- require users to authenticate (email, pass) / download an app / etc. to join a wifi network.
$ iptables -t nat -A PREROUTING -i $iface -p tcp --dport 80 -j DNAT --to-destination $target_ip:$portdon't DROP connections, just change their destination - clients need to understand that they're being intercepted (e.g. when requesting /gen_204)
- to compile the binary for your specific ARM architecture, use 'Termux' (a terminal emulator for android) and install golang (
apt install golang) - tested on: LineageOS 16 (OniiChanKernel-R2+)
- you don't want to run
iptables -Fon android, the devices usually have about ~50 rules managed by the system :)
- actual auth
- dashboard for collected data
- record http requests
- when a authenticated client access the server (/success.txt), redirect to a public webpage
- for firefox to stop showing the network prompt, it needs to receive the correct page -> don't intercept success.txt
- in PREROUTING, ACCEPT immediately
- for firefox to stop showing the network prompt, it needs to receive the correct page -> don't intercept success.txt
- DNS hijacking (forward udp/tcp 53 to this host, maybe try dnsmasq)