最近无事时对广告路由器进行了一个分析
常用的广告路由器一般是通过普通路由器刷openwrt或是ddwrt等固件后安装wifidog组件做的,我们这里分析的即是wifidog加authpuppy
以下数据为截取自authpuppy和wifidog的交互
1.用户请求页面http://www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm
--------------------------------------------------------------------------------------
request:
/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm
response:
<form action="http://192.168.1.251:81/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm" method="POST">
<input type="hidden" name="gw_id" value="default" />
<input type="hidden" name="gw_address" value="192.168.4.1" />
<input type="hidden" name="gw_port" value="2060" />
<input type="hidden" id="authenticators" name="authenticator" value="apAuthLocalUser"/>
<div id="authPlugin_apAuthLocalUser" style="display: none">
<h1>Local network user authentication</h1>
<input type="submit" name="submit[apAuthLocalUserconnect]" id="submit[apAuthLocalUserconnect]" value="Connect" onClick="deleteLinkElement()" />
<input type="password" name="apAuthLocalUser[password]" value="Pb4AoWdlOhqu4B2T535zDg==" id="apAuthLocalUser_password" />
<label for="apAuthLocalUser_remember_me">Remember me</label>
<input type="checkbox" name="apAuthLocalUser[remember_me]" value="1" checked="checked" id="apAuthLocalUser_remember_me" />
</form>
array (
'REDIRECT_STATUS' => '200',
'HTTP_HOST' => '192.168.1.251:81',
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_COOKIE' => 'authpuppy=usb6bslekske7ek5rlorknvf43; localUserCookie=226f362768d281ff14cf428fa3c3b8c87a6c4834',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.1.17 (KHTML, like Gecko) Version/7.1 Safari/537.85.10',
'HTTP_REFERER' => 'http://news.baidu.com/',
'SCRIPT_FILENAME' => 'F:/phpStudyAll/WWW/authpuppy/web/index.php',
'REMOTE_PORT' => '53961',
'REDIRECT_QUERY_STRING' => 'gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',
'REDIRECT_URL' => '/login/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => 'gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',
'REQUEST_URI' => '/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',
)
++++++++++++++++++++++++++++++++++++++++++++++++
2.登录成功以后而返回如下
--------------------------------------------------------------------------------------
request:
/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm
response:
<html><head><meta http-equiv="refresh" content="0;url=http://192.168.4.1:2060/wifidog/auth?token=60bb7efe229270c4d6d36ed60bb5e98886900126"/></head></html>
array (
'REDIRECT_STATUS' => '200',
'HTTP_HOST' => '192.168.1.251:81',
'CONTENT_TYPE' => 'application/x-www-form-urlencoded',
'HTTP_ORIGIN' => 'http://192.168.1.251:81',
'HTTP_COOKIE' => 'authpuppy=usb6bslekske7ek5rlorknvf43; localUserCookie=226f362768d281ff14cf428fa3c3b8c87a6c4834',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.1.17 (KHTML, like Gecko) Version/7.1 Safari/537.85.10',
'HTTP_REFERER' => 'http://192.168.1.251:81/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',
'HTTP_ACCEPT_LANGUAGE' => 'en-us',
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate',
'REMOTE_ADDR' => '192.168.1.106',
'REMOTE_PORT' => '53950',
'REDIRECT_QUERY_STRING' => 'gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',
'REDIRECT_URL' => '/login/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'REQUEST_METHOD' => 'POST',
'QUERY_STRING' => 'gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',
'REQUEST_URI' => '/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',
'REQUEST_TIME' => 1411547194,
)
++++++++++++++++++++++++++++++++++++++++++++++++
3. 在2中进行跳转后则WiFiDog服务器向授权服务器端发送GET授权请求 若成功则而返回Auth: 1
--------------------------------------------------------------------------------------
request:
/auth/?stage=login&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default
response://千万要注意这里Auth:与1之间有一个空格否则不能通过验证
Auth: 1
array (
'REDIRECT_STATUS' => '200',
'HTTP_USER_AGENT' => 'WiFiDog 20130917',
'HTTP_HOST' => '192.168.1.251',
'SERVER_PORT' => '81',
'REMOTE_ADDR' => '192.168.1.106',
'REMOTE_PORT' => '33264',
'REDIRECT_QUERY_STRING' => 'stage=login&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',
'REDIRECT_URL' => '/auth/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'SERVER_PROTOCOL' => 'HTTP/1.0',
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => 'stage=login&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',
'REQUEST_URI' => '/auth/?stage=login&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',
'REQUEST_TIME' => 1411547194,
)
++++++++++++++++++++++++++++++++++++++++++++++++
4.WiFiDog在接收到Auth:1之后向服务器端发送/portal/?gw_id=default的GET请求 授权服务器返回立即跳转的页面如下:
--------------------------------------------------------------------------------------
request:
/portal/?gw_id=default
reponse:
<html><head><meta http-equiv="refresh" content="0;url=http://www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm"/></head></html>
array (
'REDIRECT_STATUS' => '200',
'HTTP_HOST' => '192.168.1.251:81',
'HTTP_ORIGIN' => 'http://192.168.1.251:81',
'HTTP_COOKIE' => 'authpuppy=usb6bslekske7ek5rlorknvf43; localUserCookie=226f362768d281ff14cf428fa3c3b8c87a6c4834',
'HTTP_CONNECTION' => 'keep-alive',
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.1.17 (KHTML, like Gecko) Version/7.1 Safari/537.85.10',
'HTTP_ACCEPT_LANGUAGE' => 'en-us',
'HTTP_REFERER' => 'http://192.168.1.251:81/login/?gw_address=192.168.4.1&gw_port=2060&gw_id=default&mac=00:0e:c6:f0:06:b2&url=http%3A//www.gov.cn/guowuyuan/2014-09/23/content_2755108.htm',
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate',
'REDIRECT_QUERY_STRING' => 'gw_id=default',
'REDIRECT_URL' => '/portal/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => 'gw_id=default',
'REQUEST_URI' => '/portal/?gw_id=default',
'SCRIPT_NAME' => '/index.php',
'PHP_SELF' => '/index.php',
'REQUEST_TIME' => 1411547194,
)
++++++++++++++++++++++++++++++++++++++++++++++++
5.WiFiDog服务器向授权服务器发送ping操作请求 服务器端通过后发送Pong响应串(纯文本)
--------------------------------------------------------------------------------------
request:
/ping/?gw_id=default&sys_uptime=28824&sys_memfree=99284&sys_load=0.08&wifidog_uptime=61
response:
Pong
array (
'REDIRECT_STATUS' => '200',
'HTTP_USER_AGENT' => 'WiFiDog 20130917',
'HTTP_HOST' => '192.168.1.251',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache/2.4.9 (Win32) OpenSSL/0.9.8y PHP/5.3.28',
'SERVER_NAME' => '192.168.1.251',
'SERVER_ADDR' => '192.168.1.251',
'SERVER_PORT' => '81',
'REMOTE_ADDR' => '192.168.1.106',
'DOCUMENT_ROOT' => 'F:/phpStudyAll/WWW/authpuppy/web',
'REQUEST_SCHEME' => 'http',
'CONTEXT_PREFIX' => '',
'CONTEXT_DOCUMENT_ROOT' => 'F:/phpStudyAll/WWW/authpuppy/web',
'SERVER_ADMIN' => 'admin@phpStudy.net',
'SCRIPT_FILENAME' => 'F:/phpStudyAll/WWW/authpuppy/web/index.php',
'REMOTE_PORT' => '33265',
'REDIRECT_QUERY_STRING' => 'gw_id=default&sys_uptime=28824&sys_memfree=99284&sys_load=0.08&wifidog_uptime=61',
'REDIRECT_URL' => '/ping/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'SERVER_PROTOCOL' => 'HTTP/1.0',
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => 'gw_id=default&sys_uptime=28824&sys_memfree=99284&sys_load=0.08&wifidog_uptime=61',
'REQUEST_URI' => '/ping/?gw_id=default&sys_uptime=28824&sys_memfree=99284&sys_load=0.08&wifidog_uptime=61',
'SCRIPT_NAME' => '/index.php',
'PHP_SELF' => '/index.php',
'REQUEST_TIME' => 1411547224,
)
++++++++++++++++++++++++++++++++++++++++++++++++
6.WiFiDog向服务器发送计费通知
--------------------------------------------------------------------------------------
request:
/auth/?stage=counters&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=4660796&outgoing=192338&gw_id=default
response:
Auth: 1//中间一定要有一个空格
array (
'REDIRECT_STATUS' => '200',
'HTTP_USER_AGENT' => 'WiFiDog 20130917',
'HTTP_HOST' => '192.168.1.251',
'SERVER_NAME' => '192.168.1.251',
'SERVER_ADDR' => '192.168.1.251',
'SERVER_PORT' => '81',
'REMOTE_ADDR' => '192.168.1.106',
'REMOTE_PORT' => '33266',
'REDIRECT_QUERY_STRING' => 'stage=counters&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=4660796&outgoing=192338&gw_id=default',
'REDIRECT_URL' => '/auth/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'SERVER_PROTOCOL' => 'HTTP/1.0',
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => 'stage=counters&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=4660796&outgoing=192338&gw_id=default',
'REQUEST_URI' => '/auth/?stage=counters&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=4660796&outgoing=192338&gw_id=default'
)
++++++++++++++++++++++++++++++++++++++++++++++++
7.退出登录
--------------------------------------------------------------------------------------
request:
/auth/?stage=logout&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default
response:
Auth: 0
array (
'REDIRECT_STATUS' => '200',
'HTTP_USER_AGENT' => 'WiFiDog 20130917',
'HTTP_HOST' => '192.168.1.251',
'SERVER_NAME' => '192.168.1.251',
'SERVER_ADDR' => '192.168.1.251',
'SERVER_PORT' => '81',
'REMOTE_ADDR' => '192.168.1.106',
'REQUEST_SCHEME' => 'http',
'CONTEXT_PREFIX' => '','stage=logout&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',
'REDIRECT_URL' => '/auth/',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'SERVER_PROTOCOL' => 'HTTP/1.0',
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => 'stage=logout&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',
'REQUEST_URI' => '/auth/?stage=logout&ip=192.168.4.186&mac=00:0e:c6:f0:06:b2&token=60bb7efe229270c4d6d36ed60bb5e98886900126&incoming=0&outgoing=0&gw_id=default',
'SCRIPT_NAME' => '/index.php',
'PHP_SELF' => '/index.php',
'REQUEST_TIME' => 1411549984,
)
++++++++++++++++++++++++++++++++++++++++++++++++
本文章由 http://www.wifidog.pro/2015/01/30/wifidog%E6%95%B0%E6%8D%AE%E6%B5%81.html 整理编辑,转载请注明出处