|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: OT: Inserting Ads without breaking the SSL
From: Anthony Ettinger (aettinger
sdsualumni.org)
Date: Sat Apr 22 2006 - 01:56:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It's difficult to go off a screenshot. But it's possible, they have an
ad proxy on https on their domain which serves the ads?
https:// -> visited page -> loads https://adserver -> loads http ad,
and returns output?
so techinically the visited page is loading an https object (which
indirectly loads an http ad)
On 4/21/06, Saqib Ali <docbook.xmlgmail.com> wrote:
> This is a little bit off-topic. But I need to solve this mystery:
>
> Recently a provider in Santa Clara, CA started to provide free Wifi
> service. The only catch is that they insert Adds on the webpage see:
> http://www.metrofi.com/advertisers.html (screenshot at the very bottom).
>
> This does not require installation of any software. So seems to me
> their proxy is somehow modifying the HTML webpage to add the Ads.
>
> I would like to find out how this is done so that the intergrity of a
> SSL enabled page is not lost.
>
> Thanks
>
> --
> Saqib Ali, CISSP, ISSAP
> Support http://www.capital-punishment.net
> -----------
> "I fear, if I rebel against my Lord, the retribution of an Awful Day
> (The Day of Resurrection)" Al-Quran 6:15
> -----------
>
> -------------------------------------------------------------------------
> This List Sponsored by: SPI Dynamics
>
> ALERT: "How A Hacker Launches A Web Application Attack!"
> Step-by-Step - SPI Dynamics White Paper
> Learn how to defend against Web Application Attacks with real-world
> examples of recent hacking methods such as: SQL Injection, Cross Site
> Scripting and Parameter Manipulation
>
> https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
> --------------------------------------------------------------------------
>
>
--
Anthony Ettinger
Signature: http://chovy.dyndns.org/hcard.html
-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]