Hack Captive Portals (Hotel & Airport Networks)

dude im surprise this video only got 9k views and 189 thumbs up... you actually explain everything very well good job... great vid

Awesome zaid bhai. U r best instructor ever I seen on Udemy. Nice presentation of classes and direct to the point of subject. U helped me alot. God bless you. Keep it up.

----VIDEO ANALYSIS----
Hello zSecurity! I'm a longtime watcher, first time commenter, and amateur pen-tester. I feel I've got some contributions to make:
So I've got a few key takeaways from your video.
1. First of all, the password intercept method using wireshark only works if the login is sent over HTTP (non-encrypted plaintext) which is an obsolete protocol though still widely used. In fact, your windows (victim machine) even gave you a message at about 7:08 that a password sent over that could be compromised.
2. Deauth attacks work great, but in order to perform a deauth you need a few things. I really wish you took the time to show them in your video because repetition is key to learning. First of all you need a NIC which can go into monitor mode. This is where a phone will not be able to do this unless it is rooted. Also, you need to ensure that the network you're deauthing has a client to deauth. This is where often times you're stopped because the network doesn't disclose the clients that are on it. I don't know how that works and would like some explanation: sometimes my scripts have no problem finding clients, especially once I'm already authenticated into the captive portal, but other times the only client i can find besides myself is the gateway. All this is to ask, is there some kind of defense tactic against this deauth attack which prevents you from seeing clients? How would such a thing be bypassed in theory? Oh, also I use the WiFite script you've discussed in your other videos to perform deauths, so I should probably look up how to do this manually. I would suppose that would be my next step.
3. You only cover the more basic ways to exploit a captive portal. I'm sure these types of attacks work in MOST cases, but a more in-depth guide on how to take advantage of captive portals can be found here: th-cam.com/video/GhUUzGBjhXQ/w-d-xo.html but do be advised the techniques shown in that video rely on you setting up a server PREVIOUSLY to performing the attack. It does fancy stuff like hijacking ad traffic ports/connections and getting your internet through those, as well as other fun techniques.
4. The most trivial way as far as I know to trick a captive portal is to MAC spoof. It should be mentioned that an unrooted Android and an IPhone simply cannot do this, and this is by design. You briefly mentioned this. It's easy, you can use a large amount of various utilities to spoof the mac, my personal favorite being the GNU macchanger which I actually wrote a script for, but it can be done with other commands like ip as well. However, I still have not figured out how to effectively MAC spoof without keeping the first half (the vendor bits) intact. Any help here would be appreciated, because if i try to spoof my MAC to something that isn't the same equipment manufacturer as my NIC, I cannot connect to anything at all. Is there some reason this is happening, or some option in macchanger to stop this? If you could, please make a video covering MAC spoofing in depth; there's a lack of them on TH-cam.
I loved your video, and your other videos. Please read my comments as an attempt to constructively contribute. If I am wrong, let me know where. I am learning just like everyone here.

A quick look at the log-in page source code, to check what is the value of the form label will minimize the guess work when going through the airport as well.

best teacher ive'd saw

MashaAllah zaid brother u r great .......

Brother keep it up plz need more videos god bless you...

That's sweet
Learned much

Am currently enrolled in ur Udemy class u r A great teacher. Thanks for having TH-cam channel.

Very clear and well explained. I already used this technique . I spoofed the mac address and once I have reloaded the connection page, I was connected as the user I spoofed. #magical :)

Awesome content! Thank you!

Nicely explained thanks bro now i can enjoy with my free hotel wifi 😉

NO WAY U ARE SO GREAT!!!!

Really really so nice thanks you so much bro

U r a real PRO!!!

Amazing video sir

Nice tutorial man

I want to learn how to make a captive portal in linux, can you cover how you did yours?

Would you run the deauth before scanning or while for say a couple of minutes ?

Best teacher,please I Want to know how to solve mac address issues

Brilliant , thanks

Hi great stuff thanks. I’m not too familiar with wireshark, is there a way to set 2 filters? As in http & post ?
One other thing, would it be easier to use tshark? Not that I’ve used that either I’m just meaning in terms of filtering written data.
Thanks again

dear sir please explain about Meltdown and Spectre Vulnerability

Awsome this is awstruck brilliance i believe this come not but by burning the midnight lamp.

yeah bro keep it up

Thank's

Nice

does anyone see" hidden network" on their network range ?

can you tell us where are you from Ziad and where can we find and apply to your valuable lessons please?

Question Zaid, if you’re sniffing the packets of an unprotected network that has a captive portal, can say a cyber security manager see you’re sniffing the packets of their network?

Hello Z Security, is it possible to bypass a Captive portal that only has Ports 80 HTTP and 443 HTTPS(SSL) OPEN?

عاشت ايدك

What portable wireless card u using?
Is it ok to use the built in wireless card with the kali

What to do if i have wlan0 as well as well as wlan1 ...

Does this work against AP Client Isolation?

Hello.
I want to learn Ethical hacking. Zaid demo inspired me.
But i don't know from where to begin.
can help me the way what should learn the first and what after it. Please

In many of yours videos that I have watched U use different command prompt. Are those things possible with normal command prompt or we need to install kali linux for those these actions?

So basically run a command program that monitors data coming in and out of the access-point
Then disconnect the target wait for target to input the password again
And that’s how you’ll get the password 😑man this is gonna take awhile 😂

Please how can i create a captive portal?

Sir can u teach me how to trace the person from the mobile number...

God I loathe the “blackout period” public wifis use.

I am not getting wlan0 . Am getting only eth0 and lo... wen i run ifconfig on my terminal

Sir is root@kali downloadable in windows 10?

I still don't know how to get them transferred to the fake login page...

you forgot about sql injection technique

On Android I use psiphon VPN works as well

please I am asking about ifconfig i tried to use it with cmd and command prompt administrator its no working

If WIFi is Enable with mac Filtering.
Is there a way to connect ?

I'm unable to deauth any network and getting message such as "No such BSSID available."
Pls help !!

please how do you crack WPA2 without wordlist and get the right password

👍👍

Not working
Monitor mod is not on please check

What if the login page of the hotel's wifi is secured with SSL / HTTPS? Then can we see their login credentials too?

Where is white list filtering video?

use KEEP SOLID VPN!

Munashir

Every single captive portal I've ever seen uses https

How to hack captive portals that asks mobile number and OTP to get connected?
please send me the answer

who use today still http for login?

You lost me at mac address.

Zaid i desperately want your help...
I just want to know which Alfa Adapter is better AWUS036NHA OR AWUS036NEH...
PLEASE HELP ME OUT

Who the fuck goes to Bing!?

Just for reference lol This shyt can land you in jail if you are not careful. I'd go for a less invasive technique if possible. To many FREE wifi spots out there to go and risk going to jail over for free wifi!

Anyone know any new tricks to bypass these stupid things? I've tried adding .jpg etc at the end. Amazonws, Akami Technologies, and Google Analytics come right thru them in TCPView!! Blech!!!!

I want you to teach me how to hack Facebook or Instagram

Awesome content! Thank you!