SSH command to get the list of clients

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

SSH command to get the list of clients

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
SSH command to get the list of clients
SSH command to get the list of clients
2019-02-08 09:08:55

HI all, 

we have a eap245 (ac1750) at work, i've enabled the ssh, is there a manual with the list of all commands?

what i would like to do is get the list of connected client in the wifi?
what i want to do i to have a script to crawl every X minutes the mac address connected, is that possible? or is there another way to do it?

PS: is that possible to block certain url/ips in the access point?

  0      
  0      
#1
Options
2 Reply
Re:SSH command to get the list of clients
2019-02-08 14:08:35 - last edited 2019-02-08 14:10:20

Meanwhile, I've found a solution to mimic user behavior and get the data via HTTP. It works, a bit hacky.

PS: the device stores the password as MD5 value (you can see that the js script to send the form computes the value before sending it to a page to be validated). If you don't get it why I've pointed out this, Google will help you.

the line i'm refering to is this one

 

 

$("input#login-password").textbox("setValue", md5($("input#login-password").textbox("getValue")).toUpperCase());  

so, this piece of python code does what is needed to get the JSON object with the list of clients (install requests - $ pip install requests).

 

import requests, time
s = requests.Session()
# get the cookie from the login page, it's the session_id
r = s.get('http://tplinkeap.net')
c=r.cookies['COOKIE']
cookies = dict(COOKIE=c)
headers = {'Content-Type': 'application/x-www-form-urlencoded','Referer': 'http://tplinkeap.net/'}
time.sleep(1)
# do the login, it validates the session
s.post('http://tplinkeap.net',data={'username':'admin', 'password':'THE_MD5_OF_YOUR_PASSWORD'},cookies=cookies, headers=headers)
time.sleep(1)
#call the json 
rdata=s.get('http://tplinkeap.net/data/monitor.client.client.json?operation=load',cookies=cookies,headers=headers)
rdata.json()

 

 

a bit of explanation. It took me an hour to get to know how the system handles the auth of a user, to my understanding it generates a sessionId that is sent to the page in a cookie with the name COOKIE. when you do the login it basically validates the session, so if password/user matches, the COOKIE (the session then) is valid to perform any actions on the website. It seems that there can be just 1 session at a time on the web app. The rest of the calls just need to be executed with the cookie and a header Referer that the backend checks.

 

  0  
  0  
#2
Options
Re:SSH command to get the list of clients
2022-01-16 19:29:08 - last edited 2022-01-16 19:57:09

@Stefano Thanks for sharing!

 

For my EAP225-Outdoor running firmware 5.0.5, the rdata GET needs to be replaced by:

 

rdata=s.get('http://tplinkeap.net/data/status.client.user.json?operation=load',cookies=cookies,headers=headers)

 

This resource will vary by firmware and model.

 

One more hint for those curious about MD5. It can be generated with this shell command:

 

md5 -s PASSWORD|tr '[:lower:]' '[:upper:]'

 

Or do it in python directly:

 

import hashlib
password_md5 = hashlib.md5(b'PASSWORD').hexdigest().upper()


  0  
  0  
#3
Options