Using MITM to intercept HTTPS Requests

G

Gowtham

Beta Tester
I found that some ads are still creeping in somehow. Some ads like in-url ads using HTTPS (I mean, example.com/ad, where example.com is a useful site with example.com/goodcontent but example.com/ad is an ad url).

I have encountered this http://www.digitalinternals.com/mobile/android-sniff-http-https-traffic-without-root/490/
and also https://security.stackexchange.com/a/8309

Is it possible in Adguard to perform Man-in-the-middle attack by installing an SSL Certificate and decrypt to read the full https url and block https://youtube.com/pagead like urls?

Since proxy is something that is only available for Wifi, but Adguard uses a VPN that filters even mobile data also. The same VPN to which all the traffic is routed can decrypt to read the full URL depending upon which it can block in-url ads like https://example.com/ad.

Are there any problems employing this technique? I don't know much about Android, if the user installs a root certificate, can the certificate be useful to decrypt ad traffic also?
 
Boo Berry

Boo Berry

Moderator + Beta Tester
Moderator
Adguard for Windows, Mac and Android already has an option to install a certificate to intercept HTTPS traffic, or else it wouldn't be possible. Its what makes HTTPS filtering possible.

For those missed ads, simply report them to the Missed Ads section while following the missed ads submission rules.
 
G

Gowtham

Beta Tester
Boo Berry said:
Adguard for Windows, Mac and Android already has an option to install a certificate to intercept HTTPS traffic, or else it wouldn't be possible. Its what makes HTTPS filtering possible.

For those missed ads, simply report them to the Missed Ads section while following the missed ads submission rules.
Click to expand...
That means Adguard already blocks urls like https://example.com/ad_banner but allows https://example.com/useful_content? Isn't it?
Then Adguard must be using MITM. That is great.

But in the filtering logs, I see only website name. Is it just that the filter logs show only the website name or it can block only domains but not encrypted urls?

I see ads in Google Chrome, the textual ads on top of the results in Google search! If it is a filter problem, then it I will look to post them in the respective forum.

What I intended to know in this post is whether Adguard for Android can filter full urls i.e. not just domains (ex. https://example.com/ad_tracker) but allow https://example.com/useful_content
 
Last edited:
avatar

avatar

Administrator
Staff member
Administrator
Gowtham said:
But in the filtering logs, I see only website name. Is it just that the filter logs show only the website name or it can block only domains but not encrypted urls?
Click to expand...
Have you enabled HTTPS filtering in Adguard's settings?
 
avatar

avatar

Administrator
Staff member
Administrator
You must log in or register to reply here.
Top