PLEASE HELP - regarding setting up a CAPTIVE PORTAL with hostapd/dnsmasq on LINUX

Hello everyone,

I need your advice on setting up the detection and redirection of the captive portal page.

I feel really stuck right now because i don' understand why its not working.

I would REALLY appreciate if you could help me!

This is my set up:

on fresh kali linux vm:

sudo apt update

Setting up hostapd:

sudo apt install dnsmasq hostapd

sudo nano /etc/hostapd/hostapd.conf

--------------

interface=wlan1

driver=nl80211

ssid=test

hw_mode=g

channel=1

--------------

Setting up static ip for ap:

sudo ip link set wlan1 down

sudo ip addr add 10.0.0.1/24 dev wlan1

sudo ip link set wlan1 up

Setting up dnsmasq (redirects all dns requests to webpage):

ctrl + k , delete all the inside text of dnsmasq

sudo nano /etc/dnsmasq.conf

--------------

# Interface and DNS binding

interface=wlan1

listen-address=10.0.0.1

bind-interfaces

# DHCP pool and options

dhcp-range=10.0.0.10,10.0.0.200,12h

dhcp-option=3,10.0.0.1# default gateway

dhcp-option=6,10.0.0.1# tell clients to use the AP for DNS

# Redirect all DNS names to the AP IP (captive-portal / block)

address=/#/10.0.0.1

address=/captive.apple.com/10.0.0.1

address=/captive.apple.com./10.0.0.1

address=/captive.apple.com/hotspot-detect.html/10.0.0.1

address=/connectivitycheck.gstatic.com/10.0.0.1

address=/clients3.google.com/10.0.0.1

address=/clients4.google.com/10.0.0.1

address=/connectivitycheck.android.com/10.0.0.1

address=/www.msftconnecttest.com/10.0.0.1

address=/msftconnecttest.com/10.0.0.1

address=/msftncsi.com/10.0.0.1

address=/edge-http.microsoft.com/10.0.0.1

address=/detectportal.firefox.com/10.0.0.1

address=/detectportal.brave-http-only.com/10.0.0.1

address=/nmcheck.gnome.org/10.0.0.1

address=/networkcheck.kde.org/10.0.0.1

# Optional: forward upstream instead of redirecting

# no-resolv

server=10.0.0.1

# server=8.8.8.8

# Example static lease (fixed IP for a device)

# dhcp-host=aa:bb:cc:dd:ee:ff,10.0.0.20

--------------

Restart service, it starts the dnsmasq:

sudo systemctl restart dnsmasq

Enable IPv4 forwarding:

sudo sysctl -w net.ipv4.ip_forward=1

nano /etc/resolv.con

--------------

nameserver 10.0.0.1

--------------

start hostapd - and wait 30 seconds, it should show up:

sudo hostapd -d /etc/hostapd/hostapd.conf

Setting up webpage:

- new terminal

sudo apt update

sudo apt install nginx

sudo nano /etc/nginx/sites-available/ap

--------------

server {

listen 10.0.0.1:80 default_server;

server_name _;

root /var/www/ap;

index index.html;

location /generate_204 {

return 200 " "; # Keep it minimal; a space is sufficient

}

location = /hotspot-detect.html {

return 200 " "; # Likewise, return a success response

}

location = /success.txt {

return 200 "This is a captive portal"; # Or any other content

}

location / {

try_files $uri $uri/ =404; # Serve index.html for general requests

}

}

--------------

sudo mkdir -p /var/www/ap

sudo nano /var/www/ap/index.html

--------------

<html><body><h1>Hello from AP 10.0.0.1</h1></body></html>

--------------

sudo chown -R www-data:www-data /var/www/ap

check if the html code works and if you can start nginx:

sudo nginx -t

flush rules:

sudo iptables -F

sudo iptables -t nat -F

sudo iptables -X

reset to default:

sudo iptables -P INPUT ACCEPT

sudo iptables -P FORWARD ACCEPT

sudo iptables -P OUTPUT ACCEPT

allow port 80 on ap interface:

sudo iptables -A INPUT -i wlan1 -p udp --dport 53 -j ACCEPT

sudo iptables -A INPUT -i wlan1 -p tcp --dport 53 -j ACCEPT

sudo iptables -A INPUT -i wlan1 -p tcp

sudo iptables -t nat -A PREROUTING -i wlan1 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1

sudo iptables -A FORWARD -i wlan1 -p udp --dport 53 -j ACCEPT

sudo iptables -A FORWARD -i wlan1 -p tcp --dport 53 -j ACCEPT

sudo iptables -A FORWARD -i wlan1 -p tcp -d 10.0.0.1 --dport 80 -j ACCEPT

sudo iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE

link:

sudo ln -s /etc/nginx/sites-available/ap /etc/nginx/sites-enabled/ap

sudo systemctl restart nginx

finally:

sudo aormon-ng check kill

sudo hostapd -d /etc/hostapd/hostapd.conf

to stop hosting:

ctrl + c

I can confirm this after testing:

- you can connect to ap

- you are connected without internet and wifi is open

- the ap stays connected for 40 minutes to clients without problem (after this this, idc probably too)

On the phone (android):

- when connecting you get asked if you want to continue connection without internet or disconnect

- a browser isn't opened with the AP page (the browser doesn't open at all)

- if you browse for google.com, amazon.com -> it says connection refused

- if you browse for 10.0.0.1 the AP page is shown

- if you browse for newsell.com the AP page shows up

- if you browse for 1.1.1.1, or 1.2.3.4 etc the AP page is shown

On Windows:

- a browser isn't opened with the AP page (the browser doesn't open at all)

- if you browse for google.com, amazon.com -> it says it refused to connect

- if you browse for 10.0.0.1 the AP page is shown

- if you browse for newsell.com the AP page shows up

- if you browse for 1.1.1.1, or 1.2.3.4 etc the AP page is shown

issues:

- the browser doesn't open automatically with the webpage on 10.0.0.1 after connecting to the ap

Note: I admit I relied a bit on the help of an AI but i do understand that code and how the systems: Windows, Iphone, Android, Mac have build in code with a specific URL to check for captive portals when connecting to a new wife.

Once again, please help, I would REALLY appreciate it!!!