[squid-users] Inject a banner on a couple of sites

Eliezer Croitoru eliezer at ngtech.co.il
Fri Feb 5 11:23:38 UTC 2016


Hey,

It is possible but might be illegal.
You should consider to consult some lawyer about it before touching the 
subject.
ICAP or ECAP are the options.

I would like to add couple links about this subject which can lead to 
all sort of session hijacking and fraud.
- https://www.owasp.org/index.php/Session_hijacking_attack
- 
http://blog.beefproject.com/2012/06/beef-in-real-world-pen-test-part-3-hot.html

The above mentioned beef tool is used by injecting a simple tiny JS file 
and can be a very big security breech.
A nice video which describes what can be done with this attack tool as a 
defense mechanism:
https://www.youtube.com/watch?v=7w9aHEx-BmE

Eliezer

* The pure idea of bringing the links and the subject is to give 
perspective about some real security issues\threats that are out there.

On 05/02/2016 11:58, Travel Factory S.r.l. wrote:
>
> I need to inject some javascript to show some warnings to my users when
> they access a couple of external web sites.
>
> Is it possible to use squid for this, perhaps together with an icap server?
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list