Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to access the Internet through WEB authentication under Linux". In daily operation, I believe that many people have doubts about how to access the Internet through WEB authentication under Linux. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts of "how to access the Internet through WEB authentication under Linux". Next, please follow the editor to study!

Abstract

By analyzing the process of Web authentication under windoze, this paper puts forward a method of using * script * to access the Internet through Web authentication in Linux.

The origin of the problem

Recently, with the entry of broadband into the home, more and more ISP adopt the access authentication technology of Web authentication. From the user's point of view, Web authentication refers to the authentication process in which the user enters the user name and password through the Web page in the browser. Most ISP claims that they do not need client software, but the reality is that Windoze users can successfully access the Internet through Web authentication, but Linux users are not so lucky.

Analyze the reasons

What's the reason? To solve the problem, we also need to start with the analysis of the authentication page, the following analysis is mainly aimed at my situation here. When the authentication page is opened in Mozilla, nothing is displayed. After a careful analysis of the authentication page, it is found that the authentication page is written in JavaScripts and is compiled for IE. IE does not use JavaScripts exactly as standard. IE has made some extensions to JavaScripts, including the following:

* .cab files for download of binaries

* document.all

* Element [XSS _ clean]

...

Please refer to http://www.stopbadtherapy.com/standards.shtml for details.

These extensions of IE to JavaScripts are not supported by Mozilla. In fact, Mozilla supports standard JavaScripts better than IE. Therefore, browsers such as Mozilla, which have the characteristics of IE, are naturally unable to pass.

From the point of view of the user's browser, Web authentication not only enters the user name and password through the Web page, but also needs to transmit the customer's IP obtained by DHCP through the http protocol. Some ISP automatically downloads the .cab file when the user logs in to the authentication page, then executes the file to get the user's IP, and then passes it to Web Server. Some ISP will pop up a time window on the client side and send keep-alive packets to ISP regularly after the user has been authenticated. Of course, Web certification is a relatively new way, has not yet formed a standard, so the methods of various providers are not the same, the so-called villages have different tricks, your method there is likely to be different from mine, but the reason should be the same. According to the above analysis, it can be seen that it is naturally impossible for Linux users to surf the Internet directly by logging in to the Web authentication interface with a non-IE compatible browser.

Solution method

Well, there are several solutions to the problem on JavaScripts, where these Web pages use the IE dialect:

one. Use IE compatible browsers under Linux, do you have it? Who knows? please tell me.

two. Is there any success in using wine + IE? Let's share it.

three. If we change these words to Mandarin, we can use non-IE browsers such as Mozilla to surf the Internet through Web authentication.

four. ISP is required to provide an authentication page that supports W3C standards.

five. Analyze the principle of web authentication and write the authentication program.

The most ideal way is four, but I can't wait, and I may not be able to wait. Maybe you are luckier than me. I take the third method, for method three, you must ask: the authentication page is on Web Server, I have no right to modify it, it won't work. Indeed, there is a workaround: download the authentication page, modify it according to the JavaScripts standard and save it locally, and use the locally modified Web authentication page instead of the Web Server authentication page every time you go online. For the specific modification method, refer to the comparison table in http://www.stopbadtherapy.com/standards.shtml, find out the JavaScritps in which the authentication page uses IE dialect, and modify your authentication page accordingly according to the modification suggestions provided in the comparison table. For authentication pages that use .cab, the situation is more complicated. You need to analyze the use of this .cab in your JavaScripts and determine its function. I use it here to get the local IP. So, I executed the script locally to get IP to simulate this functionality. It seems that .cab has something to do with IP.

An example

* take me here as an example, my use environment:

ISP: TieTong ADSL

Authentication method: Web authentication

ISP access server: Huawei Quidway MA5200E/F (the specific model cannot be completely determined)

Linux:GENTOO 1.4 rc-3

Browser: Mozilla 1.4a/Phoenix 0.5

* using mozilla under Linux (it is a bit superfluous to use a non-IE browser to obtain the authentication page, but some users debug it under Window$). When visiting the WEB authentication page of ISP, the browser does not display anything, so it is impossible to enter the account number and password, let alone pass the authentication. This is not difficult for our linuxer. Check the source code of the authentication page (/ index.jsp) and find these two paragraphs of javascript:

The code is as follows:

Id= "PortalClient"

Codebase= http://61.61.61.61:80/PortalAX.cab#version=1,0,1,8

...

Var clientIp = PortalClient.localIP

Var languagetype = 0

If ((clientIp== "") (clientIp==null)) {

Window.parent.location.href= "/ ipError.jsp"

} else {

Window.parent.location.href= "/ queryPort.jsp?ip=" + clientIp+ "newbl=" + languagetype

}

You can see that it uses PortalClient to get the local IP, and if successful, go to http:// your WEB authentication page / queryPort.jsp?ip= your current IP. Mozilla does not support it to get IP (PortalClient, which is for IE, alas, this program is too short-sighted), which seems to be the problem. In that case, we can add our own IP manually (this IP is the address obtained by the network card connected to ADSL from ISP's DHCP server). In the Mozilla address bar, enter:

Http://61.61.61.61/queryPort.jsp?ip=192.168.0.2

-^-^

-your ISP authentication server.-your current IP.

Ta-da, the login page is out!

Enter your account number and password and press the login button. ).

Viva!!!

ISP home page was finally found out, in the terminal ping www.gnu.org, ping, no problem.

* so far, the web authentication method has been completed under Linux. The method is simple. Every time you surf the Internet, type in the address bar of mozilla:

Http:// your ISP authentication server address / queryPort.jsp?ip= your current IP

When the login page comes out, it is exactly the same as in IE.

* of course you can write these steps as a script and simply execute the script later.

The code is as follows:

#! / bin/bash

Dhcpcd eth2

Phoenix http://61.61.61.61/queryPort.jsp?ip=`ifconfig eth2 grep inet sed's / ^ * / / 'sed's / /: / g' cut-f3-d: `&

Description:

Eth2 is the name of the network card associated with ADSL. Fill in it according to your actual situation.

61.61.61.61 is the certified address of my ISP.

The next paragraph is to get the ip address of the eth2.

Be careful! Be sure to use a non-IE browser to get the debug authentication page, because IE can execute the JavaScripts of the authentication page, some authentication processes are actually completed by executing multiple pages, and the last page of IE is not necessarily the initial authentication page. You may miss the important information above, as is the case here.

Another way

If you are not satisfied with method 3, you can use method 5 to continue to analyze the principle of web authentication and write your own authentication program. In fact, after figuring out the principle, the implementation method is simpler and more flexible, and this method can only be adopted when ISP requires the client to send keep-alive packets regularly. Here's what I did:

one. Use network analysis software (such as ethereal) to grab the communication packets of the normal authentication process.

Under windoze, grab the bag with ethereal. Note that when grabbing packets, do not start other programs that generate network communications except IE, so as not to interfere with data; save these communication packets.

two. Analyze the contents of the captured package

Just take a look at the communication packets generated by the web authentication process and you can see why I say this method is easier. To put it simply, web authentication is actually a process in which clients use http protocol to send user names, passwords and IP to ISP. The client reads the authentication page and sends the completed authentication page form to the authentication server of ISP. The process is that simple.

three. Write programs that generate these packages

Using any language or tool that supports http protocol, you can write a program that authenticates form to the POST authentication page of the authentication server, and it is not even necessary to read the authentication page. I made one each with curl and python. If you have a slight understanding of the http protocol, just find the form of the POST user name, password and other data on the authentication page, and then convert it to the syntax format of your language, there is no need to analyze the complicated Javascripts in the authentication page at all. The same method is used for keep-alive packets sent out by the time window.

Example:

* on the authentication page

The code is as follows:

User name:

Secret code:

* A script written in curl:

Bash/shell Code copies content to the clipboard

#! / bin/bash

/ etc/init.d/myiptables start

Dhcpcd eth2

MYIP= `ifconfig eth2 grep inet sed's / ^ * / / 'sed's / /: / g' cut-f3-d: `

Echo $MYIP

UN=88888888

SERVER=61.61.61.61

Curl-trace trace.txt-A 'Mozilla'-d "username=$UN&password=8888&localip=$MYIP&connectname=&connecttype=-1" http://$SERVER/secu/webLogin.jsp

Description: curl is a command line program that uses url syntax to transfer files, supporting protocols such as http,ftp, similar to wget.

In the above example, the command line argument-An of curl indicates the type of client, which the server needs to specify for security. Either Mozilla or IE is fine. I prefer to use Mozilla. -d is required and is represented by the POST method. The content after-d is the user name, password, IP address and other information. Fill in the input item of form on your authentication page, the content is consistent with it, and the parameters are separated. This is followed by the address of the authentication page. After executing the script, 200 OK is returned, indicating that the authentication is successful. Otherwise, carefully check whether the parameters after-d are normal and the address is correct.

* Authentication program written in python:

The code is as follows:

#! / usr/bin/env python

Import httplib, urllib

Params = urllib.urlencode ({'connectname':''

'connecttype':-1

'consumeright': 0

'separatecard': 0

'localip': '192.168.000.000'

'IsIndex': 0

'username': 88888888

'password': 8888})

Headers = {'Accept':' text/html', 'User-Agent':' Mozilla'

'Content-Type': 'application/x-www-form-urlencoded'}

Server = '61.61.61.61'

Path ='/ secu/webLogin.jsp'

Conn = httplib.HTTPConnection (server)

Conn.request ("POST", path, params, headers)

R1 = conn.getresponse ()

Print r1.status, r1.reason

Data1 = r1.read ()

Print data1

Conn.close ()

The program that generates the keep-alive package

The code is as follows:

#! / usr/bin/env python

Import httplib

Def testHttplib (server, path):

Req = httplib.HTTP (server)

Req.putrequest ('GET', path)

Req.putheader ('Accept',' text/html')

Req.putheader ('User-Agent',' Mozilla')

Req.endheaders ()

Ec, em, h = req.getreply ()

Fd = req.getfile ()

Return fd.read (), (ec, em)

Myip = '192.168.000.000'

Server = '61.61.61.61'

Path ='/ ClientProcess.jsp?MsgType=1&ISNNO=1001&LocalIP=' + myip

# print 'testing "% s% s"'% (server, path)

DataHttplib, result = testHttplib (server, path)

# print "data length (httplib):", len (dataHttplib), result

# print dataHttplib

Description:

Python is a powerful scripting language similar to Perl. As you can see, it does the same job as curl, but it's more elegant. Be careful not to leave out the 'User-Agent'' and 'Content-Type'' content here. I've wasted a lot of time on this. Other instructions are the same as those given by curl.

Finally, add the following to crontab to ensure that a keep-alive packet is sent to ISP every 5 minutes to simulate the time window function.

* / 5 * / home/zest/keepalive.py

Summary of method 5:

* the method is simple and clear.

* wide adaptability

* script implementation, away from the browser and graphics environment, is more suitable for environments that require automatic login (for example, self-built servers)

At this point, the study on "how to access the Internet through WEB authentication under Linux" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.