Skip to content

Preparing portals for fluxion

rad4day edited this page May 3, 2018 · 1 revision

About Portals

All portals must communicate with fluxion's verifier scripts, either check.php or update.php, to test passwords inputted. These script are automatically generated and placed at the root directory with the portal's assets when the attack is being prepared. This implies portals may NOT include files named "authenticator.php," "check.php," or "update.php" at the root directory, otherwise they will be overwritten by the verifier scripts when preparing the attack.


Fluxion supports two types of portal HTML pages, static pages (with redirection), and dynamic pages (no redirection).

Static portal page requirements:

  • index.html - This page is displayed when the user arrives at the captive portal.
  • index.html must include an HTML form with action="check.php"
  • error.html - This page is displayed when the user enters an incorrect password.
  • error.html must include an HTML form with action="check.php"
  • final.html - This page is displayed when the user enters a correct password.

Dynamic portal page requirements:

  • index.html - This page is displayed for all cases.
  • index.html must send a post request to "update.php"
  • The page must show a sensible message depending on update.php's response ("authenticated" - correct, "" - incorrect).

About Verifier Script

The verifier scripts, check.php and update.php, expect a post request with a password field. The following are all valid password fields accepted by check.php and update.php:

Valid verifier POST fields

  • password
  • password1
  • passphrase
  • key
  • key1
  • wpa
  • wpa_psw

On static portals, once the password's been tested, the script will redirect the user to either error.html, when the password is incorrect, or to final.html, if the password is correct.
On dynamic portals, once the password's been tested, the script will return either "authenticated" when the password is correct, or an empty response ("") when the password is incorrect.

About Portal Preprocessing

All portal pages are preprocessed, meaning variables from the script may be inserted into the pages before the attack.
The following is a list of available variables which will be substituted in portals when the attack is being prepared:

  • $APTargetSSID - Replaced with the target's ESSID.
  • $APTargetMAC - Replaced with the target's BSSID.
  • $APTargetChannel - Replaced with the target's channel.