TLDR;
- Force a captive portal to appear be going to a any HTTP not HTTPS website like
http://canireachthe.net - OS’s use HTTP probes to check Internet connectivity (this could break from time to time)
- Consider using DHCP Option 114 for better Captive Portal redirection, read me at #Advanced Captive Portal Detection
Captive Portal Detection
Different Operating Systems and some Applications have similar but distinct methods to detect if a network is using a Splash page or Captive Portal. In general upon connection to a network different tests / checks will be performed to see if captive portal is present.
Overall after connecting to a new network the OS will use an HTTP GET request and look for a specific known response. If the response is different than expected, it is assumed a Captive Portal is present.
Quick note on terms, I use ‘Captive Portal’ and ‘Splash Page’ interchangeably.
Forcing the opening of a Captive Portal
From time to time for many different reasons Captive Portals may not automatic come up / be detected by the operating system. It is the responsibility of the OS to detect a captive portal, if a portal does not automatically appear this is typically and issue with OS not the network / splash page host All that needs to be done to force the captive portal to come up is to go to any HTTP not HTTPS website.
- Note HTTP redirects only work for HTTP traffic (not HTTPS) this is can be a common reason why a splash page is not presented. Alway be sure to go to an HTTP non-secure website, for redirecton to properly occur.
Go to http://canireachthe.net
Operating Systems
Each OS has slightly differnet Internet Connectivity Tests / Captive Portal Detection.
macOS and iOS
- Upon Connection to an SSID the OS will do a HTTP Connection to
http://captive.apple.com/hotspot-detect.html- Any response other than a HTTP 200 Okay WITH the
Successmessage in the body will bring up the Captive Portal box in macOS. - Use captive Wi-Fi networks on your iPhone or iPad
- Apples Says
captive.apple.comover TCP 443 and 80 is used by: iOS, iPadOS, macOS, tvOS, watchOS, and visionOS for “Internet connectivity validation for networks that use captive portals”
- Any response other than a HTTP 200 Okay WITH the
Windows
- Windows uses the processes called Network Connection Status Indicator (NCSI) to determine if there is Internet Connectivity, and if there is a captive portal.
- On Windows 10 or later, the OS will perform a HTTP connection to
http://www.msftconnecttest.com/connecttest.txt- Any response other than a HTTP 200 Okay WITH the
Microsoft Connect Testmessage in the body will bring up the Captive Portal box in Windows. - For Windows 8 or earlier the URL used was
http://www.msftncsi.com/ncsi.txtand the expected text wasMicrosoft NCSI
- Any response other than a HTTP 200 Okay WITH the
Android
Andriod doesnt have there Internet Connection probes nicely document, but looking through some of the code it seems safe to safe Andriod looks for an
HTTP 204which is an empy response fromhttp://connectivitycheck.gstatic.com/generate_204.
Firefox
- Oddly enough Firefox also does its own Captive Portal Detection. https://support.mozilla.org/en-US/kb/captive-portal
- Uses
http://detectportal.firefox.com/canonical.html
Walled Gardens
Advanced Captive Portal Detection
- RFC8910 Details a method for OS’s to be told what the intened redirect URL is.
- DHCP Option 114 = (redirect URI) example http://captive.page.com
- IPv6 DHCP Option 103
- RA (IPv6 Route Advertisment) Type 37
Common Types of Splash Pages
- Click Through (Starbucks)
- Sign-In
- Sponsor Guest