Jump to content

Is it possible to intercept a Captive Portal and pass authentication through?

Recommended Posts

Hi All,

Proud new owner of a Pineapple mk V here but fairly new user.

I'm trying to test a network which is 'Open' and redirects any connected users to a captive portal (requiring AD logins).

I'm wondering if it would be possible to perform an attack that does the following:

wlan0 broadcasts 'TARGET_SSID' as Open with the same spoofed MAC address/ESSID etc

Wlan1 connects to the 'legitimate' 'TARGET_SSID' and connects to the captive portal page

When a user connects to the fake TARGET_SSID on wlan0 they should see a SSL-stripped version of the captive portal.

Ideally, Once they login, the login should pass through WLAN1 to get internet/network access.

If that's occurred successfully, the user should be allowed to browse as per usual while having a SSL-stripping attack performed.

I'm not sure how to tie all these attacks together, from what i've been able to read so far, each of these attacks can happen but all happen individually.

Could anyone point me in the direction of any guides etc that will help me do this or have any pointers?

Many thanks,

Link to comment
Share on other sites

Captive portals usually work by allowing the MAC of the authenticated user through so they can use all the network services so the basic way you would do this attack would be:

wlan0 puts up fake AP with fake login page. Don't pass through and don't sslstrip, just put up the page and ask for creds

wlan1 associates with the real AP

When a user sends creds to your fake portal it takes those and repeats the form POST (that is the most common auth method) against the real login page

If the login is successful the MAC of wlan1 is then approved for use on the network

Once you detect this success you take down the fake captive portal page and allow traffic to flow freely

Automating this shouldn't be to hard if you can do a bit of coding

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...