A lot of public areas provide WLAN service for nomadic users so that they can surf Internet or work online even when they are out of office. Therefore, the security of public WLANs is more important than the past. Nowadays many public WLAN service providers authenticate users with the Captive Portal. The Captive Portal uses a webpage to request a user to authenticate himself by providing his own username and password. This security mechanism proved to be simple and effective because users cannot access Internet before they get authenticated. However, in this thesis, we shall illustrate that public WLANs which are guarded by Captive Portal, are vulnerable to man-in-the-middle (MITM) attacks. Therefore, a hacker can carefully send out some spoofing packets and take advantage of the public WLAN to access Internet without being authenticated. We show the vulnerability by both protocol analysis and a real implementation in C programs.