Hello everyone, I need your advice on setting up the detection and redirection of the captive portal page. I feel really stuck right now because i don' understand why its not working. I would REALLY appreciate if you could help me! This is my set up: on fresh kali linux vm: sudo apt update Setting up hostapd: sudo apt install dnsmasq hostapd sudo nano /etc/hostapd/hostapd.conf -------------- interface=wlan1 driver=nl80211 ssid=test hw_mode=g channel=1 -------------- Setting up static ip for ap: sudo ip link set wlan1 down sudo ip addr add 10.0.0.1/24 dev wlan1 sudo ip link set wlan1 up Setting up dnsmasq (redirects all dns requests to webpage): ctrl + k , delete all the inside text of dnsmasq sudo nano /etc/dnsmasq.conf -------------- # Interface and DNS binding interface=wlan1 listen-address=10.0.0.1 bind-interfaces # DHCP pool and options dhcp-range=10.0.0.10,10.0.0.200,12h dhcp-option=3,10.0.0.1# default gateway dhcp-option=6,10.0.0.1# tell clients to use the AP for DNS # Redirect all DNS names to the AP IP (captive-portal / block) address=/#/10.0.0.1 address=/captive.apple.com/10.0.0.1 address=/captive.apple.com./10.0.0.1 address=/captive.apple.com/hotspot-detect.html/10.0.0.1 address=/connectivitycheck.gstatic.com/10.0.0.1 address=/clients3.google.com/10.0.0.1 address=/clients4.google.com/10.0.0.1 address=/connectivitycheck.android.com/10.0.0.1 address=/www.msftconnecttest.com/10.0.0.1 address=/msftconnecttest.com/10.0.0.1 address=/msftncsi.com/10.0.0.1 address=/edge-http.microsoft.com/10.0.0.1 address=/detectportal.firefox.com/10.0.0.1 address=/detectportal.brave-http-only.com/10.0.0.1 address=/nmcheck.gnome.org/10.0.0.1 address=/networkcheck.kde.org/10.0.0.1 # Optional: forward upstream instead of redirecting # no-resolv server=10.0.0.1 # server=8.8.8.8 # Example static lease (fixed IP for a device) # dhcp-host=aa:bb:cc:dd:ee:ff,10.0.0.20 -------------- Restart service, it starts the dnsmasq: sudo systemctl restart dnsmasq Enable IPv4 forwarding: sudo sysctl -w net.ipv4.ip_forward=1 nano /etc/resolv.con -------------- nameserver 10.0.0.1 -------------- start hostapd - and wait 30 seconds, it should show up: sudo hostapd -d /etc/hostapd/hostapd.conf Setting up webpage: - new terminal sudo apt update sudo apt install nginx sudo nano /etc/nginx/sites-available/ap -------------- server { listen 10.0.0.1:80 default_server; server_name _; root /var/www/ap; index index.html; location /generate_204 { return 200 " "; # Keep it minimal; a space is sufficient } location = /hotspot-detect.html { return 200 " "; # Likewise, return a success response } location = /success.txt { return 200 "This is a captive portal"; # Or any other content } location / { try_files $uri $uri/ =404; # Serve index.html for general requests } } -------------- sudo mkdir -p /var/www/ap sudo nano /var/www/ap/index.html -------------- <html><body><h1>Hello from AP 10.0.0.1</h1></body></html> -------------- sudo chown -R www-data:www-data /var/www/ap check if the html code works and if you can start nginx: sudo nginx -t flush rules: sudo iptables -F sudo iptables -t nat -F sudo iptables -X reset to default: sudo iptables -P INPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -P OUTPUT ACCEPT allow port 80 on ap interface: sudo iptables -A INPUT -i wlan1 -p udp --dport 53 -j ACCEPT sudo iptables -A INPUT -i wlan1 -p tcp --dport 53 -j ACCEPT sudo iptables -A INPUT -i wlan1 -p tcp sudo iptables -t nat -A PREROUTING -i wlan1 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1 sudo iptables -A FORWARD -i wlan1 -p udp --dport 53 -j ACCEPT sudo iptables -A FORWARD -i wlan1 -p tcp --dport 53 -j ACCEPT sudo iptables -A FORWARD -i wlan1 -p tcp -d 10.0.0.1 --dport 80 -j ACCEPT sudo iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE link: sudo ln -s /etc/nginx/sites-available/ap /etc/nginx/sites-enabled/ap sudo systemctl restart nginx finally: sudo aormon-ng check kill sudo hostapd -d /etc/hostapd/hostapd.conf to stop hosting: ctrl + c I can confirm this after testing: - you can connect to ap - you are connected without internet and wifi is open - the ap stays connected for 40 minutes to clients without problem (after this this, idc probably too) On the phone (android): - when connecting you get asked if you want to continue connection without internet or disconnect - a browser isn't opened with the AP page (the browser doesn't open at all) - if you browse for google.com, amazon.com -> it says connection refused - if you browse for 10.0.0.1 the AP page is shown - if you browse for newsell.com the AP page shows up - if you browse for 1.1.1.1, or 1.2.3.4 etc the AP page is shown On Windows: - a browser isn't opened with the AP page (the browser doesn't open at all) - if you browse for google.com, amazon.com -> it says it refused to connect - if you browse for 10.0.0.1 the AP page is shown - if you browse for newsell.com the AP page shows up - if you browse for 1.1.1.1, or 1.2.3.4 etc the AP page is shown issues: - the browser doesn't open automatically with the webpage on 10.0.0.1 after connecting to the ap Note: I admit I relied a bit on the help of an AI but i do understand that code and how the systems: Windows, Iphone, Android, Mac have build in code with a specific URL to check for captive portals when connecting to a new wife. Once again, please help, I would REALLY appreciate it!!!