3

The following code allows to capture all requests coming to my esp8266 (running NodeMCU) and show my own page:

static int enduser_setup_dns_start(void)
{
  state->espconn_dns_udp = (struct espconn *) c_malloc(sizeof(struct espconn));
  esp_udp *esp_udp_data = (esp_udp *) c_malloc(sizeof(esp_udp));

  c_memset(state->espconn_dns_udp, 0, sizeof(struct espconn));
  c_memset(esp_udp_data, 0, sizeof(esp_udp));
  state->espconn_dns_udp->proto.udp = esp_udp_data;
  state->espconn_dns_udp->type = ESPCONN_UDP;
  state->espconn_dns_udp->state = ESPCONN_NONE;
  esp_udp_data->local_port = 53;


  return 0;
}

It captures http://example.com, but doesn't capture https://example.com. How could I fix it?

LA_
  • 19,823
  • 58
  • 172
  • 308
  • you mean https web request or DNS request? As your code seems to be capturing only dns request. – mdeora Apr 30 '18 at 13:32
  • @mdeora, I think I should capture DNS request. As I mentioned in the question, if user goes to https://example.com (or http://example.com), he should be redirected to my own page. – LA_ May 06 '18 at 13:24

1 Answers1

6

Intercepting HTTPS requests isn't possible unless you have your certificate authority set up on every client computer (and even then not for any sites that use HSTS or HPKP - that's quite a few)

The whole point of SSL / HTTPS is that the clients know that they're talking to the website they think they're talking to. Without that website's certificate and private key, you cannot impersonate it without generating errors.

Wifi captive portals (etc) typically ignore HTTPS requests, and wait for the first insecure HTTP request. Most devices when connecting to a new wifi network will try to loading a HTTP page, and if they find a captive portal create a notification / show it to the user

Fahad Sadah
  • 2,368
  • 3
  • 18
  • 27
  • Thank you. What should I do to answer that first HTTP request from the device? – LA_ May 17 '18 at 07:38
  • I wouldn't use an ESP. Set up the firewall on the router to send HTTP traffic to a transparent Squid proxy, and set up your captive portal on that https://wiki.squid-cache.org/ConfigExamples/Portal/Splash – Fahad Sadah May 17 '18 at 10:01
  • The router and proxy can both be a small Linux device not too much bigger than a NodeMCU if you need – Fahad Sadah May 17 '18 at 10:01
  • Thanks, but the question is also about battery lifetime. ESP works for ~7 hours from one 18650 battery. So, I should found ESP-based solution. – LA_ May 17 '18 at 14:39
  • Your network presumably already has a router (how/why are clients sending DNS requests to your ESP in the first place?); but if you'd like to investigate creating a captive portal on an ESP, it seems like there's already some sample code online e.g. https://github.com/esp8266/Arduino/blob/master/libraries/DNSServer/examples/CaptivePortalAdvanced/CaptivePortalAdvanced.ino – Fahad Sadah May 17 '18 at 16:06
  • No, it does't have the router. The user looks for Wi-Fi network with particular name and connects with my ESP directly. – LA_ May 18 '18 at 06:13
  • I see. It seems like that's precisely the situation the above linked code is designed for! – Fahad Sadah May 18 '18 at 08:44