4

I was reading this fascinating answer and was puzzled by the fact that every time I entered the neverssl.com webpage it redirects me to a seemingly random subdomain. For example, the landing page is always something like http://bcdfhkmlnvtxwrzs.neverssl.com/online. I also noticed that the redirect is done using javascript, since when I disable it stopped working.

So I am wondering how does redirecting to a random subdomain helps an user gets redirected to a captive portal, which is the only purpose of the website.

Improve this question

1 Answer 1

Reset to default
5

Intercepting-captive portals don't work if you try to access an HTTPS site. You will just get an SSL error page.

If you access a website through plain HTTP and not HTTPS, one thing the site can do is include a HSTS header. This will make browsers always access through HSTS and never try HTTP.

This means it's possible your browser will never see the captive portal page and therefore won't be able to sign on to it.

The purpose of this site is to provide a page that doesn't have an HSTS header so it will always redirect to a captive portal if needed.

The random URLs are to defeat your browser from trying to load the page from cache. Since your browser has never seen the URL before it will always try to get the page from the network, and therefore give the captive portal a chance to work.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .