Get a Pentest and security assessment of your IT network.

Request a quote
Cyber Security

Captive Portal Setup

January 3, 2026

TL;DR

This guide shows you how to set up a captive portal – a webpage users see before getting internet access, often used in public Wi-Fi. Warning: Using this for malicious purposes is illegal and unethical. This information is for educational security testing only.

Setting Up Your Captive Portal

  1. Choose a Framework/Tool: Several options exist, each with different features and complexity.
    • CoovaChilli: A popular open-source option. Requires more technical knowledge.
    • nodogsplash: Another open-source choice, simpler than CoovaChilli.
    • WiFiDog: Commercial solution with a free version for limited use.

    For this guide, we’ll focus on nodogsplash due to its relative simplicity.

  2. Install nodogsplash: On Debian/Ubuntu-based systems: 
    sudo apt update
    sudo apt install nodogsplash
  3. Configure the Interface: Edit /etc/nodogsplash.conf to specify the network interface your access point uses (e.g., wlan0). 
    interface=wlan0
  4. Customize the Portal Page: nodogsplash uses HTML templates in /usr/share/nodogsplash/htdocs/.
    • Edit index.html to change the login form, branding, and terms of service.
    • You can add your own CSS for styling.
  5. Authentication Method: Decide how users will authenticate.
    • MAC Address Authentication: Simplest method; allows access based on device MAC address. Edit /etc/nodogsplash.conf and set auth_type=macauth.
    • Web Form Authentication: Requires users to enter credentials (email, password). More complex setup involving a database or external authentication server. Edit /etc/nodogsplash.conf and set auth_type=webform.
  6. DHCP Server Configuration: Ensure your DHCP server provides the captive portal’s IP address as the default gateway.
    • If using hostapd, configure it to forward DHCP requests to dnsmasq or another DHCP server.
    • The DHCP server should also provide a DNS server (e.g., 8.8.8.8).
  7. Start nodogsplash: 
    sudo systemctl start nodogsplash
  8. Enable on Boot: 
    sudo systemctl enable nodogsplash
  9. Firewall Rules (Important): Configure your firewall to redirect HTTP traffic (port 80) and HTTPS traffic (port 443) to the captive portal.
    • Using iptables: 
      sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-ports 8080
      sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-ports 8080
  10. Testing: Connect to the Wi-Fi network. You should be redirected to your customized captive portal page.

Security Considerations

  • HTTPS: Always use HTTPS for secure communication, especially if collecting user credentials. Configure nodogsplash with a valid SSL certificate.
  • Input Validation: If using web form authentication, thoroughly validate all user inputs to prevent injection attacks.
  • Data Storage: Securely store any collected data (e.g., MAC addresses, usernames, passwords).
  • Regular Updates: Keep nodogsplash and your operating system updated with the latest security patches.
8
Share:
Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

January 3, 2026
Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

January 3, 2026
Cyber Security

Zero Knowledge Voting with Trusted Server

January 3, 2026
Cyber Security

ZeroNet: 51% Attack Risks & Mitigation

January 3, 2026