REPRODUCIBILITY: always
OS VERSION: 4.5.0.24
HARDWARE: xperia 10 ii
UI LANGUAGE:german
REGRESSION: unkbown

DESCRIPTION:

when flying lufthansa, in-flight wifi (flynet) should be connectable and allow to browse

PRECONDITIONS:

be on a lufthansa flight where the inflight wif is provided (flynet)

STEPS TO REPRODUCE:

1. start wifi
2. connect to flynet

EXPECTED RESULT:

thw connection logs you in and browsing is possible

ACTUAL RESULT:

currebtly the login process is stuck on the login popup (see screenshot)

Bildschirmfoto_20240105_0011080×2520 58 KB

MODIFICATIONS:

ADDITIONAL INFORMATION:

Mostly it helps to point your browser to your IPv4 Gateway.
You’ll find the address under settings, WiFi and then details for the current network.

https://neverssl.com is another alternative.

Sure thing, but the page / location depicted in the screenshot does not move forward, nor can you exit it easily. This used to work.

Does this mean its because of https?

You have to close this captive portal window and start regular web browser and follow advices.

Indeed, but there’s no way to close it?

Surely the app/tab can be closed. Then point a web browser, possibly a different one, to the addresses suggested.

I do not know what you mean. It closes as every other app. I do it every time if captive portal doesn’t work as is suppose to.

So let me guess;

• I try to connect to the web
• I’d expect the connection attempt to go through
• instead, i end on a dead page posting a link to somewhere, which if entered in a browser won’t work.
• but in reality, to get out of this, and be able to connect, Id need to collect info from the net settings, and use that from a browser ( a different one than the stock one)?

As a user, am I supposed to understand this from the page itself, in its current, minimalistic form?
Rather, it would be great if the page in question would at least have this info in it

I know guys you are trying to help fixing things; but trust me, im not in the plane anymore the time has passed :).

Yes, but you can use the info from net settings (gateway ip address) or use neverssl.com address. Should it doesn’t work this is mean that you use non standard DNS system you should use expected one.

I get that, thanks. But why not add this info in that popup page as well, as an improvement ?
These solutions are perhaps good kludges, but definitely not a silver bullet…

EDIT : using http is a bad idea (as the guys state on the neverssl.com).
Also, if I am not connected to Wifi, how can I use DNS?

The magical captive portal thing you get doesn’t show up on all captive portals.
And of course it should not be broken, but we have an old browser and they probably did something really silly on the web page.
It should just work™, but when it doesn’t these are normal things you can do.
Your silver bullet is flypig doing the browser/webview uplift.

And if you keep reading you find that the whole point of the page is to be susceptible to what is effectively DNS spoofing to shove the login page in your face. (And other similar debugging uses).
You are not really meant to interact with neverssl itself, and it’s not like it is your bank anyway… some publicly available text going unencrypted never hurt anyone.

But you are! They are just not routing your traffic to the actual internet yet.

Perhaps. Unfortunately I wasnt keen to investigate more (thats not my job). Aint but a simple user

Captive portals routinely break for me (or my family), maybe cause, linux? I don’t mean on the phone, I mean, generally. Ubuntu, *bsd, android. A lot of them are based on old ‘radius’ server recipes designed by neanderthals (like me). The SFOS old whatever is not likely the cause. The ‘as only tested on a limited number of devices’ cause is more likely. I’m frankly surprised they ever work. And when they do, I hope to not be flying on an airplane.

Using combination or/and:

1. IP number of gateway or any IP from subnet
2. neverssl.com
3. setting G… DNS IP 8.8.8.8 in /etc/resolv.conf
   I’m always able to break trough.

Too much work. You lost me at IP number. Thanks for the detailed steps.

Heh. Port scan for a radius server (UDP/1812/13, UDP/1645/46 auth) . Use ™ vuln in said server. Administrate server