东华大学 WiFi 的认证流程

登陆

首先,我们连接上DHU的时候,http请求(甚至是https请求)都会返回302
Location:http://www3.dhu.edu.cn/wireless/dhu-login_page.htm?cmd=login& amp;mac=ec:55:f9:6c:54:15&ip=10.200.3.32&essid=DHU&url=http%3A%2F%2Fbaidu%2Ecom%2F

若是https请求,则会出错(ERROR: certificate common name `securelogin.arubanetworks.com’ doesn’t match requested host name `xxxx’.)

http请求则能正常打开页面。

现在转到http://www3.dhu.edu.cn/wireless/dhu-login_page.htm

首先,在此页面,验证码的比对是由javascript完成的,若验证码不符,则不会提交表单。

若验证码通过,则此页面向https://securelogin.arubanetworks.com/auth/index.html/u提交表单(post方式),各参数如下:
[%%MAGICID%%] => %%MAGICVAL%%
[user] => 学号
[password] => 密码
[text] => 验证码
[text2] => 验证码
[%%REDIRID%%] => %%PROTURI%%
通过我后来的实验可知,只提交user和password也可通过认证。

若之前没有登陆,且用户名密码匹配,则返回如下:
POST https://securelogin.arubanetworks.com/auth/index.html/u [HTTP/1.1 200 OK 331ms]
若用户名密码不匹配,返回如下:
POST https://securelogin.arubanetworks.com/auth/index.html/u [HTTP/1.1 302 Temporarily Moved 342ms]
Location: http://www3.dhu.edu.cn/wireless/dhu-login_page.htm?errmsg=Authentication failed
若之前登陆成功,不论你用户名密码是否匹配,都返回:
POST https://securelogin.arubanetworks.com/auth/index.html/u [HTTP/1.1 302 Temporarily Moved 101ms]
Location:?errmsg=Access denied
然后就一直:
GET https://securelogin.arubanetworks.com/auth/index.html/u?errmsg=Access%20denied [HTTP/1.1 302 Temporarily Moved 37ms]
Location:?errmsg=Access denied

退出

至于退出,则是向https://securelogin.arubanetworks.com/auth/logout.html POST 如下数据
[button] => ע�� (gb2312编码的“按钮”两字)
当然,只是 GET https://securelogin.arubanetworks.com/auth/logout.html 也可退出。

Leave a Reply

Your email address will not be published. Required fields are marked *

+ 52 = 60