illmob.org

Free airport WiFi

August 22nd, 2008 by Dev Team in News, Wireless

Most solutions for getting around the captive portals used in $7 airport wireless services involve sniffing the network and spoofing authenticated MAC addresses. An old post from 2006 by Felix Geisendörfer who discovered that some of these proxy systems are set up to allow pictures through before payment.

Presumably this is to allow external custom imagery and analytics tracking bugs to be accessed during the sign-in process. The funny thing is that the proxy allows files through based on a string comparison on the requested URL, and it’s easily fooled.

Without any hope of success I typed http://www.google.com/.jpg into my browser’s adress bar, and to my big surprise I saw the page you see when you follow the link right now. The next thing I typed in was: http://www.google.com/?.jpg but that didn’t work. But I went on, and found that url’s like http://www.google.com/search?.jpg worked like a charm. I found that I could easily visit sites like slashdot, google, or even this weblog, when adding a ?.jpg at the end of the url. The next logical step was to automate that. I downloaded greasemonkey.xpi?.jpg (*g*) and wrote a 4 line js script that would add ?.jpg to every link in a document. That way I was able to browse most sites without a hassle.

I wonder how prolific this loophole is. Next time you’re in an airport (or a hotel), give it a shot and let us know how it works for you.

SOURCE: Hacking a commercial airport WLAN

Leave a reply