{"id":24204658,"url":"https://github.com/sanjay7178/openfortiapauth","last_synced_at":"2026-06-06T04:31:38.017Z","repository":{"id":254463595,"uuid":"780874463","full_name":"sanjay7178/openfortiapauth","owner":"sanjay7178","description":"Open-source implementation for automatic Fortinet FortiAP (Captive Portal) client login.","archived":false,"fork":false,"pushed_at":"2024-08-30T16:01:05.000Z","size":3644,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-13T23:17:37.147Z","etag":null,"topics":["application","authentication","captive","captive-portal","cli","desktop","fortiap","fortinet","fortinet-firewall","go","openfortiapauth","portal","script"],"latest_commit_sha":null,"homepage":"https://apps.fyne.io/apps/com.sanjay7178.openfortiap.html","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sanjay7178.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-02T10:21:30.000Z","updated_at":"2024-09-27T15:41:47.000Z","dependencies_parsed_at":"2024-08-28T18:15:42.409Z","dependency_job_id":"892e3012-6182-4954-850a-d81c4291c62b","html_url":"https://github.com/sanjay7178/openfortiapauth","commit_stats":null,"previous_names":["sanjay7178/openfortiapauth"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanjay7178%2Fopenfortiapauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanjay7178%2Fopenfortiapauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanjay7178%2Fopenfortiapauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanjay7178%2Fopenfortiapauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sanjay7178","download_url":"https://codeload.github.com/sanjay7178/openfortiapauth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241669705,"owners_count":20000317,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application","authentication","captive","captive-portal","cli","desktop","fortiap","fortinet","fortinet-firewall","go","openfortiapauth","portal","script"],"created_at":"2025-01-13T23:17:44.436Z","updated_at":"2026-06-06T04:31:38.011Z","avatar_url":"https://github.com/sanjay7178.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv\u003e\n  \u003cimg src=\"Icon.png\" height=\"60px\" align=\"left\"\u003e \u003ch1\u003eopenfortiapauth\u003c/h1\u003e\n\u003c/div\u003e\n\n\nThis the repository maintained for fortinet captive port auto login to university/organisation intranet \nmade with [fyne.io](https://fyne.io) \n\n### Installation\nFind out the OS agnostic installation binaries at [latest release](https://github.com/sanjay7178/openfortiapauth/releases)\nor\nCheckout at [fyne app listing](https://apps.fyne.io/apps/com.sanjay7178.openfortiap.html)\n\n### Preview - Android\n\u003cimg src=\"https://raw.githubusercontent.com/sanjay7178/openfortiapauth/main/attachment/screenshot2.jpeg\" width=\"300\" height=\"600\" /\u003e\n### Fortinet FortiAP Captive Portal Auth - POC\n\nlogin Script \n\nExecution Policy Set \n```powershell \nSet-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser\npowershell -File auth.ps1\n```\n`auth.ps1` Script \n\n```powershell\n$FGT_IP = \"172.18.10.10\"\n$USERNAME = \"xxxxxx\"\n$PASSWORD = \"xxxxxx\"\n$SESSION_ID = \"3511041970b2f678\"\n\n$PostData = \"magic=$SESSION_ID\u0026username=$USERNAME\u0026password=$PASSWORD\"\n\n$RequestParams = @{\n    Uri = \"http://$FGT_IP`:1000/fgtauth\"\n    Method = \"Post\"\n    Body = $PostData\n    ContentType = \"application/x-www-form-urlencoded\"\n}\n\nInvoke-RestMethod @RequestParams\n```\n\nlogout script \n\n```bash\ncurl 'http://172.18.10.10:1000/logout?' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -H 'Priority: u=0, i'\n```\n\n```powershell\nInvoke-WebRequest -UseBasicParsing -Uri \"http://172.18.10.10:1000/logout?\" `\n-UserAgent \"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0\" `\n-Headers @{\n\"Accept\" = \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8\"\n  \"Accept-Language\" = \"en-US,en;q=0.5\"\n  \"Accept-Encoding\" = \"gzip, deflate\"\n  \"Upgrade-Insecure-Requests\" = \"1\"\n  \"Priority\" = \"u=0, i\"\n}\n```\n\nWindows POSIX CurRL\n```powershell\ncurl 'http://172.18.10.10:1000/logout?' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -H 'Priority: u=0, i'\n\n```\n- magic (session id) generation from FortiAP captive portal  \n![](attachment/2fbc6a552014ad356df36fbdb13fdbfc.png)\n\n- Upon Successful Auth with Fortinet FortiAP Endpoint got as `200` status code response ie.. with certain magic generated from endpoint\n- Observation : if we use the session again with the same magic you'll `444` status code    \n![](attachment/Pasted-image-20240821204218.png)\n- if the user the user logged w.r.t to FortiAP server side session will session will get generated with prior MAC address from host `NIC` and you will get auth session failed as html response\n![](attachment/18907e8911cdda8ee763d8298afd5966.png)\n\n\n\n\nReferences :\nhttps://docs.fortinet.com/document/fortiap/7.6.0/fortiwifi-and-fortiap-configuration-guide/292926/captive-portal-security\nhttps://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/8391206d-966e-11eb-b70b-00505692583a/FortiWiFi_and_FortiAP-7.0.0-Configuration_Guide.pdf\n\nClaude's Response :\n\n#curl #linux\n\nHere's a sample cURL script that you can use to configure an external captive portal:\n\n```bash\n#!/bin/bash\n\n# Set the necessary variables\nFGT_IP=\"your_fortigate_ip_address\"\nUSERNAME=\"your_username\"\nPASSWORD=\"your_password\"\nSESSION_ID=\"your_session_id\"\n\n# Construct the POST data\nPOST_DATA=\"magic=$SESSION_ID\u0026username=$USERNAME\u0026password=$PASSWORD\"\n\n# Send the POST request to the FortiGate\ncurl -X POST \\\n     -H \"Content-Type: application/x-www-form-urlencoded\" \\\n     -d \"$POST_DATA\" \\\n     \"https://$FGT_IP:1000/fgtauth\"\n```\n\nHere's how the script works:\n\n1. Set the necessary variables:\n   - `FGT_IP`: The IP address of your FortiGate device.\n   - `USERNAME`: The username to be authenticated.\n   - `PASSWORD`: The password to be authenticated.\n   - `SESSION_ID`: The session ID provided by the FortiGate in the initial request to the web server.\n\n2. Construct the POST data as per the format specified in your description: `magic=$SESSION_ID\u0026username=$USERNAME\u0026password=$PASSWORD`.\n\n3. Use the `curl` command to send the POST request to the FortiGate:\n   - `-X POST`: Specifies that this is a POST request.\n   - `-H \"Content-Type: application/x-www-form-urlencoded\"`: Sets the content type of the request to URL-encoded form data.\n   - `-d \"$POST_DATA\"`: Includes the POST data in the request body.\n   - `\"https://$FGT_IP:1000/fgtauth\"`: The URL to which the request is sent.\n\nMake sure to replace the placeholder values (`your_fortigate_ip_address`, `your_username`, `your_password`, and `your_session_id`) with the appropriate values for your setup.\n\nYou can save this script as a file (e.g., `captive_portal.sh`) and make it executable with the `chmod +x captive_portal.sh` command. Then, you can run the script using `./captive_portal.sh`.\n\n#windows #powershell \n\nHere's the PowerShell version of the cURL script to configure an external captive portal:\n\n```powershell\n$FGT_IP = \"your_fortigate_ip_address\"\n$USERNAME = \"your_username\"\n$PASSWORD = \"your_password\"\n$SESSION_ID = \"your_session_id\"\n\n$PostData = \"magic=$SESSION_ID\u0026username=$USERNAME\u0026password=$PASSWORD\"\n\n$RequestParams = @{\n    Uri = \"https://$FGT_IP`:1000/fgtauth\"\n    Method = \"Post\"\n    Body = $PostData\n    ContentType = \"application/x-www-form-urlencoded\"\n}\n\nInvoke-RestMethod @RequestParams\n```\n\nHere's how the PowerShell script works:\n\n1. Set the necessary variables:\n   - `$FGT_IP`: The IP address of your FortiGate device.\n   - `$USERNAME`: The username to be authenticated.\n   - `$PASSWORD`: The password to be authenticated.\n   - `$SESSION_ID`: The session ID provided by the FortiGate in the initial request to the web server.\n\n2. Construct the POST data as per the format specified in your description: `magic=$SESSION_ID\u0026username=$USERNAME\u0026password=$PASSWORD`.\n\n3. Create a hash table `$RequestParams` with the necessary parameters for the `Invoke-RestMethod` cmdlet:\n   - `Uri`: The URL to which the request is sent.\n   - `Method`: Specifies that this is a POST request.\n   - `Body`: Includes the POST data in the request body.\n   - `ContentType`: Sets the content type of the request to URL-encoded form data.\n\n4. Use the `Invoke-RestMethod` cmdlet to send the POST request to the FortiGate.\n\nMake sure to replace the placeholder values (`your_fortigate_ip_address`, `your_username`, `your_password`, and `your_session_id`) with the appropriate values for your setup.\n\n\nYou can save this script as a PowerShell script file (e.g., `captive_portal.ps1`) and run it using the `./captive_portal.ps1` command.\n\nIt seems like you're trying to run the PowerShell script, but you're getting an error message saying that the script file is not recognized. Here are a few things you can try to resolve the issue:\n\n1. **Check the script file name**: Ensure that the file name you're trying to run is correct. In the example, the script file is named `captive_portal.ps1`, not `auth.ps1`. Make sure you're running the correct file name.\n\n2. **Check the file path**: Verify that the script file is located in the correct directory. In the example, the script is being run from the `C:\\Users\\VIT-AP\\Desktop` directory. Ensure that the script file is in this directory or update the file path accordingly.\n\n3. **Run the script with the full file path**: Instead of just running the script name, try running the script with the full file path. For example:\n\n   ```\n   C:\\Users\\VIT-AP\\Desktop\u003epowershell -File C:\\Users\\VIT-AP\\Desktop\\captive_portal.ps1\n   ```\n\n   This should run the script regardless of your current working directory.\n\n4. **Check the script execution policy**: PowerShell has a script execution policy that might be blocking the script from running. You can check the current policy by running the following command:\n\n   ```\n   Get-ExecutionPolicy\n   ```\n\n   If the policy is set to `Restricted`, you'll need to change it to allow script execution. You can do this by running the following command:\n\n   ```\n   Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser\n   ```\n\n   After changing the execution policy, try running the script again.\n\nIf you're still facing issues, double-check the script content and make sure that the variable values are correctly set.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsanjay7178%2Fopenfortiapauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsanjay7178%2Fopenfortiapauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsanjay7178%2Fopenfortiapauth/lists"}