Anyone working on a "portal page" blocker for Konqueror?
Martin Konold
martin.konold at erfrakon.de
Sun Oct 9 12:33:37 BST 2005
Am Samstag 08 Oktober 2005 17:35 schrieb George Staikos:
Hi,
> They're not hijacking HTTPS. They're hijacking DNS. If the user types
> "https://www.example.com/", gets the page for the ISP,
To my knowlede these ISPs don't modify DNS simply because poisened DNS is
difficult to control. (DNS information is arbitrarily cached).
What they typically do is that they use a transparent proxy on their router
which routes traffic according to the port number.
They then inject their contents via this mandatory proxy server. Sofar I have
never seen this with https but only http connections. In one case (Freenet in
Germany) the provider replies to an initial https request with a http
connection though.
Technically putting a transparent proxy in between a https connection means a
man-in-the-middle-attack and Konqueror detects this.
Yours,
-- martin
--
http://www.erfrakon.com/
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
More information about the kfm-devel
mailing list