#!/bin/bash

# This file is part of TorBox, an easy to use anonymizing router based on Raspberry Pi.
# Copyright (C) 2026 radio_24
# Contact: anonym@torbox.ch
# Website: https://www.torbox.ch
# Github:  https://github.com/radio24/TorBox
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it is useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# DESCRIPTION
# This file helps to overcome a Captive Portal of an Internet provider, usually seen with
# providers of free wireless access. In contrast to SPOOFING, we use here the TUNNELLING
# methode to pass through a Captive Portal. This method temporarily uses an INSECURE
# CONNECTION so that a client can fill out the login page of the Captive Portal. The user
# may CLOSE ALL HIS APPLICATIONS ON HIS CLIENT DEVICES to prevent the leakage of information
# during the established INSECURE CONNECTION.
#
# SYNTAX
# ./set_captive_2 <outgoing interface> <incoming interface> <incoming interface>
#
# The <outgoing interface> is the door to the internet. Possible values for the <outgoing interface>:
# eth0  -> 	TorBox is connected to the internet with a cable (onboard ethernet interface).
# eth1  -> 	TorBox is connected to the internet with a tethering device.
# wlan0 ->  TorBox is connected to the internet through a wireless network (onboard WLAN chip).
# wlan1 -> 	TorBox is connected to the internet through a wireless network (USB WiFi adapter).
#	ppp0	->	TorBox is connected to the internet through a cellular adapter.
# usb0	->  TorBox is connected to the internet through an USB adapter.
# tun0  ->  TorBox is connected to the Internet through a VPN server
#
# The <incoming interface> is where the client-device is connected to the TorBox. Possible values for the <incoming interface>:
# eth0  -> 	The device is connected with a cable (onboard ethernet interface).
# eth1	-> 	The device is connected with a cable (USB ethernet adapter).
# wlan0 -> 	The device is connected via wireless network (onboard WLAN chip).
# wlan1 -> 	The device is connected via wireless network (USB WiFi adapter).
# tun1  ->  The device is a VPN client and connected with TorBox's VPN server
#
#
######## SET VARIABLES ########
#
#Set the the variables for the menu
MENU_WIDTH=80
MENU_HEIGHT_25=25

#Colors
RED='\033[1;31m'
YELLOW='\033[1;93m'
NOCOLOR='\033[0m'

#Other variables
IPTABLES="/sbin/iptables"
MODPROBE="/sbin/modprobe"
DNSPROG="dnsmasq"
RUNFILE="/home/torbox/torbox/run/torbox.run"
TXT_DIR="/home/torbox/torbox/text"
#EXITID="EXITID=1"
O_DEVICE=$1
I_DEVICE1=$2
I_DEVICE2=$3
I_DEVICE3=$4

###############################

###### DISPLAY A WARNING ######
sleep 2
clear
INPUT=$(cat $TXT_DIR/is-it-captive-text)
if (whiptail --title "TorBox - WARNING" --defaultno --yesno "$INPUT" $MENU_HEIGHT_25 $MENU_WIDTH); then
  EXITLOOP=0
else
#  sudo sed -i "s/^EXITID=.*/${EXITID}/" ${RUNFILE}
  EXITLOOP=1
  exit $EXITLOOP
fi

######## PREPARATIONS ########
clear
# Even if dnsmasq is already running, there may be a restart necessary, in case /etc/resolve was changed
echo -e "${RED}[+] Restarting DNS forwarder...${NOCOLOR}"
sudo systemctl restart $DNSPROG
echo -e "${RED}[+] Flushing existing iptables rules...${NOCOLOR}"
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$MODPROBE ip_conntrack
$MODPROBE iptable_nat
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_nat_ftp

########## NAT rules ##########
#We will forward all the network traffic to the captive portal in order to log in
sudo sed -i "s/^FORWARDING_ONLY=.*/FORWARDING_ONLY=1/" ${RUNFILE}
echo -e "${YELLOW}[!] WARNING: Tor is not running - all data are directly forwarded to the Internet...${NOCOLOR}"
$IPTABLES -t nat -A POSTROUTING -o $O_DEVICE  -j MASQUERADE
$IPTABLES -A FORWARD -i $O_DEVICE -o $I_DEVICE1 -m state --state RELATED,ESTABLISHED -j ACCEPT
if [ -n "$I_DEVICE2" ]; then $IPTABLES -A FORWARD -i $O_DEVICE -o $I_DEVICE2 -m state --state RELATED,ESTABLISHED -j ACCEPT ; fi
if [ -n "$I_DEVICE3" ]; then $IPTABLES -A FORWARD -i $O_DEVICE -o $I_DEVICE3 -m state --state RELATED,ESTABLISHED -j ACCEPT ; fi
$IPTABLES -A FORWARD -i $I_DEVICE1 -o $O_DEVICE -j ACCEPT
if [ -n "$I_DEVICE2" ]; then $IPTABLES -A FORWARD -i $I_DEVICE2 -o $O_DEVICE -j ACCEPT ; fi
if [ -n "$I_DEVICE3" ]; then $IPTABLES -A FORWARD -i $I_DEVICE3 -o $O_DEVICE -j ACCEPT ; fi

########## DIALOG BOX #########
clear
INPUT=$(cat $TXT_DIR/browser-text)
if (whiptail --title "TorBox - INFO" --defaultno --no-button "CONTINUE" --yes-button "TRY IT AGAIN" --yesno "$INPUT" $MENU_HEIGHT_25 $MENU_WIDTH); then
  EXITLOOP=0
else
  EXITLOOP=1
fi

########## FINISHING ##########
exit $EXITLOOP
