Re: OT: Inserting Ads without breaking the SSL

[Jason <security () brvenik com>]

Saqib Ali wrote:
> This is a little bit off-topic. But I need to solve this mystery:
>
> Recently a provider in Santa Clara, CA started to provide free Wifi
> service. The only catch is that they insert Adds on the webpage see:
> http://www.metrofi.com/advertisers.html (screenshot at the very bottom).
>
> This does not require installation of any software. So seems to me
> their proxy is somehow modifying the HTML webpage to add the Ads.
>
> I would like to find out how this is done so that the intergrity of a
> SSL enabled page is not lost.

I would not believe it possible as you describe it. Have you seen this
happen?

> Thanks
>
> --
> Saqib Ali, CISSP, ISSAP
> Support http://www.capital-punishment.net
> -----------
> "I fear, if I rebel against my Lord, the retribution of an Awful Day
> (The Day of Resurrection)" Al-Quran 6:15
> -----------
>
> -------------------------------------------------------------------------
> This List Sponsored by: SPI Dynamics
>
> ALERT: "How A Hacker Launches A Web Application Attack!" 
> Step-by-Step - SPI Dynamics White Paper
> Learn how to defend against Web Application Attacks with real-world 
> examples of recent hacking methods such as: SQL Injection, Cross Site 
> Scripting and Parameter Manipulation
>
> https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
> --------------------------------------------------------------------------

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------