SNI Spoof is easy & reliable enough. Other tricks won't be included if SNI Spoof works.
| Airline | System | Best Method | Note |
|---|---|---|---|
| AA | SNI Spoof | NO DNS, tested | |
| AC | SNI Spoof | tested | |
| DL | Gogo | SNI Spoof | tested |
| DL | Viasat | SNI Spoof | tested |
| OZ | Panasonic | Iodine | tested, too slow |
| BR | Panasonic | MAC Spoof | tested |
Some airline might have multiple different system installed. Double confirm which one is for your flight!
Detailed Notes
AA
DNS works slowly, DNS works slowly. SNI spoof with hardcoded ip works. If not working, please firstly click payment button.
AC
## Air Canada wifi from `https://wifi.inflightinternet.com/app/ifc/splash`:
SNI spoof works.
send HTTPS traffic to any random http server, and modify SNI to paypal.com (or www.paypal.com).
Warning: DNS doesn't work. prepare your DNS record!
If DNS not working with socks5, set ur dns to 1.1.1.1, or proxy dns via proxy.
## Also works for gogo inflight wifi (delta)
SNI spoof works.
DNS works.
DL
no wifi over pacific ocean
new provider Viasat, SNI spoof paypal works.
OZ
# Panasonic
asiana wifi:
ip whitelist:
MPC➜ sh git:(one) ping 1.2.3.5
PING 1.2.3.5 (1.2.3.5) 56(84) bytes of data.
From 172.29.2.27 icmp_seq=1 Destination Net Prohibited
^C
--- 1.2.3.5 ping statistics ---
2 packets transmitted, 0 received, +1 errors, 100% packet loss, time 1000ms
MPC➜ sh git:(one) ping 151.101.197.21
PING 151.101.197.21 (151.101.197.21) 56(84) bytes of data.
64 bytes from 151.101.197.21: icmp_seq=1 ttl=45 time=766 ms
64 bytes from 151.101.197.21: icmp_seq=2 ttl=45 time=807 ms
64 bytes from 151.101.197.21: icmp_seq=3 ttl=45 time=819 ms
dns allowed but proxied, dns tunnel will work.
worth try: fastly CDN fronting:
MPC➜ sh git:(one) ping www.paypal.com
PING cs1150.wpc.betacdn.net (192.229.210.155) 56(84) bytes of data.
64 bytes from 192.229.210.155: icmp_seq=1 ttl=45 time=824 ms
|OZ |Panasonic|Fastly CDN fronting |https blocked.. But domain fronting seems to work? will try http next |
iodine howto
while true; bin/iodined -f -c -P rtlgn24bgn 192.168.99.1 dns.896444.xyz ; sleep 10 ; end
# client: sudo bin/iodine -f -P rtlgn24bgn dns.896444.xyz
# when testing, add: -r skip UDP direct mode, avoid cheating in test.
# Then sslocal -s 192.168.99.1 -p 25551 -m chacha20-ietf-poly1305 -k default-password -b 0.0.0.0 -l 1080 --fast-open
# sslocal -s 192.168.99.1:25551 -b 0.0.0.0:1080 -m chacha20-ietf-poly1305 -k default-password --tcp-fast-open
iodine too slow. Need to test domain fronting (fastly ip, paypal SNI, custom Host) (SNI also dont need to be correct!)
EVA AIR
# Panasonic
DNS works, but TCP traffic to external server got blocked.
SNI spoof doesn't work. Need to use MAC spoof to renew the 30min trial time.
sudo ip l set wlp2s0 down
sudo ip l set wlp2s0 address 10:11:12:11:12:28
sudo ip l set wlp2s0 up
To share PC wifi with phone, need to create_ap:
nmcli connection modify EVA-WiFi wifi.band bg wifi.channel 11
> From Internet: they said android could also spoof MAC with `Enhanced Wi-Fi Mac Randomization / Wifi non-persistent MAC randomization` in Developer Options.
Leave a Reply