Captive Portal Page with MITM

Captive Portal Page with MITM

I have a micro-computer designed to show customers a portal page when they sign-in the Wi-Fi network.
The problem is that for some reason they don’t get the usual popup from the phone/pc where as when I do the same with my router it works.
I’m doing the whole process by transferring all dns request to a local network (i.e 10.0.0.2).
When going to the browser they get the portal page, but the behaviour is missing. (connecting to the Wi-Fi then an automatic popup appears saying that you need to log in to the network).
on the local apache i have a simple index.php file with status code of 401 (unauthorised).

The micro-computer is connected via Ethernet port to the router, and I have full-control of the router, yet I want the captive portal be managed from the micro-computer itself, thats why I’m not using router based captive portals.
Tal.

Solutions/Answers:

Solution 1:

Solutions :

Possibility 1 :

You need to have a very specific configuration on your router because he is the relay to your Micro-Computer, plus as i guess your micro-computer is going to internet through the router, you also need to take that in consideration

  • Disable DNS Service on your router
  • Set DNS on your router to 10.0.0.2
  • Disable gateway to Internet on your router or set it to 10.0.0.2
  • Set all real servers/gateway manually on your Micro-Computer, and also routes are very important in this case.

Possibility 2 :

Don’t forget that some devices have their DNS set manually or with specific network configuration or having a specific firewall that watch uncommon DNS server/request then you have to take that in consideration, best solution to avoid that is running the DNS Server on the gateway ip it mean that your DHCP Server need to be on the Mini-Computer or use a gateway on the Mini-Computer or use possibility 3… this imply checking the gateway that you are using i guess it’s the router gateway.

Also you could have a conflict between router job and Micro-Computer Job, and ip conflict like communication between client and Micro-Computer blocked in some case, then check your ip configuration.

Possibility 3 :

If your router is open-source ou open-source convertible you can use DDWRT or OpenWRT to manage your hotspot there are a plenty of configurable hotspots in just few click and you can link them to your Micro-Computer server for users data base or dns or proxy or dhcp or redirect the request to your Micro-Computer or whatever.

Possibility 4 :

Have a look at this MITM Guide and check if you are missing something

Note :

If my answer did not help please provide more technical debugging infos because other than just a description of the configuration we don’t know much… i’ll be pleased to help :)… also give full config of your network it seems that it’s a network issue.

Solution 2:

Your question isn’t very clear to me.

Are you using a browser on the phone/pc or an application? Can you provide a screenshot of the expected behavior?

I’ll try to answer it from what I think you are asking:
For a browser, you can use your DNS or ICMP to redirect a client to your Captive Portal. ICMP is layer 3 protocol and some platforms (like Android) might automatically trigger a native notification to the user, like “Hey you need to sign in”. But the DNS redirect won’t trigger this, it requires user interaction with a browser after connecting to the network. They’ll open a browser, try to go to stack overflow.com and get redirect to your captive portal.

Also, for an application on Android, you have to check a URL connection. Here is an example taken from AOSP:

private static final String mWalledGardenUrl = "http://clients3.google.com/generate_204";
private static final int WALLED_GARDEN_SOCKET_TIMEOUT_MS = 10000;

private boolean isWalledGardenConnection() {
    HttpURLConnection urlConnection = null;
    try {
        URL url = new URL(mWalledGardenUrl); // "http://clients3.google.com/generate_204"
        urlConnection = (HttpURLConnection) url.openConnection();
        urlConnection.setInstanceFollowRedirects(false);
        urlConnection.setConnectTimeout(WALLED_GARDEN_SOCKET_TIMEOUT_MS);
        urlConnection.setReadTimeout(WALLED_GARDEN_SOCKET_TIMEOUT_MS);
        urlConnection.setUseCaches(false);
        urlConnection.getInputStream();
        // We got a valid response, but not from the real google
        return urlConnection.getResponseCode() != 204;
    } catch (IOException e) {
        if (DBG) {
            log("Walled garden check - probably not a portal: exception "
                    + e);
        }
        return false;
    } finally {
        if (urlConnection != null) {
            urlConnection.disconnect();
        }
    }
}

References

Loading...