handbook, books, note, tutorial, troubleshooting

Captive portal attack!

 Captive portal attack!



A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.

source: wikipedia


There is more than one way to implement a captive portal, like:


- HTTP redirect

- ICMP redirect

- Redirect by DNS


The attacking side works perfectly if we act MITM and running a script that receives all request from the Captive portal and connection check to reply to these request to force to open page this page will do:


- hijacks all Internet traffic from the machine.

- installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user's cookies via cache poisoning.

- allows the attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user's cookies on any backdoored domain.

- does not require the machine to be unlocked.

- backdoors and remote access persist even after MITM stoped.


The affected list of the operating systems with this attack:


- Windows

- macOS

- iPhone

- android

- Linux

- AP router itself too.


On the defense side you have to:


- Stop using public wifi.

- always use VPN

- disable Captive portal


The above steps help you to stay 50% safe from this kind of attacks






Captive portal attack!