wireless networking - How can I obtain login credentials for ISPs that have WiMAX publib access points?

08
2013-08
  • CheeseConQueso

    I'm using a computer that is connected to an SSID named "xfinitywifi". I'm almost positive that it is a public wimax access point, but I don't think that information is relevant to this question.

    It is one of those ISP services that has public wifi access points for paying customers to use out in public. At some point, someone had used my laptop to sign into his/her XFINITY account so that he/she could access the internet.

    There are many more ISPs that provide this: public wifi service. For example, Comcast, XFINITY, Time Warner, etc... I always notice them when I forget to turn my Android wifi antenna off and they pop up on my list of access points while I'm driving around. Also, I've noticed that they all seem to have the same authentication methods as described below:

    • Anyone with a wifi connection can log onto the wireless access point (WiMAX)
    • Customers who are currently paying for this service (and more than likely, their sister's boyfriend's uncle's best friend too) and probably customer service employees, administrators, open up a web browser.
    • The browser redirects them to a login page - like this one or like this one - where they are authenticate their accounts with their credentials
    • After the user enters his/her credentials on the authentication screen, they are free to browse the internet.

    So, my main question

    If someone logs me into one of these services, is there any way that I can retrieve the credentials they used to initially log in past the authentication page?

    I'm aware that I could run a key-logger on my computer and ask them to log me in, or I can use a packet sniffer in a public place that offers these wimax hotspots and wait for someone to log in.

    What I'm wondering is if there is a legal way - similar to how I would get a wifi password by managing my wireless networks on my computer.

    Is this possible in any legal manner without directly asking someone for their credentials?

    Any help is much appreciated in advance.

    Thanks

    • Answers
  • TomEus

    The only "legal" way is to ask the person for that credentials - however keep in mind that most companies will limit the number of devices that can connect to the WiFi under 1 account. So most likely when you use it, they will get kicked out or vice versa.

    There are many ways how to get the password, you mentioned some of them. In addition you could run some of the "password reveal" programs (depending on Windows version).

    But keep in mind that none of that is legal. By the basic definition of the law, you are not allowed to poses credentials that don't belong to you and even further more you would be committing theft of bandwidth if you would use the credentials, unless you are the person authorized to do so.

    Simply - don't do this and connect to open WiFi APs only or get your own account.


    • Related Question

    Bypassing Router's DNS Settings
  • Ramon Marco Navarro

    Is there a way to bypass my ISP provided CPE/router's DNS settings? I'd like to use OpenDNS but I am unable to access the administrator acount of the CPE. I tried logging in using the default passwords (admin/admin, admin/1234, etc) to no avail.

    I found out later that the admin password is generated using a generator where you input the CPE's MAC address. I tried emailing the manufacturer of the CPE (Huawei, the CPE is Huawei BM625) and my ISP but they aren't replying. I also saw similar queries (lots of them!) at Huawei's forums, without a single reply.

    So as a last resort, I'd like to know a way to bypass the CPE's DNS settings.

    My subscription is for a WiMAX service. I'm using Windows 7 and have already set the DNS settings for the Local Area Connection:

    enter image description here

    However I still am not seeing the "You are already using OpenDNS" text at OpenDNS's site.

    And when explicitly using the OpenDNS servers I still seem to get 208.69.38.150 rather than the expected 208.69.38.160:

    nslookup www.opendns.com. 208.67.222.222

  Server: resolver1.opendns.com
  Address: 208.67.222.222 

  Non-authoritative answer:
  Name: www.opendns.com
  Address: 208.69.38.150

    • Related Answers
  • 8088

    When visiting their website, OpenDNS determines if you're using their services by checking the IP address you've requested.

    When asking my default DNS, www.opendns.com refers to IP address 208.69.38.150:

    dig www.opendns.com

  [..]
  www.opendns.com.      30  IN  A   208.69.38.150
  [..]

    Asking their DNS, www.opendns.com yields another IP address, 208.69.38.160:

    dig @208.67.222.222 www.opendns.com

  [..]
  www.opendns.com.      30  IN  A   208.69.38.160
  [..]

    Until the end of October 2009, browsing to http://208.69.38.160 would always show:

    OpenDNS - Manage your DNS settings - You're using OpenDNS!

    But http://208.69.38.150 would always tells you:

    OpenDNS - Start using OpenDNS - It's free.

    Beware: Since OpenDNS has introduced payed plans mid-October 2009, the homepage no longer clearly states one is already using OpenDNS! Instead, it always shows:

    OpenDNS trickery

    (Maybe this will be changed back some day. To me, this new website feels a bit like tricking people into getting a paid account. Even signing up for the free "OpenDNS Basic" gets one to the Store nowadays, while actually to just use the OpenDNS servers one does not need an account to start with. But true, they do state "A store for free? [..] And don't worry, if you aren't using the paid service we won't ask for a credit card or anything like that.")

    The different IP addresses are still used, so, if any of the following commands shows 208.69.38.160, then you're using OpenDNS:

    • dig www.opendns.com
    • ping www.opendns.com
    • nslookup www.opendns.com
    • host www.opendns.com

    As your computer may have remembered that www.opendns.com refers to 208.69.38.150, you might indeed need to run ipconfig /flushdns (or dscacheutil -flushcache on Mac OS X) like Svish commented.

  • Wade Williams

    You don't list your host platform, but some hosts such as Linux have configuration files which will allow you to override or ignore what settings are coming from DHCP.

    Post your host platform(s) and more help can be provided.

  • EvilChookie

    You should be able to do this without any problems.

    The process will vary depending on your operating system and your exact configuration. OpenDNS themselves have the best instructions for your computer. Just pick your operating system, and you should be right to go!

    When you manually specify a DNS server setting, most operating systems will ignore whatever is set by your modem / router, and use your manual setting instead.

  • Brian Knoblauch

    Some ISPs proxy DNS requests and redirect any for outside DNS servers to their own DNS servers. So, it may not be possible

  • jfmessier

    If you use the "nslookup" command, you will get a > prompt, where you can specify a DNS server of your choice. Use the "server" command, followed by either a hostname or an IP address of the server of your choice, such as the ones from OpenDNS. I do not think that your ISP will proxy the DNS requests. However, your country border routers may block access to foreign DNS servers, and if not blocking the access to DNS servers, can block access to the actually returned IP address from your chosen DNS.

    In other words, there are different ways that you can be blocked from using other DNS servers from your internet connection, but usually, this is not a problem.