Introduction
Fluxion is a powerful security auditing and social-engineering research tool. One of its most well-known features is the Captive Portal attack, which mimics a legitimate Wi-Fi login page to capture credentials. To understand how this attack works, it's essential to first examine its underlying file and directory structure.
In this lab, you will navigate through the directories of the Fluxion Captive Portal attack module. You will learn to locate the core attack scripts and see how the various web portal templates are organized. This foundational knowledge is the first step toward understanding, customizing, and effectively utilizing the tool.
Navigate to the 'fluxion/attacks/Captive Portal/' directory
In this step, you will begin by navigating to the specific directory where the Captive Portal attack files are stored. All of Fluxion's files have been cloned into the ~/project/fluxion directory during the setup process. We will use the cd (change directory) command to move into the correct location.
Execute the following command in your terminal:
cd 'fluxion/attacks/Captive Portal/'
After running the command, your terminal prompt will update to reflect the new current directory. This confirms you have successfully navigated to the correct location.
List the contents to see core script files
Now that you are in the Captive Portal directory, let's list its contents to see the files and subdirectories within. This will give us an initial overview of how the attack is structured. We'll use the ls -l command, which provides a detailed list including permissions, owner, size, and modification date.
Run the following command:
ls -l
You should see an output similar to this:
total 12
-rwxr-xr-x 1 labex labex 7835 Mar 26 15:12 captiveportal.sh
drwxr-xr-x 3 labex labex 4096 Mar 26 15:12 sites
-rwxr-xr-x 1 labex labex 119 Mar 26 15:12 stop.sh
From this list, you can identify the main script captiveportal.sh, a script to stop the attack stop.sh, and a directory named sites, which likely contains the web portal pages.
Open 'captiveportal.sh' to view the attack logic
In the previous step, you saw a file named captiveportal.sh. This is the main shell script that orchestrates the Captive Portal attack. In this step, you will view the contents of this file to get a glimpse of the attack's logic. We will use the less command, which is a convenient way to view large text files page by page.
Execute the command below to open the file:
less captiveportal.sh
You can scroll through the file using the arrow keys. You don't need to understand everything, but just scrolling through will give you a sense of the commands and functions used to set up the fake access point and web server.
To exit the less viewer and return to the command prompt, simply press the q key.
Navigate into the 'sites' subdirectory
Among the items listed in the Captive Portal directory was a subdirectory named sites. As the name suggests, this is where the HTML, CSS, and JavaScript files for the fake login pages are stored. In this step, you will navigate into this sites directory to explore its contents.
Use the cd command again:
cd sites
Your terminal prompt will change, indicating you are now inside /home/labex/project/fluxion/attacks/Captive Portal/sites.
Understand how Fluxion organizes its portal templates
You are now inside the directory that holds all the web page templates for the Captive Portal. Let's list its contents to understand how Fluxion organizes these templates. This modular structure allows users to easily select or even create new portal designs.
Use ls -l to see the directories:
ls -l
The output will look something like this:
total 108
drwxr-xr-x 2 labex labex 4096 Mar 26 15:12 'ASUS Router Login'
drwxr-xr-x 2 labex labex 4096 Mar 26 15:12 'Brand_Default_Login (Dark)'
drwxr-xr-x 2 labex labex 4096 Mar 26 15:12 'Brand_Default_Login (Light)'
drwxr-xr-x 2 labex labex 4096 Mar 26 15:12 'Cisco Meraki Login'
...
Each directory listed here represents a different theme or brand for the fake login page (e.g., 'ASUS Router Login', 'Cisco Meraki Login'). This organized structure makes it easy for Fluxion to present a list of portal options to the user when launching an attack.
Summary
In this lab, you successfully explored the directory structure of Fluxion's Captive Portal attack module. You learned how to navigate to the attack's core directory, identify the main execution script (captiveportal.sh), and discover how the various web portal templates are organized within the sites subdirectory. This foundational understanding of the file layout is crucial for anyone looking to analyze, customize, or troubleshoot the Fluxion tool.