The present disclosure relates to a technique based on Machine-learning to fingerprint and classify Access Points (AP), using HyperText Transfer Protocol (HTTP) information. Fingerprint and classify Access Points are useful to detect if the AP is benign or malicious, to assess the potential trustworthiness of an AP to the user, to detect AP type, to detect AP infrastructure, to infer an AP web-service software type and version, to detect if AP is software-based or hardware-based, to detect AP running services, to detect AP network configuration, to detect specific malicious tools that are used by attackers to emulate an AP, to detect Fake AP attack, Phishing attacks, Evil Twin Attacks, and any other threats that modify or implement an AP HTTP server or webpage. The proposed technique makes advantage of the captive portal detection packet exchange between a station and an Access Point to passively classify the AP.