WebApp Sec mailing list archives
Re: OT: Inserting Ads without breaking the SSL
From: "Anthony Ettinger" <aettinger () sdsualumni org>
Date: Fri, 21 Apr 2006 23:56:34 -0700
It's difficult to go off a screenshot. But it's possible, they have an ad proxy on https on their domain which serves the ads? https:// -> visited page -> loads https://adserver -> loads http ad, and returns output? so techinically the visited page is loading an https object (which indirectly loads an http ad) On 4/21/06, Saqib Ali <docbook.xml () gmail com> wrote:
This is a little bit off-topic. But I need to solve this mystery: Recently a provider in Santa Clara, CA started to provide free Wifi service. The only catch is that they insert Adds on the webpage see: http://www.metrofi.com/advertisers.html (screenshot at the very bottom). This does not require installation of any software. So seems to me their proxy is somehow modifying the HTML webpage to add the Ads. I would like to find out how this is done so that the intergrity of a SSL enabled page is not lost. Thanks -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ----------- ------------------------------------------------------------------------- This List Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
-- Anthony Ettinger Signature: http://chovy.dyndns.org/hcard.html ------------------------------------------------------------------------- This List Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- OT: Inserting Ads without breaking the SSL Saqib Ali (Apr 21)
- Re: OT: Inserting Ads without breaking the SSL Jason (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Saqib Ali (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Jason (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Zaninotti, Thiago (Apr 24)
- Re: OT: Inserting Ads without breaking the SSL Saqib Ali (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Jason (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Anthony Ettinger (Apr 22)
- Re: OT: Inserting Ads without breaking the SSL Andrew van der Stock (Apr 22)
- <Possible follow-ups>
- Re: Re: OT: Inserting Ads without breaking the SSL 7269 (Apr 27)
- Re: OT: Inserting Ads without breaking the SSL Jason (Apr 27)
- Re: Re: OT: Inserting Ads without breaking the SSL 7269 (Apr 27)
- Re: OT: Inserting Ads without breaking the SSL elawford (May 01)
- Re: OT: Inserting Ads without breaking the SSL Saqib Ali (Jun 12)