PirateBox-redirect
Posted by carlos
This forum is currently read only. You can not log in or make any changes. This is a temporary situation.
Now, this forum is in read-only mode. You find details Details hereContinue on /r/PirateBox
|
PirateBox-redirect April 19, 2015 08:36AM |
Registered: 9 years ago Posts: 5 |
i have a question about the redirect of the piratebox, when a try to go to "[www.example.com"]; this not redirected to piratebox homepage, but if i try to go to hotmail or other page without "https" this does work, is there any way to make it work with https pages?
pd: english isn't my first language.
pd: english isn't my first language.
|
Re: PirateBox-redirect April 19, 2015 01:02PM |
Admin Registered: 13 years ago Posts: 4,680 |
No worries about your language.
Yes, your observations are correct. HTTPS isn't covered by the redirect, because we don't want to spoof or mess around with any SSL stuff. (It is technical not possible to do a redirect in our constellation without using some untrustworthy certificates)
regards Matthias
Yes, your observations are correct. HTTPS isn't covered by the redirect, because we don't want to spoof or mess around with any SSL stuff. (It is technical not possible to do a redirect in our constellation without using some untrustworthy certificates)
regards Matthias
|
Re: PirateBox-redirect April 19, 2015 11:49PM |
Registered: 9 years ago Posts: 5 |
|
Re: PirateBox-redirect June 24, 2015 06:28PM |
Registered: 8 years ago Posts: 7 |
The problem with this is that people who incidentally join the box are most likely going to be loading an HTTPS page by default: google.com, facebook.com, etc. They'll get a timeout and just give up. However, if you redirect HTTPS, they'll at least see the purpose of the box and be able to decide whether to investigate. If the purpose of your box is so that people find it accidentally and contribute/take from it, you're not going to get very many hits.
|
Re: PirateBox-redirect June 24, 2015 06:40PM |
Admin Registered: 13 years ago Posts: 4,680 |
No, that doesn't work. The initial handshake is sending encryption details, where you can't answer with a redirect request.Quote
However, if you redirect HTTPS, they'll at least see the purpose of the box and be able to decide whether to investigate.
You'll get an error like this in the browser
Secure Connection Failed
An error occurred during a connection to 127.0.0.1. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
This is only my signature.
Edited 1 time(s). Last edit at 06/24/2015 06:41PM by Matthias.
|
Re: PirateBox-redirect June 25, 2015 04:02AM |
Registered: 8 years ago Posts: 7 |
|
Re: PirateBox-redirect October 29, 2015 12:34AM |
This is a real bummer.
I was stuck with the same issue before realizing the cause...and then I read this page and all hope was lost.
We were planning on using the Piratebox with a band, and have the visitors of the concert be able to connect to the piratebox during the event to upload their pictures/videos of the evening, or download some free give-away songs from the group.
Having to resolve to making an extra comment during the announcement saying "but please be sure you don't send a https request", especially when consumer browsers on portable devices tend to hide all the details of the target URL ("https:/facebook.com/blablablablablabla" is being displayed as a dumbed-down "facebook.com" ) is unintuitive and clunky at best.
Sure, we could simply tell them to visit any random (or band-related) .com address, any potentially valid domain that does not induce a search by the browser. But it takes out the great perk of:
1)connect with our network-->2)simply open your browser-->3)automatically get redirected, no matter what
The simplicity of connecting to the wifi and boom, done is basically not happening in the real world, with all those pesky IOS and Android browsers. SSL is everywhere, and that is a good thing actually.
I understand the technical reason why this can't be done. Damn you, ssl! Especially when considering I had to tell everybody I know that they should use ssl whenever they could, in the past before it became wider-spread and accepted...
A work-around would still be highly appreciated. Having the browser display a message with "this certificate is unsecure, continue anyway?" would be prefereable to instructions that must be given prior to the PB landing page.
How the hell do commercial captive portals deal with this? It seems the last hotel I was at had gotten this to work...
Keep up the good work, PB is fantastic, and installation was really hassle-free. Well done!
All the best,
Me
I was stuck with the same issue before realizing the cause...and then I read this page and all hope was lost.
We were planning on using the Piratebox with a band, and have the visitors of the concert be able to connect to the piratebox during the event to upload their pictures/videos of the evening, or download some free give-away songs from the group.
Having to resolve to making an extra comment during the announcement saying "but please be sure you don't send a https request", especially when consumer browsers on portable devices tend to hide all the details of the target URL ("https:/facebook.com/blablablablablabla" is being displayed as a dumbed-down "facebook.com" ) is unintuitive and clunky at best.
Sure, we could simply tell them to visit any random (or band-related) .com address, any potentially valid domain that does not induce a search by the browser. But it takes out the great perk of:
1)connect with our network-->2)simply open your browser-->3)automatically get redirected, no matter what
The simplicity of connecting to the wifi and boom, done is basically not happening in the real world, with all those pesky IOS and Android browsers. SSL is everywhere, and that is a good thing actually.
I understand the technical reason why this can't be done. Damn you, ssl! Especially when considering I had to tell everybody I know that they should use ssl whenever they could, in the past before it became wider-spread and accepted...
A work-around would still be highly appreciated. Having the browser display a message with "this certificate is unsecure, continue anyway?" would be prefereable to instructions that must be given prior to the PB landing page.
How the hell do commercial captive portals deal with this? It seems the last hotel I was at had gotten this to work...
Keep up the good work, PB is fantastic, and installation was really hassle-free. Well done!
All the best,
Me
|
Re: PirateBox-redirect October 29, 2015 12:59AM |
|
Re: PirateBox-redirect October 29, 2015 02:55PM |
Admin Registered: 13 years ago Posts: 4,680 |
Hi,
no, a proxy server won't solve this issue.
The hotel webpage/captive portals work in a different way:
PirateBox spoofs directly, that internet is available to Android and iOS devices, that is the reason why there is no browser popping up.
On a normal captive portal, that spoof is not enabled and that is the reason for firing up the (limited (for iOS)) browser opening a HTTP request. This request is directed to the hotel captive portal.
There you perform your login and then you get internet.
Technically, this is possible on those devices, too. We are avoiding this kind of technique because:
a) not every device is able to accept the captive portal thing
b) additional complexity which might fail
c) additional software, which needs to be installed directly on the box (not on the usb stick)
I love your use case and I promote this Band-use case regulary.
You have two options:
1) disable our spoofed "internet yes" answer, but you will be left with the limited iOS browser
2) make an announcement like "Besuche band.de" or
2b) flyers with QR codes including an URL
When you have a few regular people you know, they might help in the first evenings and then it works out.
The other thing is trying to install a real captive portal... I need to dig though that for myself first.
Matthias
This is only my signature.
no, a proxy server won't solve this issue.
The hotel webpage/captive portals work in a different way:
PirateBox spoofs directly, that internet is available to Android and iOS devices, that is the reason why there is no browser popping up.
On a normal captive portal, that spoof is not enabled and that is the reason for firing up the (limited (for iOS)) browser opening a HTTP request. This request is directed to the hotel captive portal.
There you perform your login and then you get internet.
Technically, this is possible on those devices, too. We are avoiding this kind of technique because:
a) not every device is able to accept the captive portal thing
b) additional complexity which might fail
c) additional software, which needs to be installed directly on the box (not on the usb stick)
I love your use case and I promote this Band-use case regulary.
You have two options:
1) disable our spoofed "internet yes" answer, but you will be left with the limited iOS browser
2) make an announcement like "Besuche band.de" or
2b) flyers with QR codes including an URL
When you have a few regular people you know, they might help in the first evenings and then it works out.
The other thing is trying to install a real captive portal... I need to dig though that for myself first.
Matthias
This is only my signature.
|
Re: PirateBox-redirect November 03, 2015 07:00AM |
Admin Registered: 13 years ago Posts: 4,680 |
I'm currently thinking about this topic again, but I haven't come to a conclusion right now.
The possible options are:
- Setup HTTPS fully with a fresh generated self signed cert, just to get the page on the browser
- Pre-Setup HTTPS (install and have an inactive configuration)
- CaptivePortal installation
no decisions made yet
This is only my signature.
The possible options are:
- Setup HTTPS fully with a fresh generated self signed cert, just to get the page on the browser
- Pre-Setup HTTPS (install and have an inactive configuration)
- CaptivePortal installation
no decisions made yet
This is only my signature.
|
Re: PirateBox-redirect November 16, 2015 05:46PM |
