Using MITM to intercept HTTPS Requests

Discussion in 'Discussion (Beta Versions)' started by Gowtham, Mar 26, 2017.

Tags:
  1. Gowtham

    Gowtham Beta Tester

    Joined:
    Jan 22, 2017
    Messages:
    22
    I found that some ads are still creeping in somehow. Some ads like in-url ads using HTTPS (I mean, example.com/ad, where example.com is a useful site with example.com/goodcontent but example.com/ad is an ad url).

    I have encountered this http://www.digitalinternals.com/mobile/android-sniff-http-https-traffic-without-root/490/
    and also https://security.stackexchange.com/a/8309

    Is it possible in Adguard to perform Man-in-the-middle attack by installing an SSL Certificate and decrypt to read the full https url and block https://youtube.com/pagead like urls?

    Since proxy is something that is only available for Wifi, but Adguard uses a VPN that filters even mobile data also. The same VPN to which all the traffic is routed can decrypt to read the full URL depending upon which it can block in-url ads like https://example.com/ad.

    Are there any problems employing this technique? I don't know much about Android, if the user installs a root certificate, can the certificate be useful to decrypt ad traffic also?
     
  2. Boo Berry

    Boo Berry Moderator + Beta Tester Moderator

    Joined:
    May 30, 2012
    Messages:
    3,945
    Adguard for Windows, Mac and Android already has an option to install a certificate to intercept HTTPS traffic, or else it wouldn't be possible. Its what makes HTTPS filtering possible.

    For those missed ads, simply report them to the Missed Ads section while following the missed ads submission rules.
     
  3. Gowtham

    Gowtham Beta Tester

    Joined:
    Jan 22, 2017
    Messages:
    22
    That means Adguard already blocks urls like https://example.com/ad_banner but allows https://example.com/useful_content? Isn't it?
    Then Adguard must be using MITM. That is great.

    But in the filtering logs, I see only website name. Is it just that the filter logs show only the website name or it can block only domains but not encrypted urls?

    I see ads in Google Chrome, the textual ads on top of the results in Google search! If it is a filter problem, then it I will look to post them in the respective forum.

    What I intended to know in this post is whether Adguard for Android can filter full urls i.e. not just domains (ex. https://example.com/ad_tracker) but allow https://example.com/useful_content
     
    Last edited: Mar 26, 2017
  4. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    13,140
    Have you enabled HTTPS filtering in Adguard's settings?
     
  5. Gowtham

    Gowtham Beta Tester

    Joined:
    Jan 22, 2017
    Messages:
    22
    Yes, I have it enabled.
     
  6. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    13,140