Skip to content
Captive Portal for Android
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information. keep track of authenticated IPs, deauth Nov 5, 2019
login.html Initial commit Nov 4, 2019
main.go look up ip-address from interface Nov 5, 2019
utils.go add utils.go Nov 5, 2019

Captive Portal (on Android (root required))

  • require users to authenticate (email, pass) / download an app / etc. to join a wifi network.

How it works

$ iptables -t nat -A PREROUTING -i $iface -p tcp --dport 80 -j DNAT --to-destination $target_ip:$port

don't DROP connections, just change their destination - clients need to understand that they're being intercepted (e.g. when requesting /gen_204)


  • to compile the binary for your specific ARM architecture, use 'Termux' (a terminal emulator for android) and install golang (apt install golang)
  • tested on: LineageOS 16 (OniiChanKernel-R2+)


  • you don't want to run iptables -F on android, the devices usually have about ~50 rules managed by the system :)


  • actual auth
  • dashboard for collected data
  • record http requests
  • when a authenticated client access the server (/success.txt), redirect to a public webpage
    • for firefox to stop showing the network prompt, it needs to receive the correct page -> don't intercept success.txt
      • in PREROUTING, ACCEPT immediately


  • DNS hijacking (forward udp/tcp 53 to this host, maybe try dnsmasq)
You can’t perform that action at this time.