Android subsystem, when connected to a wireless network sends an HTTP GET request to domains like (Domain varies depending on Android version):
and expects an HTTP 204 response.
Expected URL: http://clients3.google.com/generate_204
Expected Response: A Blank generate_204 file. and an HTTP 204 Success Status.
Android expects to reach this blank file with an HTTP status code 204. where the HTTP 204 status code literally means No content Success Status Code.
If Android succeeds in receiving the HTTP 204 Status code, it will assume the device has the Internet connectivity. Otherwise it assumes that there is a Captive Portal in place and an authentication is required to get the Internet access. Meanwhile it’ll simply show the sign along the WiFi logo.
That is why you need to create a blank file named generate_204 and for sending the HTTP 204 code we use a web server, either apache or nginx to trick the OS in believing that it has Internet access.
And we give a 302 redirect to the domain if we want to trigger the Splash page.
So even if we do not have Internet on our own device, we can make the device believe that it (device) has the Internet connection and then by redirecting the sites to custom look-alike pages, an attacker can sniff the credentials or do the… haxing.
Otherwise, simply give a 302 redirect (imagine dnsspoof ) and trigger the Captive Portal Splash Page.
As Android does not receive HTTP 204, but an unexpected HTTP 302 Status code, it will follow the redirection and opens up the Splash page automatically.