I'm currently at a hotel that is using Superclick to provide wired and wireless access to the hotel rooms. I don't expect exceptional download speed while at a hotel; however, I never expected to have my entire browsing experienced monitored and logged by the ISP.
While on the Superclick network I determined the following:
- All non-SSL URL requests are intercepted by Superclick and fed to their webserver as a URL parameter
- The Superclick server retrieves the requested page, drops it into the main frame of a frame set and returns the frame to the browser
- The returned frameset always includes a Superclick php file in the top frame, presumably to maintain control of the user's browsing experience
For example, if the user requests google.com, the following request is made
Notice that google.com is passed to the Superclick site (188.8.131.52) as a parameter.
Now, Superclick retrieves google.com and wraps it inside a frameset, making sure to insert its own php code in the top frame. Take a look at the page source.
So, not only will the ISP have you network traffic logs, but now they also have complete control of your browsing experience. From my observations, it appears these actions are not taken for SSL sites; however, I wouldn't trust much of anything thats going on at this point.
Lastly, this little modification also leaves the user with the random occurences of the URL not matching the site you are on. Yes, you heard me right, Superclick will serve you up the requested page and somehow, not update the URL in your browser window. It seems that this happens when you follow a new link to a page on another server. In the page below you can see that I am on the Disney site while the URL still says ESPN.com
Here's a snapshot of the broken back button too. Clicking back will just take me to Superclick's redirectr, which sends me to the page I started from, thereby eliminating the ability to go back at all.
How can you tell if your hotel is pulling these shananigans on you?
- The 'back' button will mysteriously stop working.
- All urls will end in a question mark (see previous image)
- Viewing the source of any page you've browsed to will show a frameset with the Superclick site injected nicely into the top frame.
I'm not the only one who has commented on this hotel activity http://www.sans.edu/resources/securitylab/266.php
Update June, 2006:
Looks like more ISPs are thinking they have the right to monitor and inspect all your traffic for the purpose of injecting adds and making money.