Using Certifi with urllib3

[tjt263]

iSniff-GPS

I came across an interesting sounding project on GitHub, called iSniff-GPS.
I decided to check it out, but i experienced some issues when trying to use the web interface.

---

Instructions

Taken from: _https://github.com/hubert3/iSniff-GPS_.

To use the web interface:

1. Install or update required Python modules by running pip install -U -r requirements.txt.
2. Initialise an empty database by running ./manage.py syncdb.
3. Start the web interface by running ./manage.py runserver 127.0.0.1:8000.

---

./manage.py

Here is the contents of manage.py.

#!/usr/bin/env python
import os
import sys

if __name__ == "__main__":
    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "iSniff_GPS.settings")

    from django.core.management import execute_from_command_line

    execute_from_command_line(sys.argv)

---

Error

When accessing the web server; I get a map of Melbourne, VICTORIA. (Australia).
Similar to the following image:

Any attempts to further navigate this interface are fruitless and provokes an errors.
Similar to the following message:

/usr/local/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:791: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)

---

Using Certifi with urllib3

So I follow the instructions at: _https://urllib3.readthedocs.org/en/latest/security.html.
Until I get to: _https://urllib3.readthedocs.org/en/latest/security.html#certifi-with-urllib3.

Setup your pool to require a certificate and provide the certifi bundle:

import urllib3
import certifi

http = urllib3.PoolManager(
    cert_reqs='CERT_REQUIRED', # Force certificate check.
    ca_certs=certifi.where(),  # Path to the Certifi bundle.
)

    # You're ready to make verified HTTPS requests.
try:
    r = http.request('GET', 'https://example.com/')
except urllib3.exceptions.SSLError as e:
    # Handle incorrect certificate error.
    ...

• What am I supposed to do with this block of code?
• Does it require modification in order to work properly?
• Does it belong inside manage.py/connectionpool.py?

---

Additional Information

My experience with Python is minimal but I've tried a bunch of different things over the last few days, trying to get this to work. Here are a few screenshots, depicting some of the various error messages; generated in the background, while i was trying to play with the web interface:

[hubert3]

Hi, thanks for the detailed report.

The Apple WiFi Geolocation page is meant to be used in 1 of 2 ways:

1. Clicking on particular green dots on the map - in which case a new request will be sent to Apple centred on the wifi router this dot represents, and any data returned from Apple about other nearby routers will be added to the map

OR

2. Manually entering a new URL in your browser (e.g. /apple-wloc/f4:f2:6d:87:e0:96) containing a router MAC address (BSSID) whose location you want to look up - Try entering your own home wifi router's BSSID which you can see by doing option-click on the Wifi symbol at the top right of your Mac desktop.

It seems to me like the above is working for you?

The "The InsecureRequestWarning" you're seeing on the console is just a warning and not an error. It relates to the request to the Apple location API being made with insecure SSL options, but this is by design.

The way to make this error go away would be to change verify=False to True in 2 places in wloc.py (however, this may then fail because in the past the hostnames within Apple's SSL certificates have not matched the hostnames - which is why I put verify=False in the first place):

$ grep -Ri verify=false .
./iSniff_GPS/wloc.py:   r = requests.post('https://gs-loc.apple.com/clls/wloc',headers=headers,data=data,verify=False) # CN of cert on this hostname is sometimes *.ls.apple.com / ls.apple.com, so have to disable SSL verify
./iSniff_GPS/wloc.py:   r = requests.post('https://gs-loc.apple.com/clls/wloc',headers=headers,data=data,verify=False) #the remote SSL cert CN on this server doesn't match hostname anymore

The "Wigle SSID Search" feature has probably stopped working because the wigle.net cookie that I've hardcoded in the source is no longer valid, or their API may have changed.

The best way to fix this is to create a wigle.net account for yourself and manually copy & paste the cookie you receive from the Wigle website into the iSniff GPS source here in iSniff_GPS/wigle.py:

cookie = dict(auth='isniff:841981133:1416119202:eiewXk78tQeXklwin17pYw')

Is there anything else that you're specifically trying to do in the web interface that doesn't work?

[hubert3]

Regarding Wigle SSID Search, someone has actually sent a pull request to improve this code so you should now be able to specify a Wigle username/password (see #17)

I suggest you git pull to update your copy of iSniff-GPS (I have just merged the new code), and try configuring your wigle login in iSniff_GPS/settings.py.

[tjt263]

Hi, thanks for the detailed report.

No worries. You're welcome.

The Apple WiFi Geolocation page is meant to be used in 1 of 2 ways:

1. Clicking on particular green dots on the map - in which case a new request will be sent to Apple centred on the wifi router this dot represents, and any data returned from Apple about other nearby routers will be added to the map

OR

2. Manually entering a new URL in your browser (e.g. /apple-wloc/f4:f2:6d:87:e0:96) containing a router MAC address (BSSID) whose location you want to look up - Try entering your own home wifi router's BSSID which you can see by doing option-click on the Wifi symbol at the top right of your Mac desktop.

It seems to me like the above is working for you?

Actually, neither of them worked properly:

1. The map (and green dots) was (and were) limited to the Melbourne CBD.

AND

2. Manually entered URLs/URIs containing router MAC address(es) (BSSIDs) in my browser proved non-responsive.

I'll try changing the hard-coded cookie to suit my wigle.net account and let you know how it goes.
Cheers.

[tjt263]

Let me know if / when you read my last comment, and I'll give you an update.

[hubert3]

Hi,

Apple-wloc is not limited to any particular location - the default BSSID happens to be located in Melbourne, so that's what is displayed by default.

On your local install of iSniff-GPS, try requesting the URL /apple-wloc/88:E3:AB:00:82:30 for example - This is somewhere in Ukraine.

Try downloading a tool like iStumbler and enter a few BSSIDs from your vicinity in the URL like that - At least one of them should work.

Regarding wigle, this now works based on setting wigle_username and password in settings.py. It no longer requires you to hardcode cookies. Please try this and report back.

You will need to git pull to get the new code, delete the existing wigle.py, sudo pip install wigle, and put your wigle creds in your iSniff-GPS settings.py.

[tjt263]

I'll take a look now.
Is there an email address where I can reach you?