Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: OT: Inserting Ads without breaking the SSL

from [Anthony Ettinger] Network Security [Permanent Link]
Subject: Re: OT: Inserting Ads without breaking the SSL
Date: Fri, 21 Apr 2006 23:56:34 -0700 
It's difficult to go off a screenshot. But it's possible, they have an
ad proxy on https on their domain which serves the ads?

https:// -> visited page -> loads https://adserver -> loads http ad,
and returns output?

so techinically the visited page is loading an https object (which
indirectly loads an http ad)



On 4/21/06, Saqib Ali <docbook.xml@gmail.com> wrote:

This is a little bit off-topic. But I need to solve this mystery:

Recently a provider in Santa Clara, CA started to provide free Wifi
service. The only catch is that they insert Adds on the webpage see:
http://www.metrofi.com/advertisers.html (screenshot at the very bottom).

This does not require installation of any software. So seems to me
their proxy is somehow modifying the HTML webpage to add the Ads.

I would like to find out how this is done so that the intergrity of a
SSL enabled page is not lost.

Thanks

--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------





--
Anthony Ettinger
Signature: http://chovy.dyndns.org/hcard.html

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OT: Inserting Ads without breaking the SSL, Jason
Next by Date:  Re: OT: Inserting Ads without breaking the SSL, Andrew van der Stock
Previous by Thread:  Re: OT: Inserting Ads without breaking the SSL, Zaninotti, Thiago
Next by Thread:  Re: OT: Inserting Ads without breaking the SSL, Andrew van der Stock
Indexes:  [Date] [Thread] [Top] [All Lists]