filosottile / captive-browser Goto Github PK

A dedicated Chrome instance to log into captive portals without messing with DNS settings.

Home Page: https://blog.filippo.io/captive-browser

License: MIT License

Go 100.00%

captive-browser's Introduction

I’m a cryptography engineer and open source maintainer, specializing in Go.

From 2018 to 2022, I worked on the Go team at Google, where I was in charge of the Go Security team. I implemented TLS 1.3 support in the Go standard library; co-designed the Go Checksum Database, a seamless solution for securing the Go software supply chain with transparency trees; and with my team was responsible for developing features such as native fuzzing and the Go Vulnerability Database, as well as handling vulnerability reports.

Before that, I was at Cloudflare, where I maintained the proprietary Go authoritative DNS server which powers 10% of the Internet, and led the DNSSEC and TLS 1.3 implementations.

Today, I maintain the cryptography packages that ship as part of the Go standard library (crypto/… and golang.org/x/crypto/…), including the TLS, SSH, and low-level implementations, such as elliptic curves, RSA, and ciphers. These packages are critical to virtually every Go application, securing HTTPS requests, implementing authentication, and providing encryption.

I also develop and maintain a set of cryptographic tools, including the file encryption tool age, the development certificate generator mkcert, and the SSH agent yubikey-agent.

Professional maintenance

Open-source software, despite being shared critical infrastructure, is maintained by volunteers or by full-time company employees. Neither is a sustainable model, the former for obvious reasons, and the latter because available resources at a single company do not scale with the size and success of the project, leading whole teams to burnout and churn.

I am testing a new model: professional independent full-time maintainers, who bill companies as contractors, providing ongoing maintenance and access to their expertise and to the project’s decision-making process.

I envision open source maintainer as a first-class profession, with independent maintainers organized in personal practices or small and medium-sized firms, earning compensation comparable to what senior software engineers are paid. I want maintainers to be empowered to keep doing what they do best, and be available as a resource to the companies that fund them.

I believe the best way to precipitate this change is to prove the model myself, and I plan to build the missing tools (legal contracts, best practices, professional associations…) and grow the model by example and by employing others.

None of this, both my open source work and establishing this model, would be possible without my clients, who've been forward-thinking enough to invest in something new.

captive-browser's People

Stargazers

Watchers

captive-browser's Issues

How to use bind to device feature

Thanks for this great tool. I am trying to use the bind to device feature but I am not sure I am understanding how to use it correctly. First it doesn't work, as expected:
Failed to bind to "wlp2s0": operation not permitted

So I tried giving the binary cap_net_raw capability by running
sudo setcap cap_net_raw+ep /home/sam/go/bin/captive-browser

However now when running captive-browser I get a segfault:

[33265.647116] captive-browser[21369]: segfault at ffffffffff600000 ip ffffffffff600000 sp 00007ffd183d3f88 error 15
[33265.647117] Code: Bad RIP value.

Alternatively I could run captive-browser using sudo? Is that advisable - would it try to run chromium as root? Would it make sense for captive-browser to only run its proxy using sudo so that chromium doesn't have to be run as root?

I tried running using sudo -E anyway but the program still looks for configuration in the root home folder:

2019/05/08 17:34:17 Failed to read config: open /root/.config/captive-browser.toml: no such file or directory

respect XDG_CONFIG_HOME

If XDG_CONFIG_HOME is defined in the environment, it might be good to read from XDG_CONFIG_HOME/captive-browser.toml instead of $HOME/.config/captive-browser.toml. For more on XDG see https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html.

login failure

I'm at SFO airport and trying to connect to their free wifi. I had 8.8.8.8 and 8.8.4.4 in my DNS settings. I joined the network and then started captive-browser. When I tried to navigate to a page in the Chrome tab that appeared, I got the following errors in the console:

2017/09/28 23:57:45 Redirected DNS lookup: example.com
2017/09/28 23:57:45 [ERR] socks: Failed to handle request: Failed to resolve destination 'example.com': lookup example.com on [::1]:53: dial udp 216.9.98.200:53: connect: network is unreachable

(there are more than a few error messages like this)

I don't know enough about how this tool works to be able to debug further, though I'm happy to run any additional commands to help debug the problem.

dhcp-dns query using nmcli (for NetworkManager-managed DNS)

My setup doesn't use dhcpcd nor systemd-resolved, but rather NetworkManager.

While I haven't had a change to test this with captive portals yet, I suspect this command should work:

dhcp-dns = "nmcli -t -f IP4.DNS device show | cut -d ':' -f2 | head -n1"

Not certain if it's necessary limiting to the first line.

Sharing in case it's useful for anyone else. Maybe worth adding to the README? (Happy to PR)

Brave or Firefox

Is there any way to run this with Brave or Firefox?

How would I go about that?

Thank you friend.

What would it take to embed this in the kde network manager

This works perfectly. What would it take to make it callable by the network manager in KDE?

Maybe a bit help for us n00bies?

I run just today first time into the problem of captive portal not showing up on Debian like it does on Win, MacOS and IOS. Searching for a solution I bumped into this. I'm sure the provided instructions are quite clear if you're a (Go?) coder, but I've got no idea how to get this working. I've downloaded Go and Google Chrome and installed the ubuntu .toml file into .config, but what next?

Maybe someone could spend a bit of time to write a clear step-by-step for us regular users?

Captive Browser at this one particular Starbucks will not work.

Normally the captive browser code works fine. But when trying to connect with the captive browser at this articular Starbucks I get the messages below. See also attached wifi screen shot. I did try 1.1.1.1 and 8.8.8.8 but no luck either. Any ideas?

$(go env GOPATH)/bin/captive-browser 

2023/01/18 16:22:45 Obtaining DHCP DNS server...
2023/01/18 16:22:45 Starting browser...
2023/01/18 16:22:45 SOCKS5 proxy pointing to DNS 208.67.222.222 started at localhost:1666...
2023/01/18 16:22:45 Redirected DNS lookup: clientservices.googleapis.com
2023/01/18 16:22:45 Redirected DNS lookup: accounts.google.com
2023/01/18 16:22:45 Redirected DNS lookup: example.com
2023/01/18 16:22:50 Redirected DNS lookup: update.googleapis.com
2023/01/18 16:22:55 [ERR] socks: Failed to handle request: Failed to resolve destination 'accounts.google.com': lookup accounts.google.com on 127.0.0.53:53: read udp 172.16.224.82:42914->208.67.222.222:53: i/o timeout
2023/01/18 16:22:55 [ERR] socks: Failed to handle request: Failed to resolve destination 'clientservices.googleapis.com': lookup clientservices.googleapis.com on 127.0.0.53:53: read udp 172.16.224.82:34610->208.67.222.222:53: i/o timeout
2023/01/18 16:22:55 [ERR] socks: Failed to handle request: Failed to resolve destination 'example.com': lookup example.com on 127.0.0.53:53: read udp 172.16.224.82:54275->208.67.222.222:53: i/o timeout
Fontconfig error: Cannot load default config file: No such file: (null)
2023/01/18 16:22:56 Redirected DNS lookup: accounts.google.com
2023/01/18 16:22:56 Redirected DNS lookup: example.com
2023/01/18 16:23:00 [ERR] socks: Failed to handle request: Failed to resolve destination 'update.googleapis.com': lookup update.googleapis.com on 127.0.0.53:53: read udp 172.16.224.82:56127->208.67.222.222:53: i/o timeout
2023/01/18 16:23:00 Redirected DNS lookup: optimizationguide-pa.googleapis.com

Installation error unknown field "Dial"

Going off instructions on README. Haven't had time to track down error but wanted to quickly drop line.

Go version:

go version go1.8.3 darwin/amd64

Running command go get:

$ go get -u github.com/FiloSottile/captive-browser                                             
# github.com/FiloSottile/captive-browser
/Users/--masked--/go/src/github.com/FiloSottile/captive-browser/main.go:29: unknown field 'Dial' in struct literal of type net.Resolver
/Users/--masked--/go/src/github.com/FiloSottile/captive-browser/main.go:84: cannot use NewUpstreamResolver(upstream) (type *UpstreamResolver) as type socks5.NameResolver in field value:
	*UpstreamResolver does not implement socks5.NameResolver (wrong type for Resolve method)
		have Resolve("context".Context, string) ("context".Context, net.IP, error)
		want Resolve("github.com/FiloSottile/captive-browser/vendor/golang.org/x/net/context".Context, string) ("github.com/FiloSottile/captive-browser/vendor/golang.org/x/net/context".Context, net.IP, error)

Flatpak / Snap package

Flatpak and Snap attempt to be the universal Linux package managers and I think supporting either of them would make Captive Browser easier to install and upgrade.

Cannot make this work

My setup:

arch
sway
unbound
network-manager
forced DNS setting to 127.0.0.1 (unbound) with forwarder to 1.1.1.1

Connecting to open Wifi (Deutsche Bahn), starting captive-browser. Then I only see loading screen resulting with a socks cannot connect / timeout error. No chance even if I try to directly connect to their captive portal (login.bahn.de)

Any ideas?

2022/04/18 19:06:29 Obtaining DHCP DNS server...
2022/04/18 19:06:29 Starting browser...
2022/04/18 19:06:29 SOCKS5 proxy pointing to DNS 172.18.0.1 started at localhost:11666...
[192300:192326:0418/190630.330229:ERROR:object_proxy.cc(623)] Failed to call method: org.freedesktop.DBus.Properties.Get: object_path= /org/freedesktop/portal/desktop: org.freedesktop.DBus.Error.InvalidArgs: No such interface “org.freedesktop.portal.FileChooser”
[192300:192326:0418/190630.330255:ERROR:select_file_dialog_linux_portal.cc(242)] Failed to read portal version property
[192300:192300:0418/190630.420308:ERROR:cursor_loader.cc(116)] Failed to load a platform cursor of type kNull
[192336:192336:0418/190630.441030:ERROR:gpu_init.cc(446)] Passthrough is not supported, GL is egl, ANGLE is 
[192336:192336:0418/190630.444893:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process.
2022/04/18 19:06:30 Redirected DNS lookup: example.com
2022/04/18 19:06:30 Redirected DNS lookup: accounts.google.com
2022/04/18 19:06:35 Redirected DNS lookup: 1.1.1.1
2022/04/18 19:06:35 Redirected DNS lookup: wifi.bahn.de
2022/04/18 19:06:50 [ERR] socks: Failed to handle request: Failed to resolve destination 'accounts.google.com': lookup accounts.google.com on 127.0.0.1:53: read udp 172.18.0.1:57176->172.18.0.1:53: i/o timeout
2022/04/18 19:06:50 [ERR] socks: Failed to handle request: Failed to resolve destination 'example.com': lookup example.com on 127.0.0.1:53: read udp 172.18.0.1:51434->172.18.0.1:53: i/o timeout
Fontconfig error: Cannot load default config file: No such file: (null)
2022/04/18 19:06:51 Redirected DNS lookup: accounts.google.com
2022/04/18 19:06:55 [ERR] socks: Failed to handle request: Failed to resolve destination 'wifi.bahn.de': lookup wifi.bahn.de on 127.0.0.1:53: read udp 172.18.0.1:38320->172.18.0.1:53: i/o timeout
2022/04/18 19:06:56 Redirected DNS lookup: wifi.bahn.de

DHCP DNS server detection via DBus/systemd-resolved

Hi Filippo,

I have written some code to query DBus to determine the nameserver that was provided by DHCP to systemd-networkd, which is commonly used on Arch Linux systems and probably many others. I like this method because it makes it easier for the user running this stack. No complicated shell commands, just provide an interface name like eth0 and the code does the rest.

I'd like to work this into a PR for captive-browser but I'd like to know if you're interested in it. Also, how would the user provide the interface name? An entry in the TOML config file perhaps? Maybe something like this:

systemd-networkd-dhcp-interface = "eth0"

Let me know and I'll put something together.

How do you install and use this in Linux Ubuntu 18.04 bionic?

Hi FiloSottile (Captive browser),

Thanks for providing this. It looks interesting. But, I cannot get this to run and I do have Chrome installed? I think I have the correct Go packages installed, can you be specific as to which Linux GO packages?

I downloaded this twice first using the "git clone" and another time with the archive file. But, I cannot see how to install this or run it. I have read the GitHub and the readme and tried various console terminal commands, but nothing happens? Typing in "captive-browser" does nothing except command not found.

I am using Linux KDE Neon user edition and Linux Mint 19.x Cinnamon both are based on Ubuntu 18.04. I have only tried KDE neon with this so far.

Regards,
Phil (phd21)

filosottile / captive-browser Goto Github PK

captive-browser's Introduction

Professional maintenance

captive-browser's People

Stargazers

Watchers

Forkers

captive-browser's Issues

Recommend Projects

Recommend Topics

Recommend Org