很多路由器在还没有配置路由信息的时候,只要一连接wifi/有线,就会自动弹出路由器web配置页面,强制用户配置一次基本信息才可以进行上网
这也其实也是portal认证的一种应用,原本的portal是跳转到后台认证服务器页面,目前是跳转到路由器本地管理页面。
所以我们只需要根据应用策略进行区分,然后修改跳转的页面url即可。
为啥有时候会自动弹出,有时候不会自动弹出呢?
portal的原理是捕获80端口和443端口的流量,转到2060端口,然后做重定向。所以只要设备没有这两个80的数据访问就没有办法跳转。
我们抓取电脑网络刚通时的数据包,可以发现比如window就会自动访问类似www.microsoft.com、www.msftconnecttest.com这些域名。
但是访问的这些域名不一定是通过80/443来访问,而是其他私有协议交互,所以为了加快跳转,我们不通过portal的端口捕获原理,而直接使用dnsmasq的域名劫持原理,只要访问这个域名就直接跳转到路由器本地配置页面。
dnsmasq启动代码添加:
local target_ip="1.127.127.254"
#windows
uci add_list dhcp.@dnsmasq[0].address='/www.msftconnecttest.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/dns.msftncsi.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/geo.prod.do.dsp.mp.microsoft.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/www.microsoft.com/'$target_ip
#ubuntu
uci add_list dhcp.@dnsmasq[0].address='/connectivity-check.ubuntu.com/'$target_ip
#google
uci add_list dhcp.@dnsmasq[0].address='/connectivitycheck.gstatic.com/'$target_ip
#apple
uci add_list dhcp.@dnsmasq[0].address='/www.apple.com/'$target_ip
#Samsung
uci add_list dhcp.@dnsmasq[0].address='/connectivitycheck.android.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/clients3.google.com/'$target_ip
#xiaomi
uci add_list dhcp.@dnsmasq[0].address='/connect.rom.miui.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/connect.miui.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/s1.miui.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/captive.v2ex.co/'$target_ip
#vivo
uci add_list dhcp.@dnsmasq[0].address='/www.googleapis.cn/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/connectivitycheck.vivo.com.cn/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/connect.vivo.com.cn/'$target_ip
#oppo
uci add_list dhcp.@dnsmasq[0].address='/connectivity.oppo.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/connect.oppo.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/connect.oppomobile.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/www.oppo.com/'$target_ip
#huawei
uci add_list dhcp.@dnsmasq[0].address='/www.huawei.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/connect.cloud.huawei.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/www.hwcdn.net/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/connect.vmall.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/hispace.dbankcloud.com/'$target_ip
#huawei harmonyOs
uci add_list dhcp.@dnsmasq[0].address='/connectivitycheck.platform.hicloud.com/'$target_ip
uci add_list dhcp.@dnsmasq[0].address='/connectivitycheck.cbg-app.huawei.com/'$target_ip
#Google Chrome
uci add_list dhcp.@dnsmasq[0].address='/connectivitycheck.gstatic.com/'$target_ip
#Mozilla Firefox
uci add_list dhcp.@dnsmasq[0].address='/detectportal.firefox.com/'$target_ip
#Apple Safari or Opera
uci add_list dhcp.@dnsmasq[0].address='/captive.apple.com/'$target_ip
#Microsoft Edge
uci add_list dhcp.@dnsmasq[0].address='/msftconnecttest.com/'$target_ip
uci commit dhcp
/etc/init.d/dnsmasq restartdnsmasq停止代码添加:
uci -q delete dhcp.@dnsmasq[0].address
local ret=$?
if [ "$ret" == "0" ]; then
logger -t portal "del dnsmasq url address success, restart dnsmasq"
uci commit dhcp
/etc/init.d/dnsmasq restart
fi