wiki:KrakenCaptivePortal
Last modified 13 months ago

Kraken Captive Portal

  1. Kraken Captive Portal
    1. Author
    2. Install
    3. Commands
      1. Set PCAP Device
      2. Set Gateway IP Address
      3. Set Redirect IP Address
      4. Set ARP Poisoning Interval
      5. Get Selected PCAP Device
      6. Get Gateway IP Address
      7. Get Redirect IP Address
      8. Get ARP Poisoning Interval
      9. Quarantine
      10. Unquarantine
      11. View ARP Cache
      12. View all quarantined hosts
    4. See Also
    5. Release

Kraken Captive Portal forces an HTTP client on a network to see a special web page before using the internet normality. (See more  Wikipedia explanation) Kraken Captive Portal uses DNS poisoning to implement "Redirection by DNS" approach. Since it needs to sniff dns query packets, switch mirroring environment or ARP Poison Routing (APR) is required. Kraken Captive Portal support ARP Poison Routing and can block all DNS query packet.

Kraken Captive Portal is intended as a sub-component of NAC. It cannot be used independently. You should build captive portal controller. For example, you can add authentication web page and allow only logon users. Authentication page should be able to use  CaptivePortal service interface, quarantine, and unquarantine specific ip address.

Author

Install

kraken> pkg.install kraken-captive-portal

Commands

Set PCAP Device

  • captiveportal.setdevice 
    kraken> captiveportal.setdevice
[1] name={5D28FFAD-59E6-4560-9C70-89B2B19319FA}, description=Microsoft, mac=00:16:EA:B3:A8:0E
[2] name={C7ACC3F3-E78B-45DB-8F7E-2A9BBFB79365}, description=Microsoft, mac=00:16:EA:B3:A8:0F
[3] name={F9D00BE4-30BF-41FA-9F14-44634B79C025}, description=Marvell Yukon Ethernet Controller., mac=00:13:77:B0:E4:97
[4] name={95B6EFAE-7F7F-4476-8BF2-69E80895C40B}, description=Microsoft, mac=00:22:69:D2:8E:23
select?

setdevice command will prompt you all available pcap devices. Select one and type number.

Set Gateway IP Address

  • captiveportal.setgateway [IP] 
    kraken> captiveportal.setgateway 192.168.1.1
set

Set Redirect IP Address

  • captiveportal.setredirectip [IP] 
    kraken> captiveportal.setredirectip 147.46.102.180
set

Set ARP Poisoning Interval

  • captiveportal.setpoisoninterval [milliseconds] 
    kraken> captiveportal.setpoisoninterval 30000
set

Get Selected PCAP Device

  • captiveportal.device 
    kraken> captiveportal.device
{5D28FFAD-59E6-4560-9C70-89B2B19319FA}

Get Gateway IP Address

  • captiveportal.gateway 
    kraken> captiveportal.gateway
/192.168.1.1

Get Redirect IP Address

  • captiveportal.redirectip 
    kraken> captiveportal.redirectip
/147.46.102.180

Get ARP Poisoning Interval

  • captiveportal.poisoninterval 
    kraken> captiveportal.poisoninterval
30000ms

Quarantine

  • captiveportal.quarantine [IP] 
    kraken> captiveportal.quarantine 192.168.1.101
set

Unquarantine

  • captiveportal.unquarantine [IP] 
    kraken> captiveportal.unquarantine 192.168.1.101
unset

View ARP Cache

  • captiveportal.arpcache 
    kraken> captiveportal.arpcache
ARP Cache
-------------
ip=192.168.1.1, mac=00:25:62:00:09:3F
ip=192.168.1.101, mac=F8:1E:DF:AB:A3:1B

Kraken Captive Portal routes all packets from these hosts.

View all quarantined hosts

  • captiveportal.targets 
    kraken> captiveportal.targets
Quarantined Hosts
-------------------
192.168.1.101

See Also

Release

  • 0.5.0 development version (unstable)