Most solutions to circumvent the captive portals used in services $7 airport wireless involve sniffing the network and authenticated MAC address spoofing. I came across an old post from 2006 by Felix Geisenda¶rfer who discovered that some of these proxy systems are configured to allow images via prior to payment.
It is without doubt to allow external Imaging custom and tracking bugs to be accessible during the process of connecting Google analytics. The funniest is that the proxy allows the files via a comparison of strings on the requested URL-based, and it is easy to fool.
Without any hope of success, I typed http://www.google.com/.jpg in the address bar of my browser, and much to my surprise, I saw the page that you see when you follow the link now. The next thing that I typed in: http://www.google.com/?.jpg, but that didn't work. But I am and found that the url as http://www.google.com/search?.jpg worked like a charm. I found that I could easily visit sites like slashdot, google or even this blog, when you add one?JPG at the end of the url. The next logical step is to automate that. I downloaded greasemonkey.xpi?jpg (* g *) and wrote a 4-line js script which would add?jpg to each link in a document. In this way, I was able to browse most sites without hassle.
I wonder how prolific this gap. Next time you're in an airport or a hotel, give it a shot and let us know how it works for you.
Hacking a commercial airport WLAN
No comments:
Post a Comment