You can bypass captive portals by using some of the ideas displayed in this presentation, but you will probably also need to have a server with a good unmetered connection and a cleverly named (sub)domain.
- The One True Sysadmin will look through all the logs and find your server and block it and you'll have to pick another one next time
- The One True A(G)I will find your domain automagically and block it and you'll have to pick another one
...In all seriousness several MB of data to a DNS server will get you bitten at least once because someone somewhere is actually doing the job they're paid to do. But it'll probably be an exception.
As another replier noted, you might evade detection. But the reason I mentioned it is that captive portals (before authenticating) may not allow you at all to do DNS queries... except, for their own whitelisted domains. Depending on how they do it and how they wrote their rules, if they allow example.com you could potentially query example.com.mydomain.com
EvanAnderson|3 years ago
Using DNS to exfiltrate arbitrary data thru firewalls that don’t log DNS requests is handy too.
exikyut|3 years ago
arjvik|3 years ago
What do you mean here?
exikyut|3 years ago
- The One True A(G)I will find your domain automagically and block it and you'll have to pick another one
...In all seriousness several MB of data to a DNS server will get you bitten at least once because someone somewhere is actually doing the job they're paid to do. But it'll probably be an exception.
mikeponders|3 years ago