A captive portal based on Python3 and IPtables. This is based on @nikosft's implementation, is an improved version aiming at providing security and ease of access through Single sign-on (SSO).
- HTTPS Captive Portal
- No-IP domain
- Let's encrypt SSL certificate
- Login Methods
- Credentials login (SQLite3)
- Facebook SSO login
- Google SSO login
- Load HTML and assets from files (routes defined in the code)
- MAC Address Change detection
- Timed Internet Access
- Move configuration to other file
- Write tutorial
- Add CSRF tokens
- Add token login method
- Add admin panel / console commands
- Add other SSO services? (Any other?)
- Add cooldowns between unsuccessful logins?
- Monitor traffic during login?
Start by cloning the repository:
git clone https://github.com/GramThanos/captive-portal.git
cd captive-portal
Edit the configuration on the top of captive_portal.py
.
First change the IP address of the server you are running the captive portal.
LOCAL_SERVER_IP = "192.168.20.1"
Set the domain to use for HTTPS (you will neet to have access to the SSL certificate and key of the domain)
REMOTE_SERVER_DOMAIN = "captive.ddns.net"
You will also need to copy the SSL certificate (as cert.pem
) and the private key (as key.pem
) of the domain at the same directory.
For testing, you may create custom ones by running (add the domain when asked for Common Name (e.g. server FQDN or YOUR name)
):
openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
Then create and edit the configuration of your Facebook app
cp ./sso_config.example.py ./sso_config.py
nano ./sso_config.py
Add your app id and secret.
You can launch the captive portal by running
sudo python3 ./captive_portal.py
This web page was developed as part of the "Web-based authentication on WLANs" project during the postgraduate program "Digital Systems Security"
University of Piraeus, Department of Digital Systems, Digital Systems Security
Authors: Athanasios Vasileios Grammatopoulos, George Zamanis, Sotirios Papadopoulos