diff --git a/Making-a-portal-work-with-fluxion.md b/Making-a-portal-work-with-fluxion.md
new file mode 100644
index 0000000..9534cce
--- /dev/null
+++ b/Making-a-portal-work-with-fluxion.md
@@ -0,0 +1,23 @@
+## About Portals
+All portals must communicate with fluxion's verifier script, check.php, to test passwords inputted. This script is automatically generated and placed with the portal's assets when the attack is being prepared.
+Fluxion supports two types of portal HTML pages, static pages (with redirection), and dynamic pages (no redirection).
+### Static portal page requirements:
+* index.html - Displayed when the user arrives at the captive portal, must include an HTML form with action="check.php"
+* error.html - Displayed when the user enters the wrong password, must include an HTML form with action="check.php"
+* final.html - Displayed when the user enters the right password.
+### Dynamic portal page requirements:
+* index.html - Displayed for all cases. Post request must be sent to "check.php?dynamic=true"
+* The page must show a sensible message depending on the returned json.
+
+
+## About Verifier Script
+The verifier script, check.php, expects a post request with a "key1" field containing the password to be tested.. Once the password's been tested, the script will redirect the user to either error.html, when the password is incorrect, or to final.html, if the password is correct.
+
Optionally, the script takes a GET parameter (URL parameter), dynamic=true, making the script return results in json rather than redirecting the client.
+
+## About Portal Preprocessing
+All portal pages are preprocessed, meaning variables from the script may be inserted into the pages before the attack.
+
+The following is a list of available variables which will be substituted in portals when the attack is being prepared:
+* $APTargetSSID - Replaced with the target's ESSID.
+* $APTargetMAC - Replaced with the target's BSSID.
+* $APTargetChannel - Replaced with the target's channel.
\ No newline at end of file