From owner-freebsd-mobile@FreeBSD.ORG Fri Dec 20 00:33:07 2013 Return-Path: Delivered-To: freebsd-mobile@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 33962CA8 for ; Fri, 20 Dec 2013 00:33:07 +0000 (UTC) Received: from mail.ultra-secure.de (mail.ultra-secure.de [78.47.114.122]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 546C21863 for ; Fri, 20 Dec 2013 00:33:05 +0000 (UTC) Received: (qmail 62599 invoked by uid 89); 20 Dec 2013 00:23:22 -0000 Received: from unknown (HELO ?192.168.1.201?) (rainer@ultra-secure.de@217.71.83.52) by mail.ultra-secure.de with ESMTPA; 20 Dec 2013 00:23:22 -0000 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: Wifi && connect from Android YourFreedom App (a bit OT) From: Rainer Duffner In-Reply-To: Date: Fri, 20 Dec 2013 01:23:18 +0100 Message-Id: References: <20131218122702.GA1609@tiny-r255948> To: Lars Engels X-Mailer: Apple Mail (2.1827) Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: freebsd-mobile@freebsd.org X-BeenThere: freebsd-mobile@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mobile computing with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2013 00:33:07 -0000 Am 18.12.2013 um 15:06 schrieb Lars Engels : > Am 2013-12-18 13:27, schrieb Matthias Apitz: >> Hello, >> I returned last night from Havana, Cuba. They have now Wifi in the >> hotels and my FreeBSD netbook (10-CURRENT) connected fine, on start = of >> WPA you get an IP addr by DHCP and the first page in a browser (FF = 24.0) >> re-directed you to a page to enter the credentials (login, password = for >> around 4 USD per hour); a lot of cubans were sitting around with = their >> laptops and Android based tablets using the Wifi zone of the hotel; >> I talked to someone and he said he was using some App 'Your Freedom' >> (or something like that) and was not asked for credentials to connect >> to his Facebook account, etc. This surprised me a bit, how this could >> work technically, and that's why I wanted to ask it here: how this = could >> bypass the credential page, because I could not route traffic through >> the assigned IP on the WLAN interface without passing the credential >> page... how this could work with this App? My interest is only >> technically or due to the surprise, I do not want to use such trick = on >> FreeBSD and I do not have any Android device. >=20 >=20 > It's possibly tunneled via port 53 (DNS)? Most likely, yes. Professional penetration testers have whole suite of programs that allow = them to tunnel all kinds of stuff front and back through firewalls that = allow random outgoing DNS traffic. I=92ve never tried them myself, but I imagine it=92s a bit slow. But fast enough to siphon data out...