Captive portal attack!
A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.
source: wikipedia
There is more than one way to implement a captive portal, like:
- HTTP redirect
- ICMP redirect
- Redirect by DNS
The attacking side works perfectly if we act MITM and running a script that receives all request from the Captive portal and connection check to reply to these request to force to open page this page will do:
- hijacks all Internet traffic from the machine.
- installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning.
- allows the attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain.
- does not require the machine to be unlocked.
- backdoors and remote access persist even after MITM stoped.
The affected list of the operating systems with this attack:
- Windows
- macOS
- iPhone
- android
- Linux
- AP router itself too.
On the defense side you have to:
- Stop using public wifi.
- always use VPN
- disable Captive portal
The above steps help you to stay 50% safe from this kind of attacks
Hi there 👋 Support me!
Life is an echo—what you send out comes back.
| 
| 
| 
|