I'm using a computer that is connected to an SSID named "xfinitywifi". I'm almost positive that it is a public wimax access point, but I don't think that information is relevant to this question.
It is one of those ISP services that has public wifi access points for paying customers to use out in public. At some point, someone had used my laptop to sign into his/her XFINITY account so that he/she could access the internet.
There are many more ISPs that provide this: public wifi service. For example, Comcast, XFINITY, Time Warner, etc... I always notice them when I forget to turn my Android wifi antenna off and they pop up on my list of access points while I'm driving around. Also, I've noticed that they all seem to have the same authentication methods as described below:
- Anyone with a wifi connection can log onto the wireless access point (WiMAX)
- Customers who are currently paying for this service (and more than likely, their sister's boyfriend's uncle's best friend too) and probably customer service employees, administrators, open up a web browser.
- The browser redirects them to a login page - like this one or like this one - where they are authenticate their accounts with their credentials
- After the user enters his/her credentials on the authentication screen, they are free to browse the internet.
So, my main question
If someone logs me into one of these services, is there any way that I can retrieve the credentials they used to initially log in past the authentication page?
I'm aware that I could run a key-logger on my computer and ask them to log me in, or I can use a packet sniffer in a public place that offers these wimax hotspots and wait for someone to log in.
What I'm wondering is if there is a legal way - similar to how I would get a wifi password by managing my wireless networks on my computer.
Is this possible in any legal manner without directly asking someone for their credentials?
Any help is much appreciated in advance.
Thanks
Is this possible in any legal manner without directly asking someone for their credentials?