About Portals
All portals must communicate with fluxion's verifier scripts, either check.php or update.php, to test passwords inputted. These script are automatically generated and placed at the root directory with the portal's assets when the attack is being prepared. This implies portals may NOT include files named "authenticator.php," "check.php," or "update.php" at the root directory, otherwise they will be overwritten by the verifier scripts when preparing the attack.
Fluxion supports two types of portal HTML pages, static pages (with redirection), and dynamic pages (no redirection).
Static portal page requirements:
- index.html - This page is displayed when the user arrives at the captive portal.
- index.html must include an HTML form with action="check.php"
- error.html - This page is displayed when the user enters an incorrect password.
- error.html must include an HTML form with action="check.php"
- final.html - This page is displayed when the user enters a correct password.
Dynamic portal page requirements:
- index.html - This page is displayed for all cases.
- index.html must send a post request to "update.php"
- The page must show a sensible message depending on update.php's response ("authenticated" - correct, "" - incorrect).
About Verifier Script
The verifier scripts, check.php and update.php, expect a post request with a password field. The following are all valid password fields accepted by check.php and update.php:
Valid verifier POST fields
- password
- password1
- passphrase
- key
- key1
- wpa
- wpa_psw
On static portals, once the password's been tested, the script will redirect the user to either error.html, when the password is incorrect, or to final.html, if the password is correct.
On dynamic portals, once the password's been tested, the script will return either "authenticated" when the password is correct, or an empty response ("") when the password is incorrect.
About Portal Preprocessing
All portal pages are preprocessed, meaning variables from the script may be inserted into the pages before the attack.
The following is a list of available variables which will be substituted in portals when the attack is being prepared:
- $APTargetSSID - Replaced with the target's ESSID.
- $APTargetMAC - Replaced with the target's BSSID.
- $APTargetChannel - Replaced with the target's channel.
FLUXION WIKI