Captive Portal¶
CVEs like CVE-2024-36472 only work within a captive portal. Here’s how to recreate one quickly for testing.
Let’s create a lab with a captive portal using the (now discontinued) zeroshell project:
This is properly recognized by buster’s Firefox, and Gnome provided network-manager-config-connectivity-debian is installed.
We prepare a zeroshell VM with 2 NICs LAN/WAN, and a buster-elts VM with 1 NIC for the LAN. zeroshell is very light, 512MB RAM and 2GB disk is more than enough.
Let’s reuse libvirt’s default bridge virbr0 for the WAN, and
create a new bridge for the restricted LAN:
apt install bridge-utils
brctl addbr zs0
ifconfig zs0 up
Connect (e.g. in virt-manager) virbr0 to zeroshell:nic0 and
zs0 to both zeroshell:nic1 and our buster VM.
Install the zeroshell VM from the latest ISO.
Normal Startup (Live CD)
<A> Installation Manager, keep defaults
IP Address to assign to ETH00: 192.168.122.2/255.255.255.0
Default Gateway: 192.168.122.1
<R> Reboot
<I> IP Manager
<A> Add IP address
ETH01: 192.168.200.1/255.255.255.0
Web interface https://192.168.122.2 (accept self-sign SSL certificate, admin:zeroshell)
Network / DHCP
Subnet > New > 192.168.200.0
Range 1: 192.168.200.101 - 192.168.200.199
Default Gateway: 192.168.200.1
DNS 1: 192.168.200.1
Save
Users / Captive Portal
GW: Active
Interface: ETH01
Save
Bonus: actually working gateway
Network / Router / NAT
NAT Enabled Interfaces: ETH00
Save
In the buster-elts VM, dhclient should now work, Firefox should now pop-up about the captive portal, and Gnome should open a Hotspot Login pop-up when connecting the network.