🎉 First Commit (for ACNS 2023)

Author: joeywang4

.gitignore

@@ -0,0 +1,21 @@
+__pycache__/
+data/
+.vscode/
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST

README.md

@@ -0,0 +1,58 @@
+# Wi-Fi Chameleon
+
+Captive Portal attack and Captive Portal Browser measurement tool suite.
+
+## Install
+Python3 (version >=3.6) is required for this project.
+
+Installation script:
+```bash
+mkvirtualenv wifi-chameleon
+git clone https://git.nslab.csie.ntu.edu.tw/joeywang4/wifi-chameleon-tool
+cd wifi-chameleon-tool
+sudo pip install .
+```
+
+For development:
+```bash
+mkvirtualenv wifi-chameleon
+git clone https://git.nslab.csie.ntu.edu.tw/joeywang4/wifi-chameleon-tool
+cd wifi-chameleon-tool
+sudo pip install -e .
+```
+
+If something went wrong, please check the configuration files located in `conf` directory is properly installed.
+
+## Test Portal
+To create a test portal:
+```bash
+cd src
+sudo python3 main.py http_portal
+```
+
+To cleanup this portal:
+```bash
+cd src
+sudo python3 main.py cleanup
+```
+
+To set static portal files:
+Put the portal files to `portals/<portal name>` and use
+```bash
+sudo python3 src/main.py set_portal <portal name>
+```
+
+To set portal to a given URL
+```bash
+sudo python3 src/main.py set_portal <URL>
+```
+
+## Testing
+*\*Under development\**
+
+`pytest` is required for testing. 
+```bash
+pip install pytest
+# Under the root directory of this project
+pytest
+```

TEST.md

@@ -0,0 +1,144 @@
+# How to perform tests
+
+## JS API
+```bash
+sudo python3 src/main.py set_portal js-api
+```
+
+## Cookie
+
+Read, write, and persistence
+```bash
+sudo python3 src/main.py set_portal cookies
+```
+First round should give "Previous cookie not presented. Set Cookie successfully.", and the second round should give "Previous cookie presented.Set Cookie successfully."
+
+Value capacity:
+```bash
+sudo python3 src/main.py set_portal https://wpt.live/cookies/value/value.html
+```
+
+SameSite:
+```bash
+sudo python3 src/main.py set_portal https://samesitetest.com/setup/confirm,https://shared.samesitetest.com,https://samesitetest-external.com,http://insecure-shared.samesitetest.com,http://insecure.samesitetest-external.com,http://insecure.samesitetest.com
+```
+
+Secure:
+```bash
+sudo python3 src/main.py set_portal https://wpt.live/cookies/secure/set-from-http.https.sub.html # should work
+sudo python3 src/main.py set_portal http://wpt.live/cookies/secure/set-from-http.https.sub.html # should not work
+```
+~~Note that, if the captive portal session is not sandboxed, then in the HTTP test, the two tests should be failed and pass respectively, otherwise both tests will be failed.~~
+
+HttpOnly:
+```bash
+sudo python3 src/main.py set_portal http://linux8.csie.ntu.edu.tw:8123/
+```
+
+## SOP & CORS
+
+```bash
+sudo python3 src/main.py set_portal https://wpt.live/cors/basic.htm
+sudo python3 src/main.py set_portal https://wpt.live/cors/origin.htm
+```
+
+Notice that even some normal browsers can't pass all the test in `basic.html`.
+
+## SSL
+
+HTTP:
+```bash
+sudo python3 src/main.py set_portal default
+```
+
+HTTP-credit-card:
+```bash
+sudo python3 src/main.py set_portal http://http-credit-card.badssl.com/
+```
+
+Normal:
+```bash
+sudo python3 src/main.py set_portal https://joeywang4.github.io/
+```
+
+Expired:
+```bash
+sudo python3 src/main.py set_portal https://expired.badssl.com/
+```
+
+Wrong Host:
+```bash
+sudo python3 src/main.py set_portal https://wrong.host.badssl.com/
+```
+
+Self-signed:
+```bash
+sudo python3 src/main.py set_portal https://self-signed.badssl.com/
+```
+
+Untrusted root:
+```bash
+sudo python3 src/main.py set_portal https://untrusted-root.badssl.com/
+```
+
+Revoked:
+```bash
+sudo python3 src/main.py set_portal https://revoked.badssl.com/
+```
+
+Pinned:
+```bash
+sudo python3 src/main.py set_portal https://pinning-test.badssl.com/
+```
+
+Bad cipher (DH 1024):
+```bash
+sudo python3 src/main.py set_portal https://dh1024.badssl.com/
+```
+
+Outdated TLS:
+```bash
+sudo python3 src/main.py set_portal https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html,https://cdnjs.cloudflare.com/,https://ssllabs.com/,http://plaintext.ssllabs.com/,https://www.ssllabs.com/ # SSL
+sudo python3 src/main.py set_portal https://tls-v1-0.badssl.com:1010/ # TLS v1.0
+sudo python3 src/main.py set_portal https://tls-v1-1.badssl.com:1011/ # TLS v1.1
+```
+
+HSTS:
+```bash
+sudo python3 src/main.py set_portal https://hsts.badssl.com/
+sudo python3 src/main.py set_portal http://hsts.badssl.com/
+```
+Suppose that HSTS is not followed in the same session, the first portal (the https one) would no display "HSTS is working."
+Suppose that HSTS is not followed in the different session, the second portal (the http one) would no display "HSTS is working."
+
+Mixed content
+```bash
+sudo python3 src/main.py set_portal https://www.mixedcontentexamples.com/Test/NonSecureJS # JS
+sudo python3 src/main.py set_portal https://www.mixedcontentexamples.com/Test/NonSecureIFRAME # iframe
+```
+
+Indirect Redirection:
+```bash
+sudo python3 src/main.py set_portal https://allenchou.cc/a-secret-page-for-test.html,https://self-signed.badssl.com/
+```
+
+## LocalStorage
+```bash
+sudo python3 src/main.py set_portal localStorage
+```
+
+## Safe Browsing
+Phishing
+```bash
+sudo python3 src/main.py set_portal https://testsafebrowsing.appspot.com/s/phishing.html
+```
+
+Malware (download link)
+```bash
+sudo python3 src/main.py set_portal https://testsafebrowsing.appspot.com/s/malware.html
+```
+
+Malware (direct access)
+```bash
+sudo python3 src/main.py set_portal https://testsafebrowsing.appspot.com/s/content.exe
+```

certificates/default/wifi-chameleon.crt

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6UCFDp9p6lpEbl7R/ntFq2PAnQ447TIMA0GCSqGSIb3DQEBCwUAMIGa
+MQswCQYDVQQGEwJUVzEPMA0GA1UECAwGVGFpd2FuMQ8wDQYDVQQHDAZUYWlwZWkx
+DDAKBgNVBAoMA05UVTENMAsGA1UECwwEQ1NJRTEgMB4GA1UEAwwXKi53aWZpLWNo
+YW1lbGVvbi5lZHUudHcxKjAoBgkqhkiG9w0BCQEWG2FkbWluQHdpZmktY2hhbWVs
+ZW9uLmVkdS50dzAeFw0yMTAyMDIwNjE2MzlaFw0zMTAyMDIwNjE2MzlaMIGaMQsw
+CQYDVQQGEwJUVzEPMA0GA1UECAwGVGFpd2FuMQ8wDQYDVQQHDAZUYWlwZWkxDDAK
+BgNVBAoMA05UVTENMAsGA1UECwwEQ1NJRTEgMB4GA1UEAwwXKi53aWZpLWNoYW1l
+bGVvbi5lZHUudHcxKjAoBgkqhkiG9w0BCQEWG2FkbWluQHdpZmktY2hhbWVsZW9u
+LmVkdS50dzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPLRdRft89qt
+qdSN+JXCWq63KxY3vB8WIS0ZT1ghaAwSYPL8UBgQSm+qVYa2pY+T16XGG8Yftjvu
+6kN/VEJOcKZiFLHeSKLkCriWldrsnR6QPykgeEuCwOIi8O9up+Dy5rhR9x98FfMf
+AL2xndyMl9q9VlvFPtcsNyZMrmDUABLs9aRIZZlnoGMeumqPb1cSRghSRc3KmPjq
+o9g9QHHbz2dICvdDoEsHJdeDeAeVepsY85AV7b80EFXEk7qa5jJiyPizY5bQfMi+
+JmQ2O+31mNeXNF6GpujyFayM0PeeOomPY39uJtkVDdnk9CVjKxFLLffLzBNdgcXU
+LgX0HK19bHK2beytHetxbk6YWPCPbeZPEk+0/wzHR3Z0qG+XExBW02/kntwRf24I
+TkktfPBtsqk5Gs9aDVWTIHjVe9fLvjMmSzvdaIyDQreqe+Nnq5JY+tkiYdcxKSkw
+mp5Q5iYscj9BDTz3rKlJJOyOfe8ZIqdtWeISq7VurVhy1Zj4YRGkIFCh42H9AgLl
+gxVWKZkoYpDejQ58NMEt55Dv1P+H2Bpq1vZGfQjOJ1qSlulwPWfhOvNOI4c8tM2S
+WrHJ3/CInqNA9vujaOYz5dEqj86J/mjHE/wpJCRpCkVlKUXHkH7vR4J3DOwMbEcU
+r7+lHbx1B6vvtKADwr45RUPhLPKM7kHnAgMBAAEwDQYJKoZIhvcNAQELBQADggIB
+ABg6PhLL0RI+HvsLr8SXAv9Bmc0L1XMsf2NyBLv7+4rS7mcIvu0Ep33P4ApM2YDe
+QTu0WUVR/4/159sC/n/a/yqaFPFaZN6teVsQ6qVZ9fffqxwdSjIgNqiT/iXYgrSd
+pp+A5Zqr9cqTyM80bCpsCnZECcHCLtrKYHfDxRWVsdmFdsQKtH8RxXQlFDAwSYhQ
+h/oZ6FQMGrkUhHiSdCZrtpUhsz9z/oSYekasR3y0+EiMqdoCiSGspn1y6haNZLOy
+x2EiE+iCPUFpRYa35japcpqdUtCcYsg/ai333gP8DFAuBkE0p0pfCqX1wdXFfrRx
+/AZL2CIs7Ggmzu/AETdtIsXfqDga7Nt4IiLZOiVHtDnu0BYpoyOYLIkjojpc4qEB
+nGFyuekvvt4IwpXguPcHLDYE9X3LmKao8IJMyRuuNl2wgxm1vK/q8FnNMjVL++H7
+WX5G642345+r7EN55gAgZMQKJ7Bc5w20znTr55/VrT83qOlNXIGIHFvn9xiMmP69
+jbbKqWX53Z6ZUWWRjVuobj/e7XQju3Nu37qsv67bbnwdMOMdmQwCmYxJ1yBky0BL
+kJP1t7pNmudsUXDJq+zC+RFRBpnRL61t+40gJpmIKZRyqvKOwb9N79ohQI3K4MHr
+gMqsUOOCHIBvdOo0JgN/CKCnJlC2IYBM1BdyrNr+nj+i
+-----END CERTIFICATE-----

certificates/default/wifi-chameleon.csr

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE4DCCAsgCAQAwgZoxCzAJBgNVBAYTAlRXMQ8wDQYDVQQIDAZUYWl3YW4xDzAN
+BgNVBAcMBlRhaXBlaTEMMAoGA1UECgwDTlRVMQ0wCwYDVQQLDARDU0lFMSAwHgYD
+VQQDDBcqLndpZmktY2hhbWVsZW9uLmVkdS50dzEqMCgGCSqGSIb3DQEJARYbYWRt
+aW5Ad2lmaS1jaGFtZWxlb24uZWR1LnR3MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA8tF1F+3z2q2p1I34lcJarrcrFje8HxYhLRlPWCFoDBJg8vxQGBBK
+b6pVhralj5PXpcYbxh+2O+7qQ39UQk5wpmIUsd5IouQKuJaV2uydHpA/KSB4S4LA
+4iLw726n4PLmuFH3H3wV8x8AvbGd3IyX2r1WW8U+1yw3JkyuYNQAEuz1pEhlmWeg
+Yx66ao9vVxJGCFJFzcqY+Oqj2D1AcdvPZ0gK90OgSwcl14N4B5V6mxjzkBXtvzQQ
+VcSTuprmMmLI+LNjltB8yL4mZDY77fWY15c0Xoam6PIVrIzQ9546iY9jf24m2RUN
+2eT0JWMrEUst98vME12BxdQuBfQcrX1scrZt7K0d63FuTphY8I9t5k8ST7T/DMdH
+dnSob5cTEFbTb+Se3BF/bghOSS188G2yqTkaz1oNVZMgeNV718u+MyZLO91ojINC
+t6p742erklj62SJh1zEpKTCanlDmJixyP0ENPPesqUkk7I597xkip21Z4hKrtW6t
+WHLVmPhhEaQgUKHjYf0CAuWDFVYpmShikN6NDnw0wS3nkO/U/4fYGmrW9kZ9CM4n
+WpKW6XA9Z+E6804jhzy0zZJascnf8Iieo0D2+6No5jPl0SqPzon+aMcT/CkkJGkK
+RWUpRceQfu9HgncM7AxsRxSvv6UdvHUHq++0oAPCvjlFQ+Es8ozuQecCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4ICAQCL8ibhAG5RF1CbFgGSS6fhUDqiQnbPFlfSLr5u
+rijboonCJFH19sieIK0qDcBN6Re/Oj4tzfgkyPPT2rabsRf0gL6xpvhfcCYnt4fu
+gArQB5zL1GHunX3LMoQaVyJeos0JqYNgMAq3z0A8gOyLsDb5QEdsRhgdHLzOQk2v
+MFENHr17vAYAburvUIiJ3cWgvL3RwC55+Kct/AUudJiML/DzcxDP4P5giQwcMq7h
+4s5D/8+Qt314bKmPY21TZphR77vt+QiMnMJPvlYkc3lNoUM9Ldlag1bwHHZsZ0Op
+dxOoa7wkC6bkdDEkiqu0G3EeVUDw73ViJ5/IiyxO13ggK8StaNYz6+uVpji4O1/i
+mzt2ylRzb9YZ0wJHHimsD3P/WkNvXQ8XMLlm37eECDHAmsPdo/5ZBLnFZx4EfoC9
+W6eISk9IJzpH+rX5C/yHSAP/UwKa95ugklzz4psbvjdLYBphPfNZ2FbYnvU1WjJf
+RbwU/bB8h1I3uptO7aKxtFmz6bwOLvBWBDBbvRfMWneBd6Yu4fNl2gG5TL1Z9LQ2
+COjfGxcv65HixXeLOa+qZGuxsX3BHPoTjRipLqr9nxvLUwdRwErFv/deNNnHtmih
+g2peCJnS+FGjvYD0dE/liqm7Km3ZxczWkP+yZyojSxIzZaDtyAkLidzUdUH+mFQX
+EFroGA==
+-----END CERTIFICATE REQUEST-----

certificates/default/wifi-chameleon.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA8tF1F+3z2q2p1I34lcJarrcrFje8HxYhLRlPWCFoDBJg8vxQ
+GBBKb6pVhralj5PXpcYbxh+2O+7qQ39UQk5wpmIUsd5IouQKuJaV2uydHpA/KSB4
+S4LA4iLw726n4PLmuFH3H3wV8x8AvbGd3IyX2r1WW8U+1yw3JkyuYNQAEuz1pEhl
+mWegYx66ao9vVxJGCFJFzcqY+Oqj2D1AcdvPZ0gK90OgSwcl14N4B5V6mxjzkBXt
+vzQQVcSTuprmMmLI+LNjltB8yL4mZDY77fWY15c0Xoam6PIVrIzQ9546iY9jf24m
+2RUN2eT0JWMrEUst98vME12BxdQuBfQcrX1scrZt7K0d63FuTphY8I9t5k8ST7T/
+DMdHdnSob5cTEFbTb+Se3BF/bghOSS188G2yqTkaz1oNVZMgeNV718u+MyZLO91o
+jINCt6p742erklj62SJh1zEpKTCanlDmJixyP0ENPPesqUkk7I597xkip21Z4hKr
+tW6tWHLVmPhhEaQgUKHjYf0CAuWDFVYpmShikN6NDnw0wS3nkO/U/4fYGmrW9kZ9
+CM4nWpKW6XA9Z+E6804jhzy0zZJascnf8Iieo0D2+6No5jPl0SqPzon+aMcT/Ckk
+JGkKRWUpRceQfu9HgncM7AxsRxSvv6UdvHUHq++0oAPCvjlFQ+Es8ozuQecCAwEA
+AQKCAgEAxc1BEMRDkNFFdqRMa1rO2mLWE5xFgCFb10w16XoVMzhJh8doS6IBsSNV
+1o61IdfypNVUTLoKjpoade+kqPsTI0bkytxj2WXhIetxmcyEVaB2Az+zHvgdvllu
+Ye2HjmTw9Be5Mwm3K70GsoCdM0vIbGUuk0WD4m7fYjC3IKOyh7hGhpR/R082RWiD
+vUipD4oQSLkUqgavRJ6H6CBFfjrsopr6a+DIFDZ3ai9ruOnY3b2es7JZYRe9ctDW
+8v06JrN4ObiQmQuviyvzRFE10qvt3ToMbDBOiZajd1Oi6wQXdXW8PNNzjAVtqiGr
+jUVSkRzoDmMTFHdovsoQz8LDFcUFcHrZKmFJH+rY8BgQMZ2fHO2oBAnj1QoBtyY0
+OV15tu3CttLGmRWl+WL9pko7xg1Jbnutgrlv9QDoBhVppFTV1wtawAbS1QkHFUXR
+TQVIms4aVgLK+r6E7OcPzEH/rrkmHYaLtVkeaR9mI2Vqad95BIAIoayO697kmMSO
+qLDcvUM6DiVo19YBlJ4LNTfoz2qZznAVz7tduBR4ZeVCyX+LoLVsSL2/9opLQTkG
+sokwm7YNUOT+tKjmxvuZEZId21NpaNhQ/yqXD1qzzB3NHbOVx9TPgRa+a95AIqqh
+Y96GeQDKjbxl2UDz9vtW/Db7Hg9EAyhI38mOfOalIPvc/KqVMqECggEBAPuGX7O1
+7usF94Ti6EhRq6K850ddtz1p0ZrepP9h5VR0TZUhW4rHab4tT05jLfUKfa0cs0BV
+Pk3ltTu6xwnnGlcHzRdXdl4TbeeWUHt/xT9yq1nwOEz3oXCE12u4oRgm79t+jH+M
+P9zSYSTnWINcLTIdjLb79DOYbUgmx/Bvl86vdAMZ5EYNyAhBqpTVJsAokm5/UII4
+0fo8stkYIne5NuZWOLgTiJa5mI8MX1L19zo5jH/wDcNmMSbtVRSGMLEZ32+lTeqq
+2FbqIm8/ZDjW0Y0+I3H5nV7AaPFCGReHqMuSCGdbeqLTM5WWQWQdAq9yT+APv7yp
+ZF/mf9NvgUJk2NECggEBAPcjbUuPO+S1znTpeksk8bX9yr1HV+rvie5WrPlks8Pv
+c5w/13FBXWJTOS2N3l/IMrv6W6ay4tJLOxH+lrovsXGje6fUPIWOvUv2zv0oS6QY
+8dLQ2uVTpCDUQ4NhaOYaYH94KYASyGM/q/gSrmEXW5l9L01/4ycaT12v5if0K5Jl
+436LW9tN4xrTkCb2pZzi1ixTT7XqGVdGLTwc5JIUMbx6HNw4VGlPI2DmGIvGCbYP
+6+/tbaG0TsFT5OelJsEvF9SXEnI/WMKb4+SXAeiGw2uS9sQCjBTcoxWbC0GOjVyi
+cTWrCdBOBIFbt3hY3tFHTT4atl2nek6XxwbXAz50HTcCggEAHJme8DRTwm2fQ4D5
+oJ+IwKxyL+88EsOhjdabNF7RUNUYrUhpvFIIeBN23Rbx9tcGi1SkHUCUIQ9pmC0Y
+zMt2d0bvzyOm1fOnn5m79Q8GQryrN0LVZAsUVFMGm70WtERZKcAuAaLU8CsL2MJl
+kio9CWHKylPD5MoEQxwFyBUoUdwpeODM0BppEGdHGj1Sdq8mV2IqqWQEnEuimoTg
+BnUNBQvwzx2JfnoEGt/xRuGpBvncO//z0LAiDqcV8YuApeKnQW6ueWyLxPZCjBvN
+LZlfoovaQ+96MXf3dtdpOv+19c/ZHMeOHk2do/i93sBduc1pv7SKvM0WGMGA723S
+aNZGwQKCAQEAkRDNhe3ExWJmlr+51kQQUbhwehxXogMLXsin7hhLYPa8UPo0dzlc
+HGwngvLkliqIhUjW5YnZlIEuYkijpxR5vu+slP4CrI711JJCO92cUO2HfSy1YKlx
+DQgrvQG/tlnDTO92xMPBtmhYhFxK2ZkBXp5Z1s77wicycRbgLZGoxd1i5RPeTmNw
+rH2E/yoGWonYF9qrTmfkihMaWE/JZ2nNLAotyKKUAeC/LpDB1cHgT2sXHhWrJaEW
+HWsmUUbi8cC350TqQf+nFUy2P6bYKup36Twx9ypbmZ9NZ1BEEi4gEkET3OHR9+Dj
+yh7RGiZoXEXTNGIvq9ez9lAnNn+dWtqDjwKCAQBOM4iqKYFHca6X7kS9dStU3CMH
+sM83cmEr0yweyI66W1IxkruildINJhAtLcXrtAlbI8ngoRBVuh8pQd/6QcmUMDQx
+3dyrLVWKEhG29T49IXJkHKDxJ17HpQi//WwkBV9cFdL+KqPAVh2glNYMtZDPsqRg
+rdkbMMzvl7JrJlXrWF7QJAOmmE7HD+ABAabQzWPAXXomZL5jTuiMxfUv5nTqHvSJ
+ukRY7XC8t+9W5tOBxjKpnWFctLEYNAn33tVdKpvtrPe358sf6DucTxXJIUC9E6QC
+p13rx9G2xbmOj39+eLxQSZ7ZgT1qqnxALqee8kQMflOhueJBlqzMdv+ecNkx
+-----END RSA PRIVATE KEY-----