[CoovaChilli] Understanding how Login works
seanmavley at gmail.com
Fri Jan 13 19:37:15 GMT 2017
Hello all, My name is rexford, just joined.
I'm working on RadiusNES, a revamp of DaloRADIUS using Nodejs, Express and
I'm struggling to understand some of the mechanism behind how login of
chillispot works. Here's what I know:
- When user isn't logged in and redirects happen, a challenge is part of
the query params.
- This challenge query parameter is used to create, yet another password
on the fly as per the function here:
- Then eventually, something like this is what is sent to the chillispot
logon url residing at uamip:uamport/logon (in my case
A wild guess I have (since I have no idea how the logon works), is that the
challenge is created for security reasons basically, so no one intercepts
the plaintext passwords, right?
Now quick questions:
- Is there a way to disable this challenge feature (Yes I know all the
security risks)? I'm using Chillispot in DD-WRT e1200v2 Linksys Router.
- If that's not possible (or at least not recommend), any tip on how to
replicate the pack, unpack, md5 and implode2 functions in vanilla
thanks for help
I hope this is a right platform to ask the above questions.
2. I have leads on doing those functions, but just curious it's already
been written somewhere else.
More information about the CoovaChilli