Captive Portals have been implemented with the widespread adoption of public Wi-Fi to ensure appropriate network usage and protect it from malicious users. A Captive Portal is a mechanism that restricts or limits external communication until tasks such as user authentication or registration are completed when a device connects to the network. Under certain acceptable conditions, this paper proposes a new Manin-the-Middle (MitM) attack that exploits this Captive Portal to circumvent SSL/TLS communication, enabling eavesdropping and tampering with communication content. While many existing studies have discussed methods of eavesdropping and tampering with communications using Captive Portal as a starting point, the technique proposed in this paper is novel as it focuses on the screen transition behavior after authentication within the Captive Portal to initiate the MitM attack. Furthermore, our proposed method does not require specific constraints on the victim’s device or its operating system, putting virtually all devices using public Wi-Fi at risk. Additionally, an attacker can carry out the attack using only the tool developed in this study and an Access Point equipped with Captive Portal functionality, making implementation straightforward. To demonstrate the effectiveness and practicality of this attack method, we conducted evaluation experiments on various HTTPS-enabled websites in live operation. As a result, we confirmed that the attack proposed in this paper can successfully circumvent SSL/TLS communication without detection by the victim, enabling eavesdropping and tampering with communication content.