How does the HTTPS filter work?

Discussion in 'Discussion (AdGuard for Windows)' started by hkaiieal, Jul 18, 2014.

  1. hkaiieal

    hkaiieal Beta Tester

    Joined:
    Jul 17, 2014
    Messages:
    2
    Hi, I am fairly new to Adguard and I noticed that it has an option to filter on HTTPS. Can you give me more information (technical) on how this works as trying it out I see the CA of the sites are changed to Adguard.

    Thanks
     
  2. Nameless

    Nameless Beta Tester

    Joined:
    Mar 19, 2014
    Messages:
    731
    Hi, because all your data is intercepted by adguard to stop the ads then at the moment your going to be forced to use the adguard security certificate unless you disable adguard. They have said however that you are going to change this is the future in case you feel this is not safe so that you can use the sites security certificate over theirs to give you peace and mind. I have no dates when this is happening, but i remember seeing this when someone else asked about this.

    Dont worry though your details should be safe =) Ive been suing it no issues yet.
     
  3. hkaiieal

    hkaiieal Beta Tester

    Joined:
    Jul 17, 2014
    Messages:
    2
    Does this mean that after adguard intercepted the https data and filtered the ads out, it get re-encrypted using adguard private key before displaying to the user's browser. I was hoping the developer could shed some light into this matter and be as transparent as possible. For my peace of mind (and possibly others).
     
  4. Nameless

    Nameless Beta Tester

    Joined:
    Mar 19, 2014
    Messages:
    731
    I'll be honest with you i dont know and you will have to wait for avatar to respond or maybe boo berry knows.

    I do remember someone asking about this but i just can not find the thread at moment or im remembering things wrong. Anyway, if avatar is not on today or tomorrow he might be sometime on monday and should answer your question.
     
  5. Boo Berry

    Boo Berry Moderator + Beta Tester Moderator

    Joined:
    May 30, 2012
    Messages:
    3,213
    From my understanding (granted, I haven't really researched this so chances are I'm wrong) it uses a man-in-the-middle technique with a certificate generated for/by Adguard, which is one of if not the only way to filter HTTPS outside of browser extensions. If/when Ad Muncher supports HTTPS filtering, they'll have to do the same thing. That's why when you visit sites using SSL, it displays the Adguard CA instead of the site's CA.

    The one thing the Adguard developers should possibility look into is adding a disclaimer and/or information about using MITM to filter HTTPS and let the user choose for themselves whether or not they wish to enable HTTPS filtering after reading this disclaimer because some people may consider using MITM, however beneficial it may be in this case, a security risk however low it may be.
     
    Last edited by a moderator: Jul 20, 2014
  6. Nameless

    Nameless Beta Tester

    Joined:
    Mar 19, 2014
    Messages:
    731
    Hey Boo, think your right with what you said but unsure, the post im after i simplay can not find but maybe this one helps: http://forum.adguard.com/showthread...PS-information-when-filtering&highlight=https to me that says MITM but i could be wrong as my brain sometimes just does not work right, if you can remember quantum leap and ziggy then thats my brain hits head* stupid thing never works! haha

     
  7. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,895
    Hello!

    @Boo is right, Adguard uses man-in-middle for HTTPS filtering.
    Adguard CA is generated automatically and it's different for each computer.

    One more thing though, we've added SSL exclusions settings in Adguard 5.10 (will be released soon) so you can disable HTTPS filtering for some domains.