Most of the universities and institutions nowadays use cyberoam to control and monitor the way their students/employees use their Internet connection. While using VPNs can help in overcoming the whole login process altogether, but many times it doesn’t work. Now, being an CS student, I can’t really live without Internet for long and it’s pretty annoying when cyberoam logs out in between a streaming football match, or while downloading a really large file. Since it logs out after a fixed amount of time, how about a script that can automate the login process even before the connection times out. No more worrying about stopping Internet.

To achieve this, I used mechanize instead of the standard urllib2 module as the script is essentially a bot which logs in for us every few hours and it is a more easier to use and more powerful module as compared to the latter as it can easily simulate the browser properties.

The next step is setting the payload with your login credentials and then posting the credentials with proper access tokens, which should do the trick. Then a few lines of regex would be enough to scrape out required information.

def post_request(username,password,value,mode):
	br = browser()
	#POST request values
	values ={
		"mode":mode,
		"username":username,
		"password":password,
		"btnSubmit":value
	}

	data = urllib.urlencode(values)
	page = br.open(url,data)
	response = page.read()
	br._factory.is_html = True
	soup = BeautifulSoup(response,"lxml")

	regex = re.compile(r"<message><!\[CDATA\[(.*)\]\]><\/message>")

	x = re.search(regex,response)
	print username + ": " + x.group(1)
	return br

The login and logout functions are now simply periodic POST requests to the server. The login process could be run again after a pre-determined timing by using an infinite loop with a sleep function. As long as the program runs, user is logged in. Then, include a simple signal handler, that can post the logout request whenever the SIGINT signal is received and hence terminating the script automatically logs the user out.

def login():
	br = post_request(username,password,"Login","191")
	return br

def logout():
	br = post_request(username,password,"Logout","193")
	return br

A small problem that we’ll face is the SSL Verification, which will fail due to absence of a proper verification certificate. So, we’ll have to bypass this validation for now. For more information, you can see PEP 476 -Enabling certificate verification by default for stdlib http clients. The following snippet bypasses the SSL check:

def bypass_ssl():
	### Bypassing SSL certification ###
	try:
	    _create_unverified_https_context = ssl._create_unverified_context
	except AttributeError:
	    # Legacy Python that doesn't verify HTTPS certificates by default
	    pass
	else:
	    # Handle target environment that doesn't support HTTPS verification
	    ssl._create_default_https_context = _create_unverified_https_context
	return

And that’s pretty much it. Set your credentials in the 2 fields in login.py, set your cyberoam portal’s URL and port, update the re-login time and you’re done!

Forget about ever logging in again, but do remember to log out, or else, you’re FOREVER stuck :P

Link to the code: Github