How to Set Up Automatic WiFi Captive Portal Login on Windows

While some WiFi setups are either insecure and open or secured with a password, many schools, hotels, stores, and other WiFi-providing entities have a third setup – The WiFi is open, but 99.99% of the web is blocked until you authenticate on the wifi’s captive portal.  In web terminology, a portal is a page from which you can get to other pages.  The captive portal is a portal to every other page on the internet:  Captive refers to the fact that it grabs all http connections – capturing you – and sending you to the portal for authentication.

Sometimes the captive portal is used to inform you of terms or rules, and sometimes it even collects exorbitant sums of money (case in point – planes).  If you’re looking to bypass wifi cost, I can’t help you.  But if you’re logging into a free wifi such as in your school, we can automate that process to make it less of a hassle when you move around and your computer starts communicating with a different router.

To do this, we will install Lynx and OpenSSL, create a script for lynx which logs in to the wifi, create a batch file which runs lynx and passes the script, and then bundle the two files together with iexpress to run in the background.  Finally, we’ll schedule a task in the Task Scheduler to automatically run this program when you connect to WiFi.

1. Download and Install Lynx

First, get the latest version of Lynx, a text-based browser, from here.  (If you want to get a different version from invisible island, make sure it’s the built with curses, non-color style version. — This is the only one supporting https, which we need to access the captive portal.)

Lynx is a text based web browser, and therefore easier to manipulate without a mouse.  Since we want to automatically log in to the WiFi in the background, we don’t want to need a mouse.  That’s why we’re using lynx.

Install lynx, and take note of it’s location.  For most users, it will be

C:\Program Files (x86)\Lynx – web browser\

2. Download and Install OpenSSL

The version of Lynx we installed requires OpenSSL to run.  Lynx recommends you get the newest light version (bits?) from this page.  However, when I tried installing that on other people’s computers, it didn’t work!  Further investigation led me to believe that lynx shouldn’t have been working on my machine, as the dll files supposedly installed in the system directory were nowhere to be found!  After a week of fruitless investigation, I finally used process hacker a second time.  I ran lynx and searched all running process for one of the missing dll files, ssleay32.dll, and I found that lynx was using a copy from an Intel program.  I’ve bundled those dlls and made them available here.  Unzip that file and copy it’s contents to lynx’s install directory, the same directory as lynx.exe.  Again, for most users, that will be

C:\Program Files (x86)\Lynx – web browser\

3. Use Lynx to Log In To Your Wifi

The next step is to log in to your WiFi using lynx and save a log of what key-presses that involves.

First, open lynx and familiarize yourself with the controls.  You want to do the actual login in the most efficient way possible.

Lynx Web Browser Example

Look at the bottom for some key commands.  Pun intended.

The black highlight represents the current element selected by the cursor.  Arrow keys move the cursor.  Up and down jump from link to link.  The right arrow follows the current link, and the left arrow goes back to the previous page.  Use g to go to google.com and practice typing in and submitting forms. Once you’ve mastered the controls, close lynx and open notepad.  Copy the following line into notepad:

“C:\Program Files (x86)\Lynx – web browser\lynx.exe” -cmd_log=%USERPROFILE%\lynxlog.txt

Then, save it as a batch file:

Save dialog from notepad for batch file

Make sure you’re not saving as .bat.txt!

Now you need to disconnect from the internet and wait for your cached login to the captive portal to expire.  How long that takes will depend on your institution.  If you can, it’s easier to move across campus to a new access point.  However you do it, get access to the captive portal again, and then run your new file, portal.bat.  Lynx will open and get caught by the captive portal.  In the most efficient way possible, follow the steps to log in to the wifi.  For example, press down a few times to get to the username field, type your username, press tab, type your password, press tab to get to the submit button, and then right arrow or enter to submit.  Finally, once the wifi login has completed, press q to quit and y to confirm.

The keypresses you used should have been recorded into lynxlog.txt.  Navigate to your home directory and open lynxlog.txt.  The fastest way to do this is by copying ‘%USERPROFILE%\lynxlog.txt‘ into the run dialog.  You can open the run dialog on Windows by pressing the windows key and R in quick succession.  Paste in the path and press enter, and you’ll see your activity from the previous lynx session.  Open in notepad.

4. Create a Batch File

Next, delete the extra lines beginning with # at the top of the file, and any lines between that and the first key you actually pressed.  Save the result as lynx with type all files, with no extension.  That is the filename I chose, however, if you would like to use any extension or other filename, you may.  Just beware of one thing:  If the file extension is more than three characters long, step 5 will not work properly.

distorted filenames result from long extension names

Notice distorted filenames

Save the file in the same directory as portal.bat from before.  Then, close notepad, right click on portal.bat and select edit.  Paste the following line into the file in place of the old one:

“C:\Program Files (x86)\Lynx – web browser\lynx.exe” -cmd_script=lynx -cmd_log=%USERPROFILE%\lynxlog.txt

You’ll notice this is the same line we were executing before, with one addition. -cmd_script is a command-line argument supported by lynx which takes a file of key commands as an argument.  That means it will run the commands we earlier recorded with cmd_log if that file is passed to it.

Save the batch file and test it again the next time you need to log in to your captive-portal’d WiFi.

5. Create an EXE File Which Runs the Batch in the Background

Congratulations!  If you got this far, you have either successfully automated your WiFi login with a batch script, or you read the part at the top which said “Read All Instructions Before Continuing.”  In either case, the next step is to get the script running invisibly.  We can do this using a super-old program from Microsoft called iexpress.  To start, search the start menu for iexpress.   Right click on the result, and run as administrator.  If you do not do this, the program will run but it will not work properly.  Press next twice with the default options, and then set a package title.

set package title dialog

Set a title for your package and press next.

Set whatever title you want.  Then click through the next two dialogs to ignore the option to prompt the user and to display a license, as we’re going to run this completely hidden.  Click the Add button and find your portal.bat and lynx files:

Explorer dialog selecting files for inpot into the self extracting archive

6. Include the batch file and the cmd_args file

After you select both files (Select one, then hold control and select the second), press open and iexpress should look like this:

packaged files dialog shows two included files

Files have been packaged.

Press next, and copy this into the install program line:

cmd /C portal.bat

Type the following C M D, forward slash question mark and then the command to run.

Be very careful at this step…

As mentioned before, iexpress is old.  If you just type portal.bat, the executable will try to run portal.bat with something called COMMAND.COM, a command thing some ancient prehistoric version of Windows used.  cmd tells windows that no, this is the 21st century, and we’re going to use cmd instead!   The rest of the line is passed to cmd.exe: /C tells cmd to run the following command, which is to run portal.bat.  If you try \C or -C it won’t work, so make sure you use “/C!"  No, the exclamation mark isn’t part of it, but that’s English grammar at its best…

In the next dialog, choose the “Hidden” radio option:

Radio button - set hidden

Set visibility to hidden and press next.

Click next again to ignore the option to send the user a message, and then click browse and choose a save destination for the executable.  For example, save the file as portal.exe.  Also make sure to check “Hide File Extracting Progress Animation from User,” as we’re trying to prevent any visual effect on the user.

dialog from which you must browse for an output file and

Step 11. Browse to an output folder and choose an output file

Finally, do not restart after install, as this isn’t actually changing anything that would require a restart.  And if you had to restart every time you connected to WiFi, that would be quite inconvenient indeed.

The last step asks for a place to save an SED file.  This is a file which would allow you to load these settings if you need to make the executable again, and then only change what needs to be changed, if anything.  If you followed all the steps correctly, but feel free to save it anyway just in case.  Press next until iexpress generates your package:

Package exported successfully - done! dialog picture

All set!

At this point, it would be a good time to find a new access point or just wait until your wifi login expires and test this executable as a method of logging in.

The file you generated will have the following icon:

You can keep it that way, or you can optionally make it more beautiful by using resource hacker to replace the icon with something prettier.

6. Schedule Your Script to Run Automatically

Now you have a script which logs into the WiFi, but it’s currently not much more convenient then pressing the button which pops up in chrome with your password prefilled anyway…  To fix this, we’re going to create a task in the Windows Task Scheduler which runs the script automatically.  First, copy your script to a folder where it won’t be in your way.  For example, you might use:

%USERPROFILE%\.util\wifi\

Copy %USERPROFILE% into explorer, and make a folder to store this file in. Move your portal.exe or whatever you called it, there.

Next, open the Task Scheduler from the start menu, and click Create Task in the Actions pane on the right side.

In the “General” tab, set a name for this task, and, optionally, a description.  Choose the options to run whether user is logged on or not, run with highest privileges, and check the hidden option.  Also Configure for Windows 10.

Task Scheduler's General Tab

In the “Triggers” tab, hit the “New…” button to add a new trigger.  Select “On an event” from the first drop-down menu, then “Microsoft-Windows-NetworkProfile/Operational” for the second and “NetworkProfile” for the third.  Set the Event ID to 10000.  This is the code which Windows logs when the computer connects to a wireless network.  Finally, this task should generally complete within a few seconds, so you can let it stop the task if it runs longer than somewhere between two and five minutes.  Press OK to confirm the new trigger.

Task Scheduler New Trigger Dialog

 

In the “Actions” tab, create a new action which runs the program we made earlier from it’s out-of-the-way location.  The following picture provides an example.  Press OK to confirm the new action.

New Action Dialog in Task Scheduler

In the “Conditions” tab, uncheck “Start the task only if the computer is on AC power.”  This is quite important, as presumably you’re setting this up on a laptop, and most people tend to need WiFi even when their computers aren’t plugged in to a wall (citation needed).  The network connection setting probably doesn’t matter, so either leave it disabled or set it to any connection.  Just don’t set it to your specific WiFi as you might want to.  In my experience, this breaks the scheduled task.  (Feel free to try it anyway and let me know of your experience in the comments.)

Task Scheduler Conditions Tab

In the Settings tab, choose “Run a new instance in parallel” if the task is already running.  This is the safest option, although “Stop the existing instance” probably works as well.  Whichever setting you choose, you shouldn’t notice unless your WiFi has intermittent connection issues and the task is triggered again before the old one quits.

Task Scheduler's Settings Tab

To finish this off, press OK and enter your password to authorize the task to run.

Congratulations!  If you got this far, you should have a working automatic WiFi login set up!  You’ll just have to again find an access point you haven’t logged in to or wait until your current authentication expires to test it.

How did it go?  Please let me know in the comments!

 

 

 

 

  • Luca Asga

    Hi, I’m the guy of the CNET forum.
    I was following your tutorial but I have some sort of problem with SSL I think. This is what i receive first.
    https://uploads.disquscdn.com/images/e2105b85f651fab8679b2eb0b13739d8c43fa75ec51d123c2d4f73eec27c8393.png
    Now i fill with user and password and it tells me this
    https://uploads.disquscdn.com/images/3e0ddd9b80b46b63d803d144fb9ff74838928840b007cf652e584190d82d878d.png
    There was a BAD HTML error too during the process.
    Obviously it didn’t log on the captive portal.

    What could I do to fix this??

    • Fascinating. I actually get the same first screen on my school WiFi, but when I press ‘y’ it works fine from there. I’ll look into that. Do you have another WiFi with a captive portal to test it on? Also, if you log in to the captive portal from a different browser, can you use lynx to browse the internet or does it get similar errors? (Try pressing ‘g’ and going to an https website.)

      • Luca Asga

        Yeah, I have the same errors if i go to https sites
        I’ll try to another network with captive portal if I can and i’ll tell you!

    • Also confirm – This with the OpenSSL dlls from my zipfile?

      • Luca Asga

        yes

  • sshcc2k5

    I recently stumbled across your blog because I needed to do something similar. I have a few comments.

    1. First and foremost, your solution doesn’t actually seem to address the problem of logging into a specific access point. You’re trapping for Event ID 10000, but you’ll only get this AFTER you’ve already associated with an AP. At the very least, you need to add a step where you check the box marked “connect automatically.”

    2. The latest versions of OpenSSL (1.0.2) appear to have all the correct DLL’s included. There’s no need to download yours separately.

    3. You don’t have to use iexpress if you don’t mind having a command prompt window flash onscreen briefly.

    4. Be advised that the packaged iexpress files are a potential security risk since they can be very easily unpacked by almost any archiver. Your files are stored completely unencrypted.

    5. Some tips regarding the lynx commands file: key ^J = return key. key ^@ = one second pause.

    6. A startfile appears to mandatory for lynx. This proved to be a challenge I couldn’t solve since my AP dynamically generates login URLs based on my MAC address and time of day. The best I can do is RE-authenticate after I get kicked off after a few hours. You’ll need to add your URL after STARTFILE= in the lynx.cfg file.

    7. Also in the lynx.cfg file I set

    PERSISTENT_COOKIES:TRUE

    ENABLE_LYNXRC:FORCE_SSL_PROMPT:ON

    The first directive has the potential of speeding things up by saving cookies across sessions. The second option as necessary to get rid of the “Can’t find common name in certificate” problem. You’re basically saying, just say yes to any time lynx complains about something.

    8. The 2nd part of the solution to the “Can’t find common name in certificate” problem is to set in your lynx.rc

    force_ssl_prompt=yes

    accept_all_cookies=on

    9. I would strongly advise against checking “Run with highest privileges” when setting up your scheduled task. It’s not necessary, and you’re creating a potential security vulnerability on your computer.

    10. I don’t really have a tenth comment, but all lists should have ten elements.

    • Thank you for your feedback!

      @1 – My solution wasn’t trying to address the problem of connecting to a specific access point. Rather, once you connect, it should log you in to the captive portal. I do think most people will choose to connect automatically. However, I in fact have selected that, and it didn’t actually help. Windows seems to aggressively disconnect the WiFi if it notices the same SSID with a different MAC address.

      @2 – 1.02, and which letter? Link? I certainly tried to use that distribution of OpenSSL first, but I found that it worked on my computer and didn’t work on others’ computers… and I found it wasn’t using the OpenSSL distributed DLLs. If I recall correctly the dlls were either missing or didn’t work for me or anyone I tried to help with this.

      @3 – True. In fact, I found that manually, it actually worked much faster without iexpress, but I wasn’t sure if it would work that way on the login screen… Right now, I have it set on my computer to just run the batch file directly, but the whole thing is not functioning properly anymore for me… Needs revisiting.

      @4 – True. I probably should have mentioned that more loudly in the post. Will fix.

      @6 – I do not understand what you mean by this. By its very nature a captive portal captures your traffic, no matter what site you’re going to. Why do you need a “startfile”? What’s that?

      @7 – Where and what is this lynx.cfg file? @8 and lynx.rc? What files are these?

      @9 – I’m not particularly worried about that… What are you saying, someone’s going to control lynx and ruin my computer?

      @10 – You seem to have enough to say about this – Why not make a blog post of your own on the topic?

      @11 – Because I skipped 5, and “all lists should have ten elements” – If you would have made 9 separate comments, this discussion could have proceeded further more easily. In theory.

      • sshcc2k5

        @2 letter k

        @6 The default startfile (ie initial URL) in the cfg file doesn’t load correctly. At the bare minimum you should replace it with something like 127.0.0.1. But if you’re going to do that, why not just replace it with the login URL you’re trying to automate.

        @7,@8 The cfg file is in the same directory as the lynx binary. The rc file was in my Documents folder for some reason. Both are automatically generated.

        @9 If you don’t set privileges correctly on your batch file, someone could replace it with arbitrary commands which would then run with elevated privileges. Classic attack. Microsoft could easily fix this if they wanted to by caching a checksum of whatever file you scheduled to run with these elevated privileges. But they haven’t fixed the problem in this many years so they probably never will. Just avoid running anything with elevated privileges if it isn’t absolutely necessary.

        @10 Probably because I don’t feel like I have a complete solution. Neither do you. But yours was a good enough start that I thought I’d provide feedback that might benefit anyone else attempting something similar. Perhaps a third person will come along (in six months time maybe) and move the rock just a bit further.

        @11 Be thankful that I broke it down to bulletpoints. I originally had it all as one long paragraph. I actually did come up with a tenth comment: you should probably turn off the Windows 10 Anniversary update option that randomizes your MAC address.