Captive / landing page of a secured Wifi

In our corporate, we have a Wifi that staff / guests have to register before they can
use it. Subsequently after registration, each time staff/guest connects to it, they
have to click on "Lets Surf" in the landing/captive page.

I need to monitor this landing page for possible defacement/changes as it's been
known hackers ever hacked it such that the landing page is replaced with one that
will lead to an external Internet malicious site.

I thought of writing a script to dump out this landing page every hourly using
wget or curl but somehow wget or curl (Windows version) can never connect to
it to dump out this html page: I've tried specifying proxy & without proxy.

Purpose of dumping out this landing page is such that I could do a "comp" (ie
Unix equivalent of "diff") against a baseline page to see if that page has changed.

What did I miss that wget/curl could not dump out this page? While I'm connected
to home Internet or my phone's 4G, the very same laptop could dump out, say
google.com

I ran wget from Windows command prompt while I ran curl from a "bash-like"
shell that runs on my Windows : both works on my home Internet but not
with the corporate's captive page.

When connecting each time to this 'secured' Wifi, it will lead to a URL that looks
like http://www.wiresuss.com/login.php? . . .

sunhuxAsked: 2017-11-10

Who is Participating?

LVL 64

Julian HansenCommented: 2017-11-10

I would do the following

1. MD5 the file
2. Save the MD5
3. Create a cron script that runs every hour (or whenever)
4. When cron script runs it compares md5 of home page to live page.
5. If md5 signatures do not match then copy backup to live
6. MD5 + cron script + backup all live outside the web root so hackers can't mess with them.

Sample cron script (outside the root)

<?php
// ENSURE THIS IS OUTSIDE THE ROOT

define('BACKUP','backup.html');

// MD5 PROVIDED FOR DEMO PURPOSES
// CALC AS PART OF FILE UPLOAD PROCESS

define('SAVEDMD5','84d17aaa2400424cc279ed5d1332f8b2');

// File to monitor

$file = 'index.html';
$md5 = md5_file($file);

if ($md5 != SAVEDMD5) {
	copy(BACKUP, $file);
	echo "Log event here, send email etc";
}

Open in new window

LVL 23

David FavorLinux/LXD/WordPress/Hosting SavantCommented: 2017-11-10

Sounds like you have a solution. If you still have a question, clarify what help you require.

That said, if any page anywhere is getting hacked, better to find the hole + close it.

If one page is hacked, likely other nefarious activities are occurring other places.

sunhuxAuthor Commented: 2017-11-10

I have a non-working solution: in fact both the wget & curl could not save the landing page's into a file.
Below is the error I'm getting & I'm seeking help to fix this. The very same wget command works on
my home broadband:

C:\wget>wget --wait=5 --recursive --level=2 https://www.wirewuss.com/index.php
--22:41:31-- https://www.wirewuss.com/index.php
=> `www.wirewuss.com/index.php'
Resolving www.wirewuss.com... 52.221.100.76
Connecting to www.wirewuss.com|52.221.100.76|:443... connected.
Unable to establish SSL connection.

FINISHED --22:41:31--
Downloaded: bytes in 0 files <== no file saved

C:\wget>wget --wait=5 --recursive --level=2 www.wirewuss.com/index.php
--22:41:57-- http://www.wirewuss.com/index.php
=> `www.wirewuss.com/index.php'
Resolving www.wirewuss.com... 52.221.100.76
Connecting to www.wirewuss.com|52.221.100.76|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://www.wirewuss.com/index.php [following]
--22:42:02-- https://www.wirewuss.com/index.php
=> `www.wirewuss.com/index.php'
Connecting to www.wirewuss.com|52.221.100.76|:443... connected.
Unable to establish SSL connection.

FINISHED --22:42:03--
Downloaded: bytes in 0 files <== no file saved

sunhuxAuthor Commented: 2017-11-10

The above 2 screens show outputs from doing wget against https & http of the landing page

LVL 64

Julian HansenCommented: 2017-11-11

This worked for me

wget --no-check-certificate https://www.wirewuss.com/index.php

Open in new window

Refer: https://www.cyberciti.biz/faq/wget-example-download-from-https-web-sites/

sunhuxAuthor Commented: 2017-11-12

Julian, the above --no-check-certificate did not work ie it did not save a copy of the landing page.
Below are the screens/outputs: is it because my landing page is in https/ssl ?

D:\wget>wget-1.10 --tries=1 --no-check-certificate https://www.wirewuss.com/index.php
--09:23:12-- https://www.wirewuss.com/index.php
=> `index.php'
Resolving www.wirewuss.com... 52.221.100.76
Connecting to www.wirewuss.com|52.221.100.76|:443... connected.
Unable to establish SSL connection.
D:\wget>

D:\wget>wget-1.10 --tries=1 --no-check-certificate www.wirewuss.com/index.php
--09:23:25-- http://www.wirewuss.com/index.php
=> `index.php'
Resolving www.wirewuss.com... 52.221.100.76
Connecting to www.wirewuss.com|52.221.100.76|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://www.wirewuss.com/index.php [following]
--09:23:25-- https://www.wirewuss.com/index.php
=> `index.php'
Connecting to www.wirewuss.com|52.221.100.76|:443... connected.
Unable to establish SSL connection.

Using the full url (which was displayed when I tried to access any URLs eg: google.com when
first establishing connection to the captive Wifi), got the following output :

D:\wget>wget-1.10 --no-check-certificate www.wirewuss.com/index.php?class=User&m
ethod=LoadConnected&success=1
--09:24:53-- http://www.wirewuss.com/index.php?class=User
=> `index.php@class=User'
Resolving www.wirewuss.com... 52.221.100.76
Connecting to www.wirewuss.com|52.221.100.76|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://www.wirewuss.com/index.php?class=User [following]
--09:24:53-- https://www.wirewuss.com/index.php?class=User
=> `index.php@class=User'
Connecting to www.wirewuss.com|52.221.100.76|:443... connected.
Unable to establish SSL connection.
'method' is not recognized as an internal or external command,
operable program or batch file.
'success' is not recognized as an internal or external command,
operable program or batch file.

D:\wget>wget-1.10 --no-check-certificate https://www.wirewuss.com/index.php?clas
s=User&method=LoadConnected&success=1
--09:25:03-- https://www.wirewuss.com/index.php?class=User
=> `index.php@class=User'
Resolving www.wirewuss.com... 52.221.100.76
Connecting to www.wirewuss.com|52.221.100.76|:443... connected.
Unable to establish SSL connection.
'method' is not recognized as an internal or external command,
operable program or batch file.
'success' is not recognized as an internal or external command,
operable program or batch file.

D:\wget>wget-1.10 --no-check-certificate https://www.wirewuss.com/
--09:25:12-- https://www.wirewuss.com/
=> `index.html.4'
Resolving www.wirewuss.com... 52.221.100.76
Connecting to www.wirewuss.com|52.221.100.76|:443... connected.
Unable to establish SSL connection.

sunhuxAuthor Commented: 2017-11-12

If I click "Lets Surf" on the Captive page so that my browser could start browsing
any Internet sites, doing wget on that wiresuss will not work too & doing wget
on say google.com will return the content of google.com page

LVL 64

Julian HansenCommented: 2017-11-12

Julian, the above --no-check-certificate did not work ie it did not save a copy of the landing page.

It worked for me - refer attached.
index.php

sunhuxAuthor Commented: 2017-11-13

Can share which version of wget you're running and the Windows OS that you're on?

My version is rather old

LVL 64

Julian HansenCommented: 2017-11-13

Windoze 10

c:\> wget --help
GNU Wget 1.19.1, a non-interactive network retriever.

Open in new window

sunhuxAuthor Commented: 2017-11-18

I've used wget V1.19.1 on Win10, still did not manage to connect/download from my Wirewuss.

Looks like my Wirewuss is different

sunhuxAuthor Commented: 2017-11-18

It's only after I've clicked "Lets Surf" on the landing page, then google/other Internet web pages could be downloaded by wget

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Already a member? Login.

All Courses

From novice to tech pro — start learning today.

By:

Martin VanDerSchouw

Executive Strategy and Management

Premium

Premium members can enroll in this course at no extra cost.
Learn More

69 lessons
By:

Martin VanDerSchouw

Certification
Certification: PMI RMP Project Management Institute Risk Management…

Premium

Premium members can enroll in this course at no extra cost.
Learn More

113 lessons
By:

Ken Mayer

Certification
Certification: CCENT CCNA Cisco Certified Entry Network Technician …

Premium

Premium members can enroll in this course at no extra cost.
Learn More

499 lessons
By:

Ken Mayer

Certification
Certification: CompTIA Network+

Premium

Premium members can enroll in this course at no extra cost.
Learn More

776 lessons
By:

Drew Fierst

Certification
Certification: MOS Microsoft Office Specialist - Access 2010 Ba…

Premium

Premium members can enroll in this course at no extra cost.
Learn More

233 lessons
By:

Randy Kohler

Ethical Hacker

Premium

Premium members can enroll in this course at no extra cost.
Learn More

12 lessons
By:

Gregor Dzierzon

Angular Fundamentals

Premium

Premium members can enroll in this course at no extra cost.
Learn More

50 lessons
By:

Patrick Loner

Certification
Certification: MOS Microsoft Office Specialist - Outlook 2016 Par…

Premium

Premium members can enroll in this course at no extra cost.
Learn More

175 lessons
By:

Tracy Berry

Certification
Certification: MOS Microsoft Office Specialist - Word 2010 Inter…

Premium

Premium members can enroll in this course at no extra cost.
Learn More

173 lessons
By:

Sam Simon Nasser

System Imaging and Deploying, using Acronis True Image.

Premium

Premium members can enroll in this course at no extra cost.
Learn More

6 lessons

Advertise Here