captive-browser
captive-browser copied to clipboard
FiloSottile
Brave or Firefox
Is there any way to run this with Brave or Firefox?
How would I go about that?
Thank you friend.
Hi,
Brave takes the same command-line options as other chromium-derived browser so it should be enough to substitute google-chrome for brave-browser in the browser option configuration. I did exactly that on NixOS and it works.
Firefox would be more difficult because there isn's a command-line option to pass a proxy and all the options are different, so that would be a lot more work.
Heads up: I studied the Firefox problem a bit closer and I think I have a solution. It looks like it talks to the proxy, but I have yet to test it in the field.
My approach is to create a dedicated Firefox profile for captive-browser, configure it appropriately, and direct the "browser" setting to use it. This requires some manual work, unless you use home-manager.
In captive-browser.toml, you want to set
browser = "firefox -P captive-browser --private-window http://example.com"
To configure the profile, you want to run firefox -P, create a profile called captive-browser, start it, go to network settings, tick manual proxy configuration, add a Socks v5 proxy for localhost on port 1666, (or whatever is appropriate) and make sure "Proxy DNS when using SOCKS v5" is ticked. Then start captive-browser in a terminal. It should report "Redirected DNS lookup: example.com". And we're done with setup.
Alternatively, you can use this snippet in home-manager.
I'm currently using the following for Firefox:
# browser is the shell (/bin/sh) command executed once the proxy starts.
# When browser exits, the proxy exits. An extra env var PROXY is available.
#
# Here, we use a separate Firefox instance in Private Browsing mode, so that
# it can run (and be waited for) alongside the default one, and that it
# maintains no state across runs. To configure this browser open a normal
# window in it, settings will be preserved.
#
# Ensure that up to one profile is named `captive-browser` before running this
# command, and that its profile directory in `$HOME/.mozilla/firefox` is the
# only one that ends with `.captive-browser`. You can check with
# `firefox --ProfileManager`. This should only be an issue if you've renamed a
# profile from `captive-browser` previously.
#
browser = """\
firefox \
--CreateProfile "captive-browser" \
&& printf "user_pref%s;\\n" \
"(\\"network.proxy.type\\", 1)" \
"(\\"network.proxy.socks_remote_dns\\", true)" \
"(\\"network.proxy.socks_version\\", 5)" \
"(\\"network.proxy.socks\\", \\"${PROXY%:*}\\")" \
"(\\"network.proxy.socks_port\\", ${PROXY##*:})" \
"(\\"network.proxy.no_proxies_on\\", \\"localhost, 127.0.0.1\\")" \
"(\\"dom.security.https_only_mode\\", false)" \
>> "$(printf "%s\\n" "$HOME"/.mozilla/firefox/*.captive-browser/)"prefs.js \
&& firefox \
-P "captive-browser" \
--no-remote --private-window \
"http://detectportal.firefox.com/success.txt"\
"""
I don't love how $PROXY is handled (whee escaping from POSIX shell), but it's something, and the result matches captive-browser's default feel.
Today I messed with @bb010g's template until Firefox no longer connects to any domain except the requested one. That is generally not a good idea, but is for a captive portal browser exactly what I want. I am sure not all prefs are required, but this works. Additionally, I hide the tab bar. You don't wanna use different tabs in captive-browser, do you?
browser = """\
firefox --CreateProfile "captive-browser" \
&& printf "user_pref%s;\\n" \
"(\\"network.proxy.type\\", 1)" \
"(\\"network.proxy.socks_remote_dns\\", true)" \
"(\\"network.proxy.socks_version\\", 5)" \
"(\\"network.proxy.socks\\", \\"${PROXY%:*}\\")" \
"(\\"network.proxy.socks_port\\", ${PROXY##*:})" \
"(\\"network.proxy.no_proxies_on\\", \\"localhost, 127.0.0.1, [::1]\\")" \
"(\\"dom.security.https_only_mode\\", false)" \
"(\\"network.trr.mode\\", 5)" \
"(\\"toolkit.legacyUserProfileCustomizations.stylesheets\\", true)" \
"(\\"browser.cache.disk.enable\\", false)" \
"(\\"browser.cache.disk_cache_ssl\\", false)" \
"(\\"browser.cache.offline.enable\\", false)" \
"(\\"pdfjs.disabled\\", true)" \
"(\\"extensions.pocket.enabled\\", false)" \
"(\\"extensions.pocket.onSaveRecs\\", false)" \
"(\\"browser.topsites.contile.enabled\\", false)" \
"(\\"browser.newtabpage.enabled\\", false)" \
"(\\"browser.newtabpage.activity-stream.section.highlights.includePocket\\", false)" \
"(\\"browser.newtabpage.activity-stream.discoverystream.enabled\\", false)" \
"(\\"browser.newtabpage.activity-stream.feeds.snippets\\", false)" \
"(\\"browser.newtabpage.activity-stream.feeds.system.topstories\\", false)" \
"(\\"browser.newtabpage.activity-stream.feeds.system.topsites\\", false)" \
"(\\"browser.newtabpage.activity-stream.feeds.systemtick\\", false)" \
"(\\"browser.newtabpage.activity-stream.showSponsored\\", false)" \
"(\\"browser.newtabpage.activity-stream.showSponsoredTopSites\\", false)" \
"(\\"browser.aboutHomeSnippets.updateUrl\\", \\"\\")" \
"(\\"browser.messaging-system.whatsNewPanel.enabled\\", false)" \
"(\\"browser.startup.homepage_override.mstone\\", \\"ignore\\")" \
"(\\"browser.ping-centre.telemetry\\", false)" \
"(\\"browser.region.update.enabled\\", false)" \
"(\\"browser.search.update\\", false)" \
"(\\"browser.search.geoip.url\\", \\"\\")" \
"(\\"geo.enabled\\", false)" \
"(\\"geo.provider.network.url\\", \\"\\")" \
"(\\"browser.region.network.url\\", \\"\\")" \
"(\\"geo.provider.use_geoclue\\", false)" \
"(\\"browser.uitour.enabled\\", false)" \
"(\\"browser.vpn_promo.enabled\\", false)" \
"(\\"datareporting.healthreport.uploadEnabled\\", false)" \
"(\\"datareporting.policy.dataSubmissionEnabled\\", false)" \
"(\\"media.gmp-gmpopenh264.enabled\\", false)" \
"(\\"media.gmp-manager.url\\", \\"\\")" \
"(\\"extensions.getAddons.cache.enabled\\", false)" \
"(\\"extensions.blocklist.enabled\\", false)" \
"(\\"extensions.systemAddon.update.enabled\\", false)" \
"(\\"extensions.systemAddon.update.url\\", \\"\\")" \
"(\\"app.update.auto\\", false)" \
"(\\"privacy.trackingprotection.enabled\\", false)" \
"(\\"privacy.trackingprotection.pbmode.enabled\\", false)" \
"(\\"privacy.trackingprotection.cryptomining.enabled\\", false)" \
"(\\"privacy.trackingprotection.emailtracking.enabled\\", false)" \
"(\\"privacy.trackingprotection.fingerprinting.enabled\\", false)" \
"(\\"privacy.trackingprotection.origin_telemetry.enabled\\", false)" \
"(\\"privacy.trackingprotection.socialtracking.enabled\\", false)" \
"(\\"services.settings.server\\", \\"\\")" \
"(\\"app.normandy.enabled\\", false)" \
"(\\"app.shield.optoutstudies.enabled\\", false)" \
"(\\"messaging-system.rsexperimentloader.enabled\\", false)" \
"(\\"toolkit.coverage.opt-out\\", true)" \
"(\\"toolkit.telemetry.coverage.opt-out\\", true)" \
"(\\"beacon.enabled\\", false)" \
"(\\"security.OCSP.enabled\\", 0)" \
"(\\"extensions.systemAddon.update.enabled\\", false)" \
"(\\"extensions.blocklist.enabled\\", false)" \
"(\\"browser.discovery.enabled\\", false)" \
"(\\"network.captive-portal-service.enabled\\", false)" \
"(\\"network.connectivity-service.enabled\\", false)" \
"(\\"browser.safebrowsing.provider.mozilla.gethashURL\\", \\"\\")" \
"(\\"browser.safebrowsing.provider.mozilla.updateURL\\", \\"\\")" \
"(\\"browser.safebrowsing.malware.enabled\\", false)" \
"(\\"browser.safebrowsing.phishing.enabled\\", false)" \
"(\\"browser.safebrowsing.downloads.enabled\\", false)" \
"(\\"browser.safebrowsing.downloads.remote.enabled\\", false)" \
"(\\"browser.safebrowsing.downloads.remote.block_potentially_unwanted\\", false)" \
"(\\"browser.safebrowsing.downloads.remote.block_uncommon\\", false)" \
"(\\"browser.safebrowsing.blockedURIs.enabled\\", false)" \
"(\\"browser.safebrowsing.passwords.enabled\\", false)" \
"(\\"network.prefetch-next\\", false)" \
"(\\"network.dns.disablePrefetch\\", true)" \
"(\\"network.http.speculative-parallel-limit\\", 0)" \
"(\\"network.predictor.enabled\\", false)" \
"(\\"dom.push.enabled\\", false)" \
>> "$(printf "%s\\n" "$HOME"/.mozilla/firefox/*.captive-browser/)"prefs.js \
&& export MOZ_REMOTE_SETTINGS_DEVTOOLS=1 \
&& mkdir -p "$(printf "%s\\n" "$HOME"/.mozilla/firefox/*.captive-browser/)"chrome \
&& printf "%s\\n" "#TabsToolbar { display: none; }" \
> "$(printf "%s\\n" "$HOME"/.mozilla/firefox/*.captive-browser/)"chrome/userChrome.css \
&& exec firefox -P "captive-browser" --no-remote --private-window "http://neverssl.com/" \
"""
