0

I'm using a computer that is connected to an SSID named "xfinitywifi". I'm almost positive that it is a public wimax access point, but I don't think that information is relevant to this question.

It is one of those ISP services that has public wifi access points for paying customers to use out in public. At some point, someone had used my laptop to sign into his/her XFINITY account so that he/she could access the internet.

There are many more ISPs that provide this: public wifi service. For example, Comcast, XFINITY, Time Warner, etc... I always notice them when I forget to turn my Android wifi antenna off and they pop up on my list of access points while I'm driving around. Also, I've noticed that they all seem to have the same authentication methods as described below:

  • Anyone with a wifi connection can log onto the wireless access point (WiMAX)
  • Customers who are currently paying for this service (and more than likely, their sister's boyfriend's uncle's best friend too) and probably customer service employees, administrators, open up a web browser.
  • The browser redirects them to a login page - like this one or like this one - where they are authenticate their accounts with their credentials
  • After the user enters his/her credentials on the authentication screen, they are free to browse the internet.

So, my main question

If someone logs me into one of these services, is there any way that I can retrieve the credentials they used to initially log in past the authentication page?

I'm aware that I could run a key-logger on my computer and ask them to log me in, or I can use a packet sniffer in a public place that offers these wimax hotspots and wait for someone to log in.

What I'm wondering is if there is a legal way - similar to how I would get a wifi password by managing my wireless networks on my computer.

Is this possible in any legal manner without directly asking someone for their credentials?

Any help is much appreciated in advance.

Thanks

Improve this question
5
  • If it was legal, why don't you just ask them for the credentials ;)
    – Scott Chamberlain
    Commented Jun 13, 2013 at 6:59
  • If you started to read this question, why don't you just finish reading it? 3rd line from bottom: Is this possible in any legal manner without directly asking someone for their credentials?
    – CheeseConQueso
    Commented Jun 13, 2013 at 18:44
  • I did read it, and I agree with TomEus. Any way of getting someone else's credentials without their knowledge or permission is not legal.
    – Scott Chamberlain
    Commented Jun 13, 2013 at 18:46
  • I meant "is there any legal way besides directly asking them
    – CheeseConQueso
    Commented Jun 13, 2013 at 18:52
  • And my (and Tom's) answer is: "No there is not". Let me turn this question around on you. Is there any legal way I can get your username and password for your online banking without you telling me? Would you want there to be a legal way?
    – Scott Chamberlain
    Commented Jun 13, 2013 at 18:53

1 Answer 1

Reset to default
2

The only "legal" way is to ask the person for that credentials - however keep in mind that most companies will limit the number of devices that can connect to the WiFi under 1 account. So most likely when you use it, they will get kicked out or vice versa.

There are many ways how to get the password, you mentioned some of them. In addition you could run some of the "password reveal" programs (depending on Windows version).

But keep in mind that none of that is legal. By the basic definition of the law, you are not allowed to poses credentials that don't belong to you and even further more you would be committing theft of bandwidth if you would use the credentials, unless you are the person authorized to do so.

Simply - don't do this and connect to open WiFi APs only or get your own account.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .