Captive portal issue to start AP

(stoof) #1

Hi guys,

I am trying to set up a captive portal using the definitive guide. But I get immediately stuck in the first steps.
I am using the latest Kali Linux version 2019.1a with a tp-link tl-wn722n USB wifi dongle

So when I run
sudo hostapd hostapd.conf

I get this :

Configuration file: hostapd.conf
Line 8: unknown configuration item 'ignore_broadcast_SSID'
1 errors found in configuration file 'hostapd.conf'
Failed to set up interface with hostapd.conf
Failed to initialize interface

I edited the hostapd.conf and commented the line #ignore_broadcast_SSID=0
when I run sudo hostapd hostapd.conf again , I get this now :

Could not read interface wlan1       # De flags: No such device
nl80211: Driver does not support authentication/association or connect commands
nl80211: deinit ifname=wlan1       # De disabled_11b_rates=0
Could not read interface wlan1       # De flags: No such device
nl80211 driver initialization failed.
wlan1       # De: interface state UNINITIALIZED->DISABLED
wlan1       # De: AP-DISABLED 
wlan1       # De: CTRL-EVENT-TERMINATING 
hostapd_free_hapd_data: Interface wlan1       # De wasn't started

I searched the forum and found this :

  1. Kill network-manager: sudo service stop network-manager or airmon-ng check kill
  2. Whitelist the MAC of your desired device in NetworkManager.conf

I did that, but still, I got the same output as above…

Any ideas? thanks

1 Like
(Hardeep Singh) #2

Hi Stoof,
Welcome to the community!

The issue is with the typo in the hostapd config file.

Here the ignore_broadcast_SSID should be all lowercase. like: ignore_broadcast_ssid. That should fix the issue for you, first.
Second, based on another output, the device is not available. make sure there is a device named wlan1 is accessible on the device.

(stoof) #3

Hi Hardeep !
Thank you so much for the fast response, this seems to be a great community. I am happy to have found this forum.

The first problem is solved, lowercase ignore_broadcast_ssid fixed it.
but I still have the problem with wlan1 device , although it is availble.
see output :

root@Pumpkin:~/configfiles# sudo hostapd hostapd.conf 
Configuration file: hostapd.conf
Could not read interface wlan1       # De flags: No such device
nl80211: Driver does not support authentication/association or connect commands
nl80211: deinit ifname=wlan1       # De disabled_11b_rates=0
Could not read interface wlan1       # De flags: No such device
nl80211 driver initialization failed.
wlan1       # De: interface state UNINITIALIZED->DISABLED
wlan1       # De: AP-DISABLED 
wlan1       # De: CTRL-EVENT-TERMINATING 
hostapd_free_hapd_data: Interface wlan1       # De wasn't started
root@Pumpkin:~/configfiles# iwconfig
lo        no wireless extensions.

wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on
          
eth0      no wireless extensions.

wlan1     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
(Hardeep Singh) #4

I think the issue is that hostapd is taking commented code as device name as well.
Try removing everything after the device name.

Right now it’s taking wlan1 # De flags as the device name. Change it t wlan1 only. and repeat the steps for each line. remove everything after #

(stoof) #5

yes ! that was it . thanks :slight_smile:

next problem when I try to start apache2, it fails and when I check journalctl -xe , I see this in the log :

pr 18 18:56:40 Pumpkin apachectl[7654]: AH00526: Syntax error on line 6 of /etc/apache2/sites-enabled/apple.conf:
Apr 18 18:56:40 Pumpkin apachectl[7654]: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the se
Apr 18 18:56:40 Pumpkin apachectl[7654]: Action 'start' failed.
Apr 18 18:56:40 Pumpkin apachectl[7654]: The Apache error log may have more information.
Apr 18 18:56:40 Pumpkin systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd

Apr 18 19:01:12 Pumpkin apachectl[7762]: AH00526: Syntax error on line 7 of /etc/apache2/sites-enabled/windows.conf:
Apr 18 19:01:12 Pumpkin apachectl[7762]: Invalid command 'RewriteRule', perhaps misspelled or defined by a module not included in the serv
Apr 18 19:01:12 Pumpkin apachectl[7762]: Action 'start' failed.
Apr 18 19:01:12 Pumpkin apachectl[7762]: The Apache error log may have more information.
Apr 18 19:01:12 Pumpkin systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
(Hardeep Singh) #6

Did you enable the rewrite module (mod_rewrite) before starting Apache?

sudo a2enmod rewrite
(stoof) #7

Many thanks Hardeep the mod_rewrite fixed it :grinning:, now the AP is up, dnsspoof enable, apache is running…
I can connect to the AP, however I do not get the captive portal…

Hostapd output

root@Pumpkin:~/configfiles# sudo hostapd hostapd.conf
Configuration file: hostapd.conf
Using interface wlan1 with hwaddr e6:65:07:f8:a8:e9 and ssid "freewifi"
wlan1: interface state UNINITIALIZED->ENABLED
wlan1: AP-ENABLED 
wlan1: STA f4:60:e2:23:b4:6e IEEE 802.11: authenticated
wlan1: STA f4:60:e2:23:b4:6e IEEE 802.11: associated (aid 1)
wlan1: AP-STA-CONNECTED f4:60:e2:23:b4:6e
wlan1: STA f4:60:e2:23:b4:6e RADIUS: starting accounting session AE3D0F008BE5B06F

Dnsmasq output

root@Pumpkin:~/configfiles# dnsmasq -C dnsmasq.conf -d
dnsmasq-dhcp: 452336375 available DHCP range: 10.0.0.10 -- 10.0.0.250
dnsmasq-dhcp: 452336375 vendor class: android-dhcp-8.1.0
dnsmasq-dhcp: 452336375 client provides name: RedmiS2-Redmi
dnsmasq-dhcp: 452336375 DHCPREQUEST(wlan1) 10.0.0.76 f4:60:e2:23:b4:6e 
dnsmasq-dhcp: 452336375 tags: wlan1
dnsmasq-dhcp: 452336375 DHCPACK(wlan1) 10.0.0.76 f4:60:e2:23:b4:6e RedmiS2-Redmi
dnsmasq-dhcp: 452336375 requested options: 1:netmask, 3:router, 6:dns-server, 15:domain-name, 
dnsmasq-dhcp: 452336375 requested options: 26:mtu, 28:broadcast, 51:lease-time, 58:T1, 
dnsmasq-dhcp: 452336375 requested options: 59:T2, 43:vendor-encap
dnsmasq-dhcp: 452336375 next server: 10.0.0.1
dnsmasq-dhcp: 452336375 sent size:  1 option: 53 message-type  5
dnsmasq-dhcp: 452336375 sent size:  4 option: 54 server-identifier  10.0.0.1
dnsmasq-dhcp: 452336375 sent size:  4 option: 51 lease-time  12h
dnsmasq-dhcp: 452336375 sent size:  4 option: 58 T1  6h
dnsmasq-dhcp: 452336375 sent size:  4 option: 59 T2  10h30m
dnsmasq-dhcp: 452336375 sent size:  4 option:  1 netmask  255.255.255.0
dnsmasq-dhcp: 452336375 sent size:  4 option: 28 broadcast  10.0.0.255
dnsmasq-dhcp: 452336375 sent size:  4 option:  6 dns-server  10.0.0.1
dnsmasq-dhcp: 452336375 sent size:  4 option:  3 router  10.0.0.1
dnsmasq: query[A] connectivitycheck.gstatic.com from 10.0.0.76

Dnsspoof output

root@Pumpkin:/var/www/html/apple# sudo dnsspoof -i wlan1
dnsspoof: listening on wlan1 [udp dst port 53 and not src 10.0.0.1]
10.0.0.76.43319 > 10.0.0.1.53:  34259+ A? connectivitycheck.gstatic.com
(Hardeep Singh) #8

Awesome!

Look for a notification saying “Sign in required”
Different Android devices behaves differently. Some opens the splash page, others only show notification.

Check if you see the notification. tap on it and it’ll redirect you to the captive portal.

(stoof) #9

It’s not showing up.
I just tried on a windows 10 machine, same thing. I can connect to the AP, I do get an IP address. But no captive portal. And no sign in popup.

I have the feeling the redirect is not working?

I have the .conf files in /etc/apache2/sites-enabled/

  • windows.conf
  • android.conf
  • apple.conf

and I have extracted the rootsh3ll-captive-portal-template.tar.xz to

  • /var/www/html/android/
  • /var/www/html/windows/
  • /var/www/html/apple/

am I missing something?

1 Like
(Hardeep Singh) #10

Just to verify the redirect issue. Try opening lastpage.com on both the Android and Windows 10 device in a browser.
and share your results.

(stoof) #11

On the Windows 10 :slight_smile:

No internet page is shown with the message

err_name_not_resolved

On the Android device

No internet page is shown with the message

dns_probe_finished_no_internet
(Hardeep Singh) #12

Okay. stop dnsspoof and d the following 2 things on both devices:

  1. Connect to AP and see if the captive portal is shown.
  2. Open lastpage.com again
(stoof) #13

same result on both devices

forgot to mention before, the android is giving a warning popu that the wifi connection has not internet connection that is all

(Hardeep Singh) #14

That’s because the captive portal isn’t triggered and the system assumes there is no internet availability.

Can you show the last 20-30 lines of /var/logs/apache2/access.log and /var/logs/apache2/error.logfile?

use the following command:

tail -F -n 20 /var/logs/apache2/access.log

edit: make sure you set up the iptables chain.

(stoof) #15

the acces.log was empty

and the error log contains :

root@Pumpkin:/var/www/html/apple# tail -F -n 20 /var/log/apache2/error.log 
[Thu Apr 18 19:03:32.565545 2019] [mpm_prefork:notice] [pid 7804] AH00163: Apache/2.4.38 (Debian) 
 configured -- resuming normal operations
 [Thu Apr 18 19:03:32.565610 2019] [core:notice] [pid 7804] AH00094: Command line: '/usr/sbin/apache2'
 [Fri Apr 19 08:26:38.032841 2019] [mpm_prefork:notice] [pid 7804] AH00169: caught SIGTERM, shutting down
 [Fri Apr 19 08:27:06.495061 2019] [mpm_prefork:notice] [pid 8648] AH00163: Apache/2.4.38 (Debian) configured 
 -- resuming normal operations
 [Fri Apr 19 08:27:06.495117 2019] [core:notice] [pid 8648] AH00094: Command line: '/usr/sbin/apache2'

I decided to reboot my kali laptop, and start everything again, to make sure I did not forget any steps, and my iptable entries were ok. Now I get this error from dnsspoof.

root@Pumpkin:~/configfiles# sudo dnsspoof -i wlan1
dnsspoof: libnet_get_ipaddr4(): ioctl(): Cannot assign requested address

but my wlan1 device is there , and I killed the network manager. AP is running on wlan1 using hostapd

root@Pumpkin:~/configfiles# iwconfig
wlan0     IEEE 802.11  ESSID:off/any  
      Mode:Managed  Access Point: Not-Associated   Tx-Power=0 dBm   
      Retry short limit:7   RTS thr:off   Fragment thr:off
      Encryption key:off
      Power Management:on
      
wlan1     IEEE 802.11  ESSID:off/any  
      Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
      Retry short limit:7   RTS thr:off   Fragment thr:off
      Encryption key:off
      Power Management:off
      
lo        no wireless extensions.
(Hardeep Singh) #16

dnsspoof suggests that wlan1 needs to have the IP address. in our case 10.0.0.1

Set the IP and restart dnsspoof.

(stoof) #17

thanks , learning a lot here.

I got dnsspoof running.

Now I get this in dnsmasq output :

 dnsmasq: config error is REFUSED
 dnsmasq: query[A] www.googleapis.com from 10.0.0.76
(Hardeep Singh) #18

The order of commands is important.

hostapd
ifconfig 10.0.0.1 up
dnsmasq
dnsspoof or iptables

Did you run in the same order?

(stoof) #19

rebooted again, started over , running in the correct order now .

While running dnsspoof I get these logs :

/var/log/apache2/access.log

10.0.0.76 - - [19/Apr/2019:11:13:49 +0100] "GET / HTTP/1.1" 200 3380 "-" "Dalvik/2.1.0 (Linux; U; Android 8.1.0; 
Redmi S2 MIUI/V10.2.2.0.OEFMIXM)"
10.0.0.76 - - [19/Apr/2019:13:25:51 +0100] "GET / HTTP/1.1" 200 3380 "-" "Dalvik/2.1.0 (Linux; U; Android 8.1.0; 
Redmi S2 MIUI/V10.2.2.0.OEFMIXM)"`

/var/log/apache2/error.log

[Fri Apr 19 08:27:06.495061 2019] [mpm_prefork:notice] [pid 8648] AH00163: Apache/2.4.38 (Debian) configured 
-- resuming normal operations
[Fri Apr 19 08:27:06.495117 2019] [core:notice] [pid 8648] AH00094: Command line: '/usr/sbin/apache2'
[Fri Apr 19 10:33:54.148473 2019] [mpm_prefork:notice] [pid 8648] AH00171: Graceful restart requested, doing 
restart
[Fri Apr 19 10:33:54.224209 2019] [mpm_prefork:notice] [pid 8648] AH00163: Apache/2.4.38 (Debian) configured 
-- resuming normal operations
[Fri Apr 19 10:33:54.224242 2019] [core:notice] [pid 8648] AH00094: Command line: '/usr/sbin/apache2'
[Fri Apr 19 10:39:42.405985 2019] [mpm_prefork:notice] [pid 8648] AH00169: caught SIGTERM, shutting down
[Fri Apr 19 10:44:56.131215 2019] [mpm_prefork:notice] [pid 2204] AH00163: Apache/2.4.38 (Debian) configured 
-- resuming normal operations
[Fri Apr 19 10:44:56.131511 2019] [core:notice] [pid 2204] AH00094: Command line: '/usr/sbin/apache2'
[Fri Apr 19 13:26:52.157743 2019] [mpm_prefork:notice] [pid 2204] AH00169: caught SIGTERM, shutting down`

when I stop dnsspoof and add iptable rules, I don’t get antything in the access.log . The error.log creates another entry as you can see above.

I appreciate the help and feedback Hardeep. I really want to get this to work.

(Hardeep Singh) #20

error.log is displaying mpm_prefork issues. It generally occurs due to low available memory.
check your memory with free -m
and if memory is low, try creating a swap space to counter the issue.

Also. when using dnsspoof you need iptables command running. that’ll chain the request hitting your wlan1 interface to the eth0. and back.