Captive Portal Issue on Android Lollipop


(Joshep) #1

Continuing discussion from: PHP not executing on Rogue AP webpage

I just wanna test for the Android Lollipop device for Captive Portal.

So I create an android folder in /var/www/html and inside android/ I created android.conf and black file: genereate_204
But why am i doing this?

PHP not executing on Rogue AP webpage
(Hardeep Singh) #2

Android subsystem, when connected to a wireless network sends an HTTP GET request to domains like (Domain varies depending on Android version):

and expects an HTTP 204 response.

Expected URL:
Expected Response: A Blank generate_204 file. and an HTTP 204 Success Status.

Android expects to reach this blank file with an HTTP status code 204. where the HTTP 204 status code literally means No content Success Status Code.

If Android succeeds in receiving the HTTP 204 Status code, it will assume the device has the Internet connectivity. Otherwise it assumes that there is a Captive Portal in place and an authentication is required to get the Internet access. Meanwhile it’ll simply show the :exclamation: sign along the WiFi logo.

That is why you need to create a blank file named generate_204 and for sending the HTTP 204 code we use a web server, either apache or nginx to trick the OS in believing that it has Internet access.
And we give a 302 redirect to the domain if we want to trigger the Splash page.

So even if we do not have Internet on our own device, we can make the device believe that it (device) has the Internet connection and then by redirecting the sites to custom look-alike pages, an attacker can sniff the credentials or do the… haxing.

Otherwise, simply give a 302 redirect (imagine dnsspoof ) and trigger the Captive Portal Splash Page.
As Android does not receive HTTP 204, but an unexpected HTTP 302 Status code, it will follow the redirection and opens up the Splash page automatically.

(Joshep) #3

following your WiFi Pentesting and Security pdf, I created folder android on the directory /var/www/html
The android folder contains files android.conf and generate_204.
and when i try to enable modules i just created by

a2enmod android 
ERROR: Module android does not exist!

(Hardeep Singh) #4

That’s a mistake.

It is a2enconf android

We need to enable the Android’s “Configuration”. There’s no such module named Android.

(Joshep) #5

You might need to edit it on your pdf too.
Well at what step do i need to use this command on evil twin attack?

(Hardeep Singh) #6

Just setup the apache configuration files, along the evil twin. and run your Fake AP. it should work. It’s just a combination on AP, web server, DNS server and some trickery!

(Joshep) #7

What will happen if I configure apache2 , mysql, enable ip tables, at first
and creake fake AP at the end?
will it work fine?

(Hardeep Singh) #8

Pre Configure apache and MySQL. No problem. But other tools needs to be in order.

  1. Setup fake AP: hostapd or airbase-ng - It will give you active interface
  2. Enable dnsmasq on top of those interface - else you’ll see dnsmasq error: no such interface or no IP address allocated to the interface.
  3. Configure iptables for the current setup i.e hostapd and dnsmasq

Now, run apache, MySQL. and optionally you can enable Internet access for the victim. or redirect all the traffic using dnsspoof.

(Joshep) #9

I entered password on the fake AP from my android device
and it didn’t went to the MariaDB.

(Joshep) #10
root@hidden:~# a2enconf android
ERROR: Conf android does not exist!

This command also doesn’t work

(Hardeep Singh) #11

android.conf needs to be in /etc/apache/sites-enabled/

then restart apache.

(Joshep) #12

What about the generate_204 file?

(Hardeep Singh) #13

in apache root directory:

For android: /var/www/html/android
For iOS: /var/www/html/apple

according to the .conf files. See DocumentRoot variable in the configuration file.

(Joshep) #14

This is for automatic redirection to the captive portal page right?

(Joshep) #15

After i moved android.conf in /etc/apache/sites-enabled/
root@hidden:~# a2enconf android
ERROR: Conf android does not exist!
still the same output

(Hardeep Singh) #16

Run this command: a2ensite android

(Joshep) #17

Yes this command worked! :slight_smile:
but i can’t restart apache2

AH00526: Syntax error on line 10 of /etc/apache2/sites-enabled/android.conf:
Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information. 

i copied same from the pdf to my android.conf file.
There must be some error in the line 10 of the android.conf file.

(Hardeep Singh) #18

Copying from the PDF brings some special characters in the scene.

Download here: android.conf (1.0 KB)

(Joshep) #19

I did but when i try to restart apache2 i got this error

root@hidden:/etc/apache2# apache2ctl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using fe80::42fc:a332:fb11:7b3. Set the 'ServerName' directive globally to suppress this message
Syntax OK

(Hardeep Singh) #20

Apache should start with FQDN error in place.

You ran the configtest here. did the restart also throw the same error?