Logging in to captive portals

From Whonix

Logging in to captive portals[edit]

When Using VMs[edit]

Many publicly accessible Internet connections (usually available through a wireless network connection) require its users to register and login in order to get access to the Internet. This include both free and paid for services that may be found at Internet cafes, libraries, airports, hotels, universities etc. Normally in these situations, a so called captive portal intercepts any website request made and redirects the web browser to a login page. None of that works inside Whonix-Workstation ™, so a browser with unrestricted network access is necessary. The browser on the host operating system must be used for this purpose. Note that this means that the browser on the host is NOT anonymous, so use it carefully.

When Using Physical Isolation[edit]

There is no unsafe browser on Whonix-Gateway ™ installed by default. You could use a third machine, which has access to clearnet or boot the hardware which runs Whonix-Gateway ™ with another operating system (from USB), which is not torified.

Security recommendations[edit]

  • While this browser can be used unrestrictively for anything, it is highly recommended to only use it for the purpose stated above, i.e. to access and login on captive portals.
  • Do not run this browser at the same time as the normal, anonymous web browser. This makes it easy to not mistake one browser for the other, which could have catastrophic consequences for your anonymity.
  • Run this browser from a dedicated VM and lock it down with NoScript and isolation programs like FireJail (Linux only).

Unsafe Browser[edit]



This has to be done while you already/still have an internet connection. It cannot be done on the go when you need an internet connection since no unsafe browser is installed by default.

The following instructions are to be applied on Whonix-Gateway ™.

Configure user home of user clearnet to /home/clearnet as it is not set by Whonix default.

sudo usermod -m -d /home/clearnet clearnet

Create folder /home/clearnet.

sudo mkdir -p /home/clearnet

Set owner of folder /home/clearnet to be user clearnet.

sudo chown -R clearnet:clearnet /home/clearnet

Install a browser.

Install firefox-esr.

1. Update the package lists.

sudo apt-get update

2. Upgrade the system.

sudo apt-get dist-upgrade

3. Install the firefox-esr package.

sudo apt-get install firefox-esr

The procedure of installing firefox-esr complete.


Start bash as user clearnet. [1]

sudo --set-home -u clearnet bash

Change directory into user clearnet home folder.

cd ~

Start a browser.



In case you like to remove the unsafe browser, apply the following instructions.

Purge firefox-esr.

sudo apt-get purge firefox-esr


sudo apt-get autoremove

Delete Firefox data directory. Optional!

rm -r /home/user/clearnet/.mozilla/firefox


Whonix ™ Logging in to captive portals wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix ™ Logging in to captive portals wiki page Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP <>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.

Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

Check out the Whonix News Blog [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.

  1. The sudo --set-home parameter is important to prevent file permission issues since a GUI application is to be started under a different user account. Similar to GUI Applications with Root Rights. Quote sudo man page:

    -H, --set-home
    Request that the security policy set the HOME environment variable to the home directory specified by the target user's password database entry. Depending on the policy, this may be the default behavior.