00749C;}
  /*]]>*/
</style>
</head>
<body class="portal code_coupon_uniquement organism_40 wifirstsite_316">
<div class="row-fluid" id="banner">
<div class="span12">
<img alt="Bandeau_smartcampus" src="/system/customizations/banners/000/000/417/original/bandeau_smartCampus.jpg?1412758154" />
<div class="border-bottom"></div>
</div>
</div>
<div class="container">
<div id="content">
<div id="message">
Activate your Internet connection in seconds!
</div>
<div class="row-fluid">
<div class="span6" id="left-pane">
<div class="panel"><h2>Connection code</h2>
<div class="enter_coupon_label">
<p>
If you have a connection code, enter it here
:
</p>
<form accept-charset="UTF-8" action="/coupons/use" method="post"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="&#x2713;" /><input name="authenticity_token" type="hidden" value="hVztN0Kp2aZP057Fist7Ty9eGZyriAM4roQ7zbSW3R0=" /></div>
<input autocapitalize="off" autocorrect="off" class="input-block" id="connection_code" name="code" placeholder="Connection code" type="text" value="" />
<button class="btn btn-primary" id="submit-connection_code-form">
<i class="icon-play"></i>
Confirm
</button>
</form>
</div>
</div>
</div>
<div class="span6" id="right-pane">
<div class="panel" id="signin"><h2>Sign in</h2>
<form accept-charset="UTF-8" action="/sessions" id="signin-form" method="post"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="&#x2713;" /><input name="authenticity_token" type="hidden" value="hVztN0Kp2aZP057Fist7Ty9eGZyriAM4roQ7zbSW3R0=" /></div>
<input class="input-block" id="login" name="login" placeholder="Email" type="text" value="" />
<input class="input-block" id="password" name="password" placeholder="Password" type="password" value="" />
<div class="pull-left">
<button class="btn btn-primary submit-connexion-form" id="submit-connexion-form">
<i class="icon-play"></i>
Sign in
</button>
</div>
<div class="pull-right" style="margin-top:7px;">
<div class="remember-forgot">
<label class="remember">
<input name="remember_me" type="checkbox" value="0">
<span>Remember me</span>
</label>
<a href="/password_requests/new" class="forgot">Forgot your password?</a>
</div>
</div>
<div class="clearfix"></div>
</form>
</div>
<div class="panel panel-small" id="fiber">
<h4>
<table>
<tr>
<td width="55px"><img alt="Icone_fibre" height="50" src="/assets/icone_fibre-62c8e0f3b3da9d9a628155c03e31d5c9.png" /></td>
<td>Your site is connected by optical fiber</td>
</tr>
</table>
</h4>
<div class="clearfix"></div>
</div>
<div class="panel panel-small hidden-phone" id="logo">
<center><img alt="Capture_d%e2%80%99%c3%a9cran_2016-01-13_%c3%a0_11.45.40" src="/system/customizations/home_logos/000/000/417/original/Capture_d%E2%80%99%C3%A9cran_2016-01-13_%C3%A0_11.45.40.png?1452681982" /></center>
</div>
</div>
</div>
<div class="row-fluid">
<div class="panel" id="help"><h2>Need Help?</h2>
Call our Customer Service on +331 70 70 46 26
</div>
<div id="partner-message">Service provided by
<img alt="Logo_sfr" height="24" src="/assets/logo_sfr-851623a2bffc63708d75d81e8b898005.png" />
<img alt="Logo_2014_bleu" height="24" src="/assets/logo_2014_bleu-a8a167cf62718ca7754c9509994429a8.png" />
<br>
in partnership with the CNOUS
</div>
</div>
</div>
<div class="clearfix"></div>
<div class="clearfix"></div>
</div>
<footer>
<ul><li><a href="https://smartcampus.wifirst.net/about">About Smartcampus</a></li><li><a href="http://www.wifirst.fr/mentions-legales">Legal information</a></li><li><div class="langs">
<a href="/sessions/new?user_locale=en" class="en" title="English"><span>en</span></a>
<a href="/sessions/new?user_locale=fr" class="fr" title="Français"><span>fr</span></a>
<a href="/sessions/new?user_locale=de" class="de" title="Deutsch"><span>de</span></a>
<a href="/sessions/new?user_locale=es" class="es" title="Español"><span>es</span></a>
<a href="/sessions/new?user_locale=nl" class="nl" title="Nederlands"><span>nl</span></a>
<a href="/sessions/new?user_locale=zh" class="zh" title="中国"><span>zh</span></a>
</div></li>
</ul>
<div class="clearfix"></div>
<div class="copyright">
Copyright © Wifirst 2002-2017
</div>
</footer>
</body>
</html>
<script>
  //<![CDATA[
    $(document).ready(function(){
      if (!areCookiesEnabled()) {
        alert("Cookie functionality is turned off in the browser. Please go to your browser preferences to allow local data.");
      }
    });
  //]]>
</script>
 
The excerpt which tells us how to mount the request is this:
Code: 
...
<form accept-charset="UTF-8" action="/sessions" id="signin-form" method="post">
<input name="utf8" type="hidden" value="&#x2713;" />
<input name="authenticity_token" type="hidden" value="hVztN0Kp2aZP057Fist7Ty9eGZyriAM4roQ7zbSW3R0=" />
<input class="input-block" id="login" name="login" placeholder="Email" type="text" value="" />
<input class="input-block" id="password" name="password" placeholder="Password" type="password" value="" />
<button class="btn btn-primary submit-connexion-form" id="submit-connexion-form"><i class="icon-play"></i>Sign in</button>
...
</form>
Once you submit the form using a normal browser with your e-mail address and a password, the browser generates a POST request and sends it to https://portal.selfcare/sessions. The POST request is in plaint text with the content URL encoded where necessary, and it can be constructed manually. Here comes an example with rolf@example.com in the e-mail field and PASSWORD in the password field:
Code: 
POST /sessions HTTP/1.1
Host: portal.selfcare
Content-Type: application/x-www-form-urlencoded
Content-Length: 127
User-Agent: SSLClient - Mozilla/5.0 (alike) - 11

utf8=%E2%9C%93&authenticity_token=hVztN0Kp2aZP057Fist7Ty9eGZyriAM4roQ7zbSW3R0%3D&login=rolf%40example.com&password=PASSWORD
This request can be send to the server using the s_client command of openssl(1). Before I come to this, I need to clarify some obstacles:
  1. The HTTP header field Content-Length:, here 127, must exactly match the length of the actual request. Your e-mail address and your password may be of different length than in my example above. Therefore, you need to replace rolf%40example.com and PASSWORD by your actual URL encoded credentials, and in addition you need to count the new length of that line, starting utf8= until the end of your password + 2 for the end of line CRLF.

  2. All non low ASCII and all HTML special characters must be encoded, see https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters. E.g. if your password contains non alpha numeric characters, then most probably you need to lookup and replace these by there respective percent encodings.

  3. The HTML form contains a hidden variable named authenticity_token, here it was hVztN0Kp2aZP057Fist7Ty9eGZyriAM4roQ7zbSW3R0. This variable needs to be passed back unchanged with the POST request to the server. The obstacle with that is, that this most probably is a matter of change. At least you need to verify the actual authenticity_token and perhaps change it in your POST request before submitting this to the server.

  4. However, the whole HTML page suggests, that session cookies need to be exchanged, which anyway would work for browsing the web only, and if this is the case you won't be able to access the internet by anything else than a reasonably capable web browser.
For verifying the authenticity_token, it might be sufficient to submit the following command: fetch -o - https://portal.selfcare/new | grep --colour authenticity_token.

If this does not reveal the token, then you need to find it out within Firefox on your linux installation and go back to FreeBSD and use it from there, hoping that its validity period is long enough for surviving the switch.

Once you mounted the request into a text file, let's say ~/wifilogin.req, then you can submit it to the server using the following command:
cat ~/wifilogin.req | openssl s_client -connect portal.selfcare:443 -crlf

Good luck!

PS:

In order to see the response of the server, add the flag -ign_eof to the openssl command:
cat ~/wifilogin.req | openssl s_client -connect portal.selfcare:443 -crlf -ign_eof

Any missing or self signed certificate errors can be ignored for now. The HTTP status response of the server should be 200.
 
I finally managed to solve my problem, but my solution is not an answer to the title of this post, so correct me if I can't mark it as solved. What I did is to use my Android phone, and perform a simple USB tethering.

This worked perfectly, and I could install XFCE desktop and some applications, I am really happy (even when I have another issues with Xorg, but that's another story). Moral:

If you have a hammer, everything looks like a nail!
 
You must log in or register to reply here.
Back
Top