web analytics
Saturday , 10 December 2016
Latest
Home » IT and Tech Blogs » Information Technology » Bypass an airport wireless LAN

Bypass an airport wireless LAN

Supposedly you can bypass the airport wireless lan by adding a ? to the extension (ex. ?.jpg).  A guest who discovered this vulnerability writes:

I found that I could easily visit sites like slashdot, google, or even this weblog, when adding a ?.jpg at the end of the url. The next logical step was to automate that. I downloaded greasemonkey.xpi?.jpg (*g*) and wrote a 4 line js script that would add ?.jpg to every link in a document. That way I was able to browse most sites without a hassle. Unfortunately, I didn’t get to explore this vulnerability much more, because I had to board the airplane, were I waited another 3 hours due to a mechanical failure – without WLAN.

Why does this work?

Most probably the blocker is designed to let images through, maybe because they are hotlinking some images on the page where they ask for you to login.

Appending ?.jpg to the URL makes the blocker think that the URL is an image. On the other hand, anything after the ? doesn’t change the actual webpage requested, it only changes the GET headers. (so http://google.com/?.jpg and http://google.com/ give the same page).

Note that if there already is a query string in the URL (something after a question mark), then you must use &.jpg instead of ?.jpg, as only the first question mark is considered for making a query string (the second question mark is considered as part of the data, generally, and this may lead to you getting the wrong page)

Basically, when you fetch a page, you can provide additional data to the server (which can then send you a custom page dependant on your data). There are two ways of doing this: a GET request and a POST request. A GET request puts the data in the URL itself, a POST request sends in in a more subtle, ‘hidden’ way. Here is an example GET request on the “ask question” page of SuperUser. A note: it is not necessary that there is data when you use a GET request. When you fetch a normal webpage, that is also a GET request, without data.

Source: Debuggable

Note that this does not work on all services, just particularly poorly implemented ones
Any other comments or pointers? Please leave in the comments section below:

Comments

comments

Support us!

If you like this site please follow us and click on any of these buttons!

Powered by WordPress Popup