Use guest OS as access point for public WIFI spots for host?

mailtomsa · 12-15-2015, 09:59 PM

Hello again,

I have a new question about VirtualBox (or if something else allows what I need, that would be fine as well).

My problem is that my LinuxMint laptop can not access public WIFI hotspots that use captive portal mechanisms to login and agree to their user agreement - which pretty much most of the hotspots out there are doing nowadays. The reason seems to be that those captive portals use mechanisms that are also used in malicious attacks (like DNS spoofing). Since most Linux distros are set up in a way to protect against such attacks, captive portals don't work either.

So I am wondering if I could run a Windows guest OS inside Virtual machine, and hand over full control of the wireless network adapter, so that the guest can log in to the WIFI network; and then somehow make the host OS route through the guest OS.

The only thing I found using Google so far was a post from someone using Parallels on a Mac host to route through a Windows guest OS, but nothing for Linux hosts.

Does anyone know if and how I could get this to work?

Or, if you know an easier/better solution for the captive portal problem, please let me know as well...

Thank you!

sag47 · 12-15-2015, 11:49 PM

TLDR: visit an unsecured website like http://example.com/ so captive portals work as intended.

---

For captive portals, I just visit http://example.com/. Captive portals typically work well when the protocol is plain HTTP. It's usually not the "distro" that makes captive portals harder. It's the browser you're using that typically is making the issue harder for captive portals (i.e. you'll have the same problem on Windows).

For instance, modern versions of Firefox and Google Chrome implement extra security for HTTPS connections such as:

Certificate Pinning
HTTP Strict Transport Security (HSTS)

Popular sites like Facebook, Google, Twitter, etc. implement HSTS which breaks captive portals ability to intercept secure communications for those sites. This only works when both the server and client (browser) support HSTS but as I said popular modern browsers and sites already do.

Therefore, if you think you're on a wifi access point that has a captive portal then visit http://example.com/ as your first site. They tend to "play nicer" when on a site without encryption.

---

To answer your question about VMs directly accessing wifi. It can only be done in VBox if you have a wireless USB dongle and configure the dongle to be directly connected to the virtual machine. As far as I'm aware (even after web searching) there's no way to exclusively connect built-in wireless to a VM. You could use other tricks such as bridged networking.

---

Fun experiment to determine if a website supports HSTS! Open the terminal and use curl to get the headers of the web server and search for the Strict-Transport-Security header.

Code:

$ curl -sILk https://twitter.com/ | grep -i strict
strict-transport-security: max-age=631138519
$ curl -sILk https://www.google.com/ | grep -i strict
$ curl -sILk https://www.facebook.com/ | grep -i strict
Strict-Transport-Security: max-age=15552000; preload

Based on our experiment it looks like both Twitter and Facebook support HSTS but Google does not. However, browsers still tend to use Certificate Pinning for those popular websites.

jefro · 12-16-2015, 03:07 PM

You could attach a usb nic to a vm windows client and then use something like AnalogX's proxy to send data back to the linux.

Seems easier to get linux working.