mini browser

kramtw · Jan 24, 2020, 7:42 AM

hi is there any way to get pass the mini browsers on ios and android so that the redirect go to the website that was set in the captive portal.

free4 · Jan 24, 2020, 7:42 AM

@kramtw yes, but i woudnt recommend it to you

You can fool the apple mini brosser by adding "captive.apple.com" into allowed hostnames on pfsense

For Android, it's a bit more complex since there is no standard URL to whitelist. Allowing connectivitycheck.gstatic.com should work for most phones (but not all ...)

kramtw · Jan 24, 2020, 2:25 PM

hi
thank for your answer.
you said that you would not recommend it, could you list a few of the reasons.

when guess connect to the WiFi ssid the portal page comes up and there is an ad that the user will click on and the user name and password is entered automatically and they are allow you get to the internet for 30 mins. when the mini browser from ios pops up the ad is no longer there. what i will like to be able to do is have the redirect send the user to an internal web page in the full browser were the ad is present so the user can click and get to the internet.

Gertjan · Jan 24, 2020, 1:48 PM

This mini-browser is a at best a pale copy op the build in Safari browser - a non-installable iOS App. I guess Apple will never give the end user the control over what type of browser is used to present that page that could be our captive portal login page . Because they do car about security.

But .... YOU control what's in the captive portal login page. You can load it up with PHP (that produces all sort of html code) although I think, never tried it, the mini-browser doesn't executes java scripts code for the same security reasons.

For example, your clickable object can be hosted on any other server which is reachable as long as you whitelist his FQDN/URL.

Btw : why should a user click on an object (image ?) or even an add ??
There are already enough adds ..... please don't add others ones ^^
If it's a matter of pre filling in a user name and password, you could do it right away in your captive portal.

When my clients login on my captive portal,, I redirect them ALL to www.google.com.
I could also redirect them to some server I manage, where I can do what needs to be done.

free4 · Jan 24, 2020, 2:34 PM

@kramtw the reason : the captive portal can't redirect HTTPS redirection to the login page ( ..because HTTPS has been designed specifically to prevent that)

Because nowaydays users don't browse non-https website anymore, captive portal detectors are essential.

I woudnt recommend fooling mini web browser, because it will make all non-technical user complains about "the wifi isnt working".
Instead, i would recommend you to debug why isnt your ad working on the browser

Some interresting clue : https://divideandconquer.se/2017/01/26/limitations-of-apple-ios-captive-portal-web-browser/