A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.
- HTTP redirect
- ICMP redirect
- Redirect by DNS
The attacking side works perfectly if we act MITM and running a script that receives all request from the Captive portal and connection check to reply to these request to force to open page this page will do:
- hijacks all Internet traffic from the machine.
- allows the attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain.
- does not require the machine to be unlocked.
- backdoors and remote access persist even after MITM stoped.
- AP router itself too.
- Stop using public wifi.
- always use VPN
- disable Captive portal
The above steps help you to stay 50% safe from this kind of attacks
Hi there 👋 Support me!
Life is an echo—what you send out comes back.