undefined | Better HN

0 pointsinnocenat4y ago0 comments

> You are guaranteed to be able to try and resolve the domain, which should generally be enough for the crappy man-in-the-middle systems to work.

I have never seen any captive portal work at DNS level though (and that by itself sounds problematic). They works at HTTP level. So if one day example.com start using HSTS then it will also be a problem, in addition to nowadays browser defaulting to HTTPS so you have to type http://example.com yourself.

neverssl.com guarantees all of that, at least as long as it's there.

0 comments

2 comments · 2 top-level

Isthatablackgsd4y ago

> neverssl.com guarantees all of that, at least as long as it's there.

It didn't work for me when I tried to use it in the airport (DCA). I tried to get to the captive portal through Firefox and Vivaldi. It took a couple restart of my browser to managed to get to the captive portal. It is not guaranteed that it will work as in my case.

toast04y ago

Some of the captive portals I've run into do work at the DNS level, possibly tied to some other firewalling to prevent traffic leakage, I can't remember.

Those were pretty problematic, for all the reasons you're thinking... Better to use a hostname you're not hoping to actually use.

j / k navigate · click thread line to collapse