In the long long ago, I knew that the udp53 bypassed the Web authentication to get online for free, but the speed of a server plus domestic bandwidth is fast enough to consume hundreds of dollars every month. It's better to spend nine yuan and nine yuan to open a campus network
I saw it in the water group today
This is OK. Some people planted trees
The following is the result of my Baidu Plus practice

I Principle Introduction

Before connecting to a hotspot that requires web authentication, we have obtained an intranet IP address. At this time, if we visit an HTTP website, the gateway will hijack and tamper with the HTTP response message, and 302 will redirect us to a web authentication interface (so it is impossible for an HTTPS website to jump to the web authentication page). The detailed principle can Poke here

We have seen that the gateway (or switch) releases DHCP and DNS messages by default, that is, UDP 53 and UDP 67. Some gateways do not even check messages, which means that any form of data packet can pass through smoothly.

In this case, we can set up a server on the public network and use it to Free Admission On the Internet, you can also prevent network audit by the way - once again, the "free" deleted line is just spent on the server. The main breakthrough of our free Internet access this time is UDP 53. Of course, according to a friend's practice, UDP 67 can also bypass Web authentication, even those hotspots that UDP 53 cannot bypass. Of course, TCP 53 is also OK. After all, DNS also has TCP.

II Environmental detection

Win port detection tool
Download: https://github.com/insoxin/btpanel-ss/raw/master/UDP53.exe
spare: https://github.com/insoxin/btpanel-ss/blob/master/UDP53.exe
If you can see the figure below continue
If not, replace the following 53 ports with 67 68 ports. If three ports are still not available, give up

III Installation of pagoda ss plug-in

Prerequisite: Installed Pagoda Linux panel (The pagoda panel of any system is OK. The latest version of the pagoda is recommended.)

After installing the pagoda, log in to the terminal and execute the following command to install it:

This is a very long time
All right, directly log into the pagoda Linux panel>>Open the software list page>>Go to the last page of the list to see the newly installed shadowlocks plug-in

Then enable it
Remember that netstat - antu can also be used for port check

V matters needing attention

1. Speed

When all data packets are allowed to pass through UDP 53, the speed mainly depends on your server's Outgoing bandwidth and The network speed of the hotspot itself 。

2. IP problems

The server is out of town, so Taobao Alipay and others need verification codes. In case of appeal in the future, remember to select the login area as the server location.

3. Safety issues

Some hotspots are open and not password protected, so man in the middle attacks can be easily carried out - even root Android phones can do it. It can prevent man in the middle attacks (there are server certificates in the configuration file). At the same time, I use AES-128-CBC encryption, which makes network auditing easy.

###Acknowledgement List

At the same time, the pagoda environment is equipped with the ss plug-in (which can bypass the Web authentication to access the Internet for free udp53

https://www.bennythink.com/udp53.html

https://github.com/BennyThink/UDP53-Filter-Type

https://github.com/shadowsocks

https://github.com/Liang2580/btpanel-ss