Home » IT & Tech Blogs » Information Technology » Bypass an airport wireless LAN

Bypass an airport wireless LAN

Supposedly you can bypass the airport wireless lan by adding a ? to the extension (ex. ?.jpg).

A guest who discovered this vulnerability writes:

“I found that I could easily visit sites like slashdot, google, or even this weblog, when adding a ?.jpg at the end of the url. The next logical step was to automate that. I downloaded greasemonkey.xpi?.jpg (*g*) and wrote a 4 line js script that would add ?.jpg to every link in a document. That way I was able to browse most sites without a hassle. Unfortunately, I didn’t get to explore this vulnerability much more, because I had to board the airplane, were I waited another 3 hours due to a mechanical failure – without WLAN.”

Why does this work?

Most probably the blocker is designed to let images through, maybe because they are hotlinking some images on the page where they ask for you to login.

Appending ?.jpg to the URL makes the blocker think that the URL is an image. On the other hand, anything after the ? doesn’t change the actual webpage requested, it only changes the GET headers. (so http://google.com/?.jpg and http://google.com/ give the same page).

Note that if there already is a query string in the URL (something after a question mark), then you must use &.jpg instead of ?.jpg, as only the first question mark is considered for making a query string (the second question mark is considered as part of the data, generally, and this may lead to you getting the wrong page)

Basically, when you fetch a page, you can provide additional data to the server (which can then send you a custom page dependant on your data). There are two ways of doing this: a GET request and a POST request. A GET request puts the data in the URL itself, a POST request sends in in a more subtle, ‘hidden’ way. Here is an example GET request on the “ask question” page of SuperUser. A note: it is not necessary that there is data when you use a GET request. When you fetch a normal webpage, that is also a GET request, without data.

Note that this does not work on all services, just particularly poorly implemented ones

Check Also

ITproblems 310x165 - 8 Most Common IT Problems for Small Businesses and How to Solve Them

8 Most Common IT Problems for Small Businesses and How to Solve Them

Listen to Audio Annoying IT problems don’t always require complicated solutions. Optimize your small business …

Do NOT follow this link or you will be banned from the site!