Created Making a portal work with fluxion (markdown)

Making-a-portal-work-with-fluxion.md

@@ -0,0 +1,23 @@
+## About Portals
+All portals must communicate with fluxion's verifier script, check.php, to test passwords inputted. This script is automatically generated and placed with the portal's assets when the attack is being prepared.
+Fluxion supports two types of portal HTML pages, static pages (with redirection), and dynamic pages (no redirection).
+### Static portal page requirements:
+* index.html - Displayed when the user arrives at the captive portal, <strong>must include an HTML form with action="check.php"</strong>
+* error.html - Displayed when the user enters the wrong password, <strong>must include an HTML form with action="check.php"</strong>
+* final.html - Displayed when the user enters the right password.
+### Dynamic portal page requirements:
+* index.html - Displayed for all cases. <strong>Post request must be sent to "check.php?dynamic=true"</strong>
+* The page must show a sensible message depending on the returned json.
+<br>
+
+## About Verifier Script
+The verifier script, check.php, expects a <strong>post request with a "key1" field</strong> containing the password to be tested.</strong>. Once the password's been tested, the script will redirect the user to either error.html, when the password is incorrect, or to final.html, if the password is correct.
+<br>Optionally, the script takes a GET parameter (URL parameter), dynamic=true, making the script return results in json rather than redirecting the client.
+
+## About Portal Preprocessing
+All portal pages are preprocessed, meaning variables from the script may be inserted into the pages before the attack.
+<br>
+The following is a list of available variables which will be substituted in portals when the attack is being prepared:
+* $APTargetSSID - Replaced with the target's ESSID.
+* $APTargetMAC - Replaced with the target's BSSID.
+* $APTargetChannel - Replaced with the target's channel.