inject bogus HTTP response in HUB environment

I am testing an open WLAN that utilizes application layer authentication
after association. The user associates and gets an IP address, but to
"access" the network the user must open a browser and go to any HTTP
website, which results in an HTTP redirect to HTTPS://<IPADDRESS>, where
IPADDRESS is a some component of the wireless infrastructure. This server
returns an HTML form for authentication. I want to influence that very
first redirect. Long story there a tool that will work in a HUB
environment (i.e. no ARP tricks) to inject a bogus HTTP response? I want to
redirect to my test machine and present my own form.
View this message in context:
Sent from the Penetration Testing mailing list archive at