SSL/TLS Certificate Validation Tool for Pre-Authentication Captive Portals
Certificate Validation in Captive Portals
DOI:
https://doi.org/10.31436/ijpcc.v12i1.649Keywords:
Captive Portal, Certificate Chain Verification, Intermediate Certificate Recovery, OpenSSL, SSL/TLS validation, Wi-Fi SecurityAbstract
Public network captive portal often disrupts the handshake in the SSL/TLS protocol and displays browser warnings that are sometimes ambiguous and sometimes excessive. These warnings can be misleading for users even for those with technical expertise. Notwithstanding the associated risks, there are limited tools that can be used to validate the trust of the SSL/TLS certificates in pre-authentication environments. This paper presents a lightweight and automated tool that is designed to validate the contents of an extracted certificate chain of SSL/TLS from live or stored handshake traffic at captive portals. The tool uses the trust evaluation engine of OpenSSL, supplemented with a Mozilla-compatible CA bundle to determine the validity of certificates and enables automatic retrieval of the missing intermediate certificates through AIA URLs to improve the accuracy of validation. The tool was evaluated using TLS handshakes captured from the IIUM Wi-Fi captive portal and samples from the ISCXVPN2016 dataset. After intermediate correction, the tool achieved 100% detection accuracy with no false positives and false negatives. It was able to detect misconfigured, expired or incomplete chains and validate known secure sessions. The proposed solution had more accurate and actionable diagnostics compared to browser-based indicators and tools like SSL Labs in pre-login situations, where existing methods often fall short. This tool fills an important gap in network security for users, by enhancing transparency and trust in certificate assessment. Its automation and diagnostic clarity make it an effective tool for both researchers and general users and provide reliable SSL/TLS validation in environments where conventional trust signals are unavailable or misleading.
References
D. Akhawe and A. Porter-Felt, “Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness,” in Proc. 22nd USENIX Security Symp., 2013.
S. Ali, T. Osman, M. Mannan, and A. Youssef, “On Privacy Risks of Public WiFi Captive Portals,” in Proc. 14th Int. Conf. Privacy, Security and Trust (PST), 2019.
J. M. Briones, M. A. Coronel, and P. Chavez-Burbano, “Case of Study: Identity Theft in a University WLAN—Evil Twin and Cloned Authentication Web Interface,” Int. J. Web Appl., vol. 5, no. 2, Jun. 2013.
P.-L. Wang, K.-H. Chou, S.-C. Hsiao, A. T. Low, T. H.-J. Kim, and H.-C. Hsiao, “Capturing Antique Browsers in Modern Devices: A Security Analysis of Captive Portal Mini-Browsers,” in Applied Cryptography and Network Security (ACNS 2023), Part I, K. Yoshioka, Y. Miyake, and R. Perdisci, Eds., Springer, pp. 260–283, 2023.
S. Fahl, M. Harbach, H. Perl, M. Koetter, and M. Smith, “Rethinking SSL Development in an Appified World,” in Proc. 2012 ACM Conf. Computer and Communications Security (CCS), 2012.
A. P. Felt et al., “Improving SSL Warnings: Comprehension and Adherence,” in Proc. 33rd Annu. ACM Conf. Human Factors in Computing Systems (CHI '15), pp. 2893–2902, 2015.
V. Gawde, “Understanding Captive Portal Attacks: Risks and Mitigation Strategies,” VulnerX Blog, 2024.
S. Sivakorn, I. Polakis, and A. D. Keromytis, “The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information,” in IEEE Symp. Security and Privacy (S&P), 2016.
J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor, “Crying Wolf: An Empirical Study of SSL Warning Effectiveness,” in USENIX Security Symp., 2009.
TLS-Scan Project, “TLS-Scan: A Lightweight Scanner for TLS Configurations,” GitHub Repository, 2022.
Wireshark Foundation, “Wireshark User Guide: Troubleshooting SSL/TLS Connections,” Wireshark Documentation, 2024.
