tag:blogger.com,1999:blog-3993498847203183398.post3537538169360135252..comments2024-03-28T09:19:27.451+00:00Comments on RevK<sup>®</sup>'s ramblings: Damn WiFi captive portalsRevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-3993498847203183398.post-66509223866219002922014-04-30T15:32:30.856+01:002014-04-30T15:32:30.856+01:00So proxy the page and redirect would work, yes?
b...So proxy the page and redirect would work, yes?<br /><br />btw I hate blogger's useless reply as - If I'm not logged in and my gmail user isn't displayed and I click publish it blanks out my reply and doesnt' tell me if it's submitted the message. iirc we get an 'awaiting moderation' type message. That's why you might be gettng 2 posts of all my comments because I've no idea if they've been sent for moderation or blogger has just cast them aside...<br /><br />Fuzzycathttps://www.blogger.com/profile/02901559831822343219noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-36845850151731145172014-04-30T15:29:20.946+01:002014-04-30T15:29:20.946+01:00So proxy the target page and redirect would work, ...So proxy the target page and redirect would work, yes?<br /><br />Fuzzycathttps://www.blogger.com/profile/02901559831822343219noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-82205977576587797992013-01-02T04:08:08.249+00:002013-01-02T04:08:08.249+00:00I appreciate that it intercepts all traffic not a ...I appreciate that it intercepts all traffic not a specific page - my point was that if someone does want to have a "pop-up", then directing a specific page (using DNS or IP) is a lot simpler than redirecting all pages, and can also be done in cases where you don't want to block access in the first place, just have a "welcome" splash screen when you connect using a simple local DNS override for one specific page.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-15835567945071035912013-01-01T23:56:36.475+00:002013-01-01T23:56:36.475+00:00It doesn't quite work how you describe it - th...It doesn't quite work how you describe it - this is the WISPr protocol. When the device connects to the wifi, it makes a web request (yes, the idevices make a request to apple.com, but they don't have to - it could be any web page). If you're behind a captive portal, the portal issues a redirect to a page with some embedded XML (that's the WISPr bit) and the normal captive portal login page. You log in as normal and the device scrapes your login credentials from the POST (yes, yuck!) and caches them, so the next time you end up behind that portal, instead of popping up the login page it automatically posts your credentials to the place the XML told it to.<br /><br />The usual way to handle this is with a transparent proxy - when you're not logged in, that intercepts *all* your web requests and redirects them to the portal login page (so it doesn't matter what page the device requests, it'll always be redirected to the portal). However, there is no reason why you can't futz with the DNS server that's handed out by DHCP and have it intercept all DNS requests and redirect them. However you do it, you still need to block traffic at the IP level anyway, of course.<br /><br />As for re-requesting the auth every time you connect to the network, I imagine that means that BT have buggered up the WISPr XML.<br /><br />I've recently spent a *lot* of time faffing with WISPr as a result of Apple's complete failure to properly support standard authenticated proxy servers on iOS - iOS provides a nice place to set your proxy address and login credentials, but very few apps bother to use them properly - I've seen any combination of:<br />1. Working properly.<br />2. Using the proxy but still popping up an authentication box, even though the auth credentials are set.<br />3. Completely ignoring the proxy settings entirely.<br />4. Sending broken authentication credentials (for example, the ebay app sends your username as your password!)<br /><br />(1), (2) and (3) are all observed in the standard Apple apps that ship with the devices, as well as third party apps. In the case of (2) you get a separate auth dialogue box for every application, since the cached credentials aren't shared between them.<br /><br />Not being able to authenticate a device is a complete pain in a corporate environment, so we settled on the idea of using the WISPr protocol. This is a protocol that was invented and documented by Apple, but the documentation is no longer officially available because it is so patent encumbered. However, unavailable documentation isn't really a big deal since it appears that Apple's implementation doesn't even follow their own documented protocol specs, yay!<br /><br />(And no, Google aren't a lot better either)Steve Hillhttps://www.blogger.com/profile/09798286430189689578noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-15139198463772005162012-12-28T12:24:11.987+00:002012-12-28T12:24:11.987+00:00I only use Wi-Fi hotspots if I'm really down o...I only use Wi-Fi hotspots if I'm really down on my luck.<br /><br />I tend to use my 3 One Plan service, tethered, since they seem to have coverage almost everywhere anyhow, and only resort to Wi-Fi if they and T-Mobile can't muster up some coverage.<br /><br />My favourite Wi-Fi fail was the O2 hotspot - they were recently added to a lot of Costa outlets, where some had previously had a perfectly usable "The Cloud" service. To register on O2 Wi-Fi you first had to provide your details including a mobile number where they would text you a code to complete registration (a one time thing I believe)<br /><br />Um... yeah except the whole reason I had reverted to Wi-Fi was that this outlet had zero mobile coverage on any network. So I couldn't use the Wi-Fi at all. Think that trumps your "captive portal" for annoyance!<br />The Backup Exec Goathttps://www.blogger.com/profile/16532538047698437455noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-46350831647671318092012-12-27T15:22:38.007+00:002012-12-27T15:22:38.007+00:00Coming Soon, AAWIFI?Coming Soon, AAWIFI?Chad Hhttps://www.blogger.com/profile/06466797076721870606noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-87046918368046853372012-12-24T14:56:07.668+00:002012-12-24T14:56:07.668+00:00Yes, fairly similar:
https://github.com/android/pl...Yes, fairly similar:<br />https://github.com/android/platform_frameworks_base/blob/master/core/java/android/net/CaptivePortalTracker.java<br />It basically checks that http://clients3.google.com/generate_204 gives it a 204 (no content).<br /><br />I quite like the way the Tube wifi works at the moment -- non-HTTP just works so background syncing happens without any interaction, but on visiting a HTTP site it gives you a banner.dghttps://www.blogger.com/profile/12663411269941106292noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-52231819659482031202012-12-23T14:57:51.050+00:002012-12-23T14:57:51.050+00:00Depends on the provider/location.
For instance th...Depends on the provider/location.<br /><br />For instance the BT openzones in Starbucks popup a captive portal that you *Can* login to with your openzone credentials but it's a bit pointless seing as Starbucks have opted to make it free you can just hit the connect button on the portal and it goes straight through anyway...<br /><br />Some operators have an App for the iDevice that automates the login process, I have one from my mobile carrier that works on the Paid Openzone hotspots (although for some reason my credentials don't work for the "Fon" style ones)<br /><br />The Cloud is a bit of a weird one as if you are a Sky Broadband customer you can register your device with Sky and it will authenticate using the Mac address (Secure... NOT) but you will still get the captive portal, but it will basically say "you are now online with sky click here to continue" instead of prompting for authentication.<br /><br /><br /><br />Dragonhttps://www.blogger.com/profile/00022860954210501938noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-40865434601227859372012-12-23T14:50:03.981+00:002012-12-23T14:50:03.981+00:00It was one password for all!It was one password for all!RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-81445954857572577242012-12-23T14:05:49.672+00:002012-12-23T14:05:49.672+00:00The problem with just handing guests a WPA2 pass i...The problem with just handing guests a WPA2 pass is that you don't keep track of who's using your connection, so if someone does bad things, it's very hard to trace it back to who did it.<br /><br />My understanding of the various systems employed by the Cloud, BTOpenzone, O2 wifi, etc, is that they actually track who is using the connection.<br /><br /><br />But so many such things rarely work, I have frequent trouble with them. The most common one, oddly, seems to be that I connect to the open network, then my phone sits on "obtaining IP address" for ages and gives up, retries, fails, etc. Making it seem like there's a DHCP problem somewhere. But I've been in situations where it works for some devices but not others. Odd.Phil Vealehttps://www.blogger.com/profile/16898488623416029658noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-14598678619450526492012-12-23T00:59:31.169+00:002012-12-23T00:59:31.169+00:00Android (Jelly Bean) does something similar.. prom...Android (Jelly Bean) does something similar.. prompts you to log into public wifi. Always thought it was an RFC because it brought up the right login page - your explanation is probably what it's doing though.]<br /><br />The ones I've used (O2 and Purple Wifi) remember your phone for a while so if you lose connection you're still logged in.<br />Tony Hoylehttps://www.blogger.com/profile/06485210895681350152noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-89168298291753535592012-12-22T19:43:42.499+00:002012-12-22T19:43:42.499+00:00Well if you will insist on using these hideous fre...Well if you will insist on using these hideous free wifi things - who knows, it might have been a rogue sat nearby with a wireless AP attempting to be a man-in-the-middle to harvest your login credentials - you get all you deserve :)<br /><br />I'd have thought a man like yourself would do all in his power not to use such things (especially a BT service) - I know I do, I like to know where my data is going.The Driverhttps://www.blogger.com/profile/04561063207545406257noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-89072868072732316412012-12-22T14:55:53.960+00:002012-12-22T14:55:53.960+00:00Have you seen anyone using the 511 HTTP status cod...Have you seen anyone using the 511 HTTP status code for this?Stephen Lewishttps://www.blogger.com/profile/04557123623174902041noreply@blogger.com