Social Media Phishing with Captive Portal using NodeMcu

July 21st, 2019 by

Phishing is a criminal act of deceiving other people into sharing their sensitive information like credit card numbers or account credentials. Usually, it is carried out by sending victims fake URLs which imitate a legitimate website such as social media accounts, bank login pages, and more. In this demonstration, we will be broadcasting a wifi access point with DNS redirection to host the Captive portal with a fake Facebook login page.

Phishing is the simplest cyber attack, but the most effective one. It doesn’t require sophisticated technical knowledge to carry out.

You will see how a wifi access point name was replicated and, how a fake Facebook page was displayed to the victim’s device. We use a NodeMCU, a cheap 5$ wifi Module to achieve such a feat.

Video Demonstration


Why is this super effective?

Upon connecting to our captive portal, “Facebook Messenger” displays a notification that the user needs to do something to be able to use messenger.

Also, Android devices have a default behavior of showing “Sign in to Network” which calls for an action to do something.

Since we are not broadcasting Wifi with an active connection, I have added a way to catch 404 and redirect it to the fake login page. So if you open up your browser E.g. Chrome or default Android browser, you will see the fake, Facebook Page.

It is also applicable for laptop devices, especially those who use Windows 10. A browser will popup, with the URL “”, and the website imitation will appear.


How to prevent such attacks?

Just checking the URL of the website is not enough. It is best to use mobile data and be wary of connecting to public Wifi.

For Android, what you can do is disable the “captive portal detection” by executing an ADB shell command. You do not need root to accomplish it.

You can also follow this tutorial on StackOverflow to disable Active Probing in Windows.


Spread the love



  1. daniel

    January 11, 2020 at 11:49 am

    gostaria dos arquivos para testar na minha rede

  2. Md. Mahadi Hasan Murad

    November 27, 2020 at 6:50 am

    can you give me code

  3. Luis Leokard dos santos Nascimento

    June 22, 2021 at 11:14 am

    hello friend this and very nice could share your work with everyone thank you my email [email protected]


Leave a Reply

Your email address will not be published.