As far as I understand, the captive portal is implemented by some sort of iptable firewall rules. Since there is no handshake established during the initial association with the AP(As no passphrase is required), does it mean that all subsequent traffic will be sent unencrypted even after the user has authenticated via the captive portal?(Which means that an attacker can sniff all traffic and inject arbitrary packets)
Asked
Active
Viewed 1,144 times
2
-
Yes you are right. This also means someone can hijack an authenticated user's session (by faking their MAC address) and impersonate them to the eyes of the AP which could have policy/legal implications (spam, downloading/hosting illegal content, etc). – André Borie May 08 '17 at 22:33
1 Answers
2
Yes, wireless networks protected only by a captive portal are unsecured. They work by denying access to websites other than the captive portal until the connected device, identified by MAC address, has clicked through the portal. Requests to non-HTTPS sites made through the network are sent in the clear, the same as an entirely open network.
tlng05
- 10,244
- 1
- 33
- 36