Are there well known HTTP-only sites?
A well-known public HTTP only site will resolve this
You can use http://neverssl.com:
What?
This website is for when you try to open Facebook, Google, Amazon, etc on a wifi network, and nothing happens. Type "http://neverssl.com" into your browser's url bar, and you'll be able to log on.
How?
neverssl.com will never use SSL (also known as TLS). No encryption, no strong authentication, no HSTS, no HTTP/2.0, just plain old unencrypted HTTP and forever stuck in the dark ages of internet security.
Why?
Normally, that's a bad idea. You should always use SSL and secure encryption when possible. In fact, it's such a bad idea that most websites are now using https by default.
And that's great, but it also means that if you're relying on poorly-behaved wifi networks, it can be hard to get online. Secure browsers and websites using https make it impossible for those wifi networks to send you to a login or payment page. Basically, those networks can't tap into your connection just like attackers can't. Modern browsers are so good that they can remember when a website supports encryption and even if you type in the website name, they'll use https.
And if the network never redirects you to this page, well as you can see, you're not missing much.
Related videos on Youtube
Giacomo Catenazzi
Updated on September 18, 2022Comments
-
Giacomo Catenazzi over 1 year
Captive WIFI portals suck.
So often when I open in a browser (Desktop Chrome or Mobile Chrome) a HTTP site, I get the captive portal, but with auto-completion and so quickly I connect again to WIFI.
The problem is that after the captive portal redirects, I'll have also a HTTPS redirect and Chrome remember the certificate and to use only HTTPS. So I cannot use the same site twice (in a session).
A well-known public HTTP only site will resolve this. Well-known sites usually work, causing some less debugging of the WIFI connection.
-
Admin over 5 yearsThis question doesn’t only apply to Chrome. It applies to any browser respecting HTTP Strict Transport Security and affects many users in the modern world full of public portaled WiFi APs.
-
Admin almost 5 yearsTry using neverssl.com
-
-
GiantTree almost 7 yearsAlso: google.com/generate_204. It's recognized by chrome and is actually used to detect the captive portal in the first place. Works great.
-
user1686 almost 7 years…except in networks which spoof replies to known captive-portal detection mechanisms. Yes, apparently people do that. :(
-
Virtually Nick over 6 yearsA lot of times I use "captive.apple.com", which is what iOS looks for when it tries to detect a captive portal. I do this on my Linux-based laptop to get the captive portal login.
-
Matt over 2 yearsneverssl.com now redirects to innermajesticgrandyawn.neverssl.com/online ...so I guess they should change their name?
-
Pavan Kumar over 2 years@Matt Neverssl now redirects to too many of such combinations to work around different set of issues. Updates here - neverssl.com/changes or here - web.archive.org/web/20211021035030/http://neverssl.com/changes for someone from future. This redirection is detailed under sub heading "Enhanced Cache-busting"