Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,110 --> 00:00:06,180
Now I have my fake access point already running like I showed you before.
2
00:00:06,180 --> 00:00:10,250
And as you seen in the previous lecture the access point works.
3
00:00:10,380 --> 00:00:16,500
People can connect to it and when they go to any Web site they'll be redirected to my logon page which
4
00:00:16,560 --> 00:00:18,110
is great.
5
00:00:18,120 --> 00:00:24,090
One thing that I wasn't very happy with is the fact that when people connect to this fake access point
6
00:00:24,420 --> 00:00:27,120
they want to see the logon screen automatically.
7
00:00:27,120 --> 00:00:31,840
They literally have to go open their browser and browse for something.
8
00:00:32,100 --> 00:00:39,450
And this is not the exact behavior that you would get when you connect to a captive portal because usually
9
00:00:39,450 --> 00:00:43,950
when you connect to it you see the logon page automatically display to you.
10
00:00:44,310 --> 00:00:47,440
So that's what I'm going to try to achieve in this lecture.
11
00:00:47,760 --> 00:00:53,400
And we basically have all the hard work done already we have our web server working.
12
00:00:53,460 --> 00:00:55,550
We have our access point working.
13
00:00:55,650 --> 00:01:02,630
We have our DNS server automatically redirect and all our requests to my fake logon page.
14
00:01:02,670 --> 00:01:09,790
The only reason why it's not working right now is because some of the requests sent by Windows.
15
00:01:09,810 --> 00:01:15,780
So by the by the system that the target is using are not being handled properly.
16
00:01:16,230 --> 00:01:22,340
And what I mean by that is when when someone first connects to a captive foretold the system will send
17
00:01:22,360 --> 00:01:28,080
requests to a certain server dependent on the system whether it runs on Windows whether it runs on Linux
18
00:01:28,370 --> 00:01:34,680
Mac or else whether it's an iPhone or a smartphone they'll send a request to a certain server if they
19
00:01:34,680 --> 00:01:41,010
get the response that they expect they'll think that this is a normal network and they'll just not do
20
00:01:41,010 --> 00:01:47,130
anything if they don't get the request that they expect they'll think that this is a captive portal
21
00:01:47,340 --> 00:01:51,150
and they'll show the captive portal logon page.
22
00:01:51,150 --> 00:01:58,020
Now in my example I'm already redirecting requests to my Web site so there might be there has to be
23
00:01:58,020 --> 00:02:03,500
something happening at the background that the request sent by the system by Windows.
24
00:02:03,510 --> 00:02:11,760
In my case are not being handled properly and after investigation I discovered that the quests sent
25
00:02:11,760 --> 00:02:18,050
to w w w dot web websites have to be redirected to just the domain name.
26
00:02:18,180 --> 00:02:26,370
So whenever the windows for example requests requests w w w dot Microsoft dot com it should be handled
27
00:02:26,460 --> 00:02:29,680
as Microsoft dot com instead.
28
00:02:29,820 --> 00:02:31,980
Now to achieve this is very easy.
29
00:02:32,040 --> 00:02:37,540
We just have to modify the configuration of our web server which is Apache.
30
00:02:38,010 --> 00:02:45,180
So to do that we're going to use Lyford which is just a text editor and the configuration file for Apache
31
00:02:45,270 --> 00:02:57,600
is stored in Iti see Apache sites enabled and 000 default dot com.
32
00:02:58,260 --> 00:03:03,420
So we haven't done anything complicated so far we're doing leafnode which is a text editor and we're
33
00:03:03,420 --> 00:03:09,330
trying to open this file which is the configuration file for Apache.
34
00:03:09,330 --> 00:03:15,490
I'm going to hit enter and you should get something like this because this is the default file.
35
00:03:15,540 --> 00:03:24,760
It's not modified a tall now in this file we need to add rules to redirect any request to w w w dot
36
00:03:24,760 --> 00:03:30,940
something that whatever to just the domain name without the w w w.
37
00:03:30,940 --> 00:03:36,670
So literally just delete the W W W from the request to do that we have to use.
38
00:03:36,670 --> 00:03:38,090
Rewrite rules.
39
00:03:38,480 --> 00:03:44,560
And first of all before we can actually put your right rules we have to put them inside a directory
40
00:03:44,560 --> 00:03:45,420
tag.
41
00:03:45,880 --> 00:03:52,690
So I'm going to open a tag and type directory and you're going to have to put the location where your
42
00:03:52,690 --> 00:04:01,420
web site is stored and my website is stored inverted W W W D M L and I'm just going to close the directory
43
00:04:01,420 --> 00:04:03,220
tag as well so I don't forget that.
44
00:04:03,220 --> 00:04:12,290
So it's similar to write an HMO code and inside this directory we're going to add the rewrite rules
45
00:04:12,290 --> 00:04:19,470
that would redirect any request for w w w dot something dot com to the same request without the w w
46
00:04:19,480 --> 00:04:25,970
w dot at the start again like I said you were going to use rewrite rules and I already have them in
47
00:04:25,970 --> 00:04:29,570
here and I'm going to include them in the resources of this lecture.
48
00:04:30,980 --> 00:04:35,300
Now I'm not going to dive too deep about what these rules do.
49
00:04:35,300 --> 00:04:43,580
Basically we have to first enable the rewrite engine which basically enables the rewrite rules then
50
00:04:43,580 --> 00:04:50,270
we specify the rewrite base which is the route the webroot and then we have the condition.
51
00:04:50,360 --> 00:04:56,180
So this condition works based on rejects so it uses rejects and if you have any programming experience
52
00:04:56,180 --> 00:05:01,770
you probably have used projects before projects is a big topic so I'm not going to be covering it.
53
00:05:01,850 --> 00:05:11,180
But basically what it does is it matches whenever it sees a w w w dot and it ignores whatever that comes
54
00:05:11,180 --> 00:05:20,380
after the red dot and it's going to rewrite it as whatever that came after the WW dot without the WW.
55
00:05:20,870 --> 00:05:27,640
Whenever a request comes to us with a W W W at the start it's going to match this condition right here.
56
00:05:29,320 --> 00:05:30,820
And then it goes.
57
00:05:30,880 --> 00:05:37,930
It's going to be replaced with the normal website so hasty T.P. followed by the website itself without
58
00:05:37,930 --> 00:05:39,620
the w w w.
59
00:05:40,100 --> 00:05:41,620
So I'm going to copy all of this
60
00:05:45,370 --> 00:05:47,490
and I'm going to paste it in here.
61
00:05:47,590 --> 00:05:49,950
Inside the directory field.
62
00:05:51,720 --> 00:05:53,790
And just so that it looks nicer.
63
00:05:54,120 --> 00:05:55,200
I'm just going to tab it
64
00:05:58,850 --> 00:06:04,140
so that it just follows the syntax that's used in the file.
65
00:06:04,150 --> 00:06:11,510
Now all we did is we added a directory we specified the location where we have our files stored in the
66
00:06:11,510 --> 00:06:19,520
web server and we added the rewrite rules that redirect any requests for a w w w w website to the same
67
00:06:19,540 --> 00:06:22,120
website without the w w w.
68
00:06:22,850 --> 00:06:24,710
I'm going to save this.
69
00:06:24,710 --> 00:06:32,000
Quit it and then I'm just going to restate I restart my web server so we're going to do service Apache
70
00:06:32,000 --> 00:06:36,790
to restart.
71
00:06:36,950 --> 00:06:40,960
And now let's go and try to connect to our website.
72
00:06:41,440 --> 00:06:42,610
So I'm going to close this
73
00:06:46,160 --> 00:06:47,780
I'm gonna go here.
74
00:06:49,000 --> 00:06:54,860
Disconnect and now that I'm disconnected I'm going to connect again.
75
00:06:56,910 --> 00:06:59,250
And as you can see now we made progress.
76
00:07:00,430 --> 00:07:07,420
The browser got automatically opened for us it's automatically trying to go somewhere but the problem
77
00:07:07,420 --> 00:07:15,520
is we're getting an not found message so this message is actually coming from my own web server so I'm
78
00:07:15,520 --> 00:07:17,880
being redirected to my web server.
79
00:07:17,950 --> 00:07:20,770
But if you look at the your L here closely.
80
00:07:20,920 --> 00:07:27,040
You'll see that it's trying to go to some location on go that Microsoft dot com.
81
00:07:27,730 --> 00:07:32,820
So we have a DNS server running and that's redirecting any request to our Web site.
82
00:07:32,980 --> 00:07:36,350
So if you actually just go to Godas Microsoft dot com.
83
00:07:36,370 --> 00:07:40,750
So I'm going to open this in a different tab.
84
00:07:41,050 --> 00:07:45,520
You'll see that will get redirected to our page which is cool which is perfect.
85
00:07:45,520 --> 00:07:52,790
The problem here is automatically Windows is Odan all of this after the domain name and that's why we
86
00:07:52,800 --> 00:08:00,970
get an A not found error because on our web server we don't have such files or directories so we need
87
00:08:00,970 --> 00:08:08,320
to configure our web server again so that the not found error gets redirected to the home page to the
88
00:08:08,320 --> 00:08:08,740
end.
89
00:08:08,800 --> 00:08:14,690
In here again now we're going to go to college.
90
00:08:14,850 --> 00:08:21,950
We're going to open my web server configuration our sites enable 000 default dot com.
91
00:08:22,020 --> 00:08:29,210
Same file and in here I'm going to configure on my web server so that if a file is not found it will
92
00:08:29,220 --> 00:08:34,200
redirect the person to the home page where the fake logon page is installed.
93
00:08:35,230 --> 00:08:43,170
To do that all we have to do is just say error document for all 4 so whenever you get a 4 or 4 which
94
00:08:43,170 --> 00:08:46,020
is not found error go to the webroot.
95
00:08:46,020 --> 00:08:50,040
Go to the base of the web server.
96
00:08:50,490 --> 00:08:51,950
So we're adding just one.
97
00:08:51,960 --> 00:08:59,220
Just literally one line and we're just saying error document and that's what Apache uses to handle errors
98
00:08:59,600 --> 00:09:06,550
and we're saying if you get a forum for error then just go to the webroot Now this will actually work.
99
00:09:06,550 --> 00:09:13,070
I've obviously tested it before and it will work with Windows OS X and all that but to get it to work
100
00:09:13,070 --> 00:09:21,290
with smartphones and specifically iPhones we actually need to also add a rewrite rule that'll redirect
101
00:09:21,380 --> 00:09:25,970
anything that is not found to the home directory.
102
00:09:25,970 --> 00:09:29,090
So this is the rewrite rule that will do that.
103
00:09:29,090 --> 00:09:33,930
Again I'm just going to copy it and place it in here inside the directory.
104
00:09:35,940 --> 00:09:39,830
And I'm just going to tab it again just so that it follows the syntax.
105
00:09:41,590 --> 00:09:45,850
And this rewrite rule as you can see first we have the conditions in here.
106
00:09:46,300 --> 00:09:53,930
So if the requested file name is not found it's going to redirect that request to the webroot in here.
107
00:09:56,340 --> 00:09:57,360
So we added two lines.
108
00:09:57,360 --> 00:10:01,100
Now we added the first line in here it works for pretty much everything.
109
00:10:01,110 --> 00:10:05,940
And it just redirects any four or four not found error to the webroot.
110
00:10:05,940 --> 00:10:11,610
And we also added a rewrite rule that will do the same just to make sure that this will also work against
111
00:10:11,790 --> 00:10:15,520
smartphone's I'm going to save this.
112
00:10:15,630 --> 00:10:16,560
Quit it.
113
00:10:17,860 --> 00:10:23,390
Again restart my apache and let's go back to the Windows machine.
114
00:10:23,390 --> 00:10:24,530
I'm going to close this
115
00:10:27,140 --> 00:10:28,730
disconnect from the network
116
00:10:33,860 --> 00:10:35,010
and connect again.
117
00:10:35,150 --> 00:10:36,330
And let's see what happens.
118
00:10:38,980 --> 00:10:45,530
And perfect as you can see now as soon as we connected the logon page got this play to us.
119
00:10:45,530 --> 00:10:52,130
So as you can see even though there is stuff come in after the domain name we have a working logon page
120
00:10:52,130 --> 00:11:00,730
where we can go and log into our service and then the hacker or US will be able to sniff the password.
121
00:11:00,740 --> 00:11:02,700
You can also see here on top.
122
00:11:02,780 --> 00:11:05,180
This was never displayed to us before.
123
00:11:05,330 --> 00:11:11,270
So you can see Firefox is automatically detecting that this is a captive portal and stillness that we
124
00:11:11,270 --> 00:11:13,850
must log into this network to access the Internet.
125
00:11:14,120 --> 00:11:19,490
And again it's given it's given us a button here that we can click to Lagann which will again take us
126
00:11:19,490 --> 00:11:21,890
to the log in page.
127
00:11:21,890 --> 00:11:28,680
So now our fake access point looks and behaves exactly like a proper captive portal.
128
00:11:28,700 --> 00:11:34,040
So when people connect to it whether they're on phones or computers they'll automatically see a log
129
00:11:34,040 --> 00:11:37,390
in page they'll see the bar here on top which looks legit.
130
00:11:37,550 --> 00:11:41,990
And it literally just asks people to log in so that they can get to the Internet.
131
00:11:42,880 --> 00:11:45,250
Now we still have the hate as TSA issue.
132
00:11:45,370 --> 00:11:53,490
So if I go to Facebook dot com you can see that the page won't be displayed saying that the secure connection
133
00:11:53,490 --> 00:11:59,490
failed but you can see we still have the bar in here telling us that we need to log in to get the internet
134
00:11:59,490 --> 00:12:05,340
connection so people won't get very suspicious because they can see that they need to log in to get
135
00:12:05,340 --> 00:12:06,250
their Internet.
136
00:12:06,570 --> 00:12:11,760
But I'm also going to address this issue and I'm going to show you in the next lecture how to fix this
137
00:12:12,000 --> 00:12:16,910
and make it look 100 percent like a proper legitimate captive portal.
14895
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.