SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION
First Claim
1. A method performed by data processing apparatus, the method comprising:
- receiving, from a client device within a network, a Hypertext Transfer Protocol (HTTP) request addressed to a first resource on a server outside the network;
redirecting the HTTP request to a man-in-the-middle-gateway within the network;
establishing a first encrypted connection between the client device and the man-in-the-middle-gateway, and a second encrypted connection between the man-in-the-middle-gateway and the server;
retrieving, by the man-in-the-middle-gateway, the first resource from the server;
modifying the first resource to change pointers within the first resource to point to location in a domain associated with the man-in-the-middle-gateway within the network; and
serving, by the man-in-the-middle-gateway to the client device, the modified first resource.
7 Assignments
0 Petitions
Accused Products
Abstract
A HTTP request addressed to a first resource on a second device outside the network is received from a first device within the network. The HTTP request is redirected to a third device within the network. A first encrypted connection is established between the first device and the third device, and a second encrypted connection between the third device and the second device. The third device retrieves the first resource from the second device. The first resource is modified to change pointers within the first resource to point to location in a domain associated with the third device within the network. The third device serves, to the first device, the second resource.
36 Citations
30 Claims
-
1. A method performed by data processing apparatus, the method comprising:
-
receiving, from a client device within a network, a Hypertext Transfer Protocol (HTTP) request addressed to a first resource on a server outside the network; redirecting the HTTP request to a man-in-the-middle-gateway within the network; establishing a first encrypted connection between the client device and the man-in-the-middle-gateway, and a second encrypted connection between the man-in-the-middle-gateway and the server; retrieving, by the man-in-the-middle-gateway, the first resource from the server; modifying the first resource to change pointers within the first resource to point to location in a domain associated with the man-in-the-middle-gateway within the network; and serving, by the man-in-the-middle-gateway to the client device, the modified first resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer storage media encoded with computer program instructions that, when executed by one or more processors, cause a computer device to perform operations comprising:
-
receiving, from a client device within a network, a Hypertext Transfer Protocol (HTTP) request addressed to a first resource on a server outside the network; redirecting the HTTP request to a man-in-the-middle-gateway within the network; establishing a first encrypted connection between the client device and the man-in-the-middle-gateway, and a second encrypted connection between the man-in-the-middle-gateway and the server; retrieving, by the man-in-the-middle-gateway, the first resource from the server; modifying the first resource to change pointers within the first resource to point to location in a domain associated with the man-in-the-middle-gateway within the network; and serving, by the man-in-the-middle-gateway to the client device, the modified first resource. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system comprising:
-
one or more processors configured to execute computer program instructions; and computer storage media encoded with computer program instructions that, when executed by one or more processors, cause a computer device to perform operations comprising; receiving, from a client device within a network, a Hypertext Transfer Protocol (HTTP) request addressed to a first resource on a server outside the network; redirecting the HTTP request to a man-in-the-middle-gateway within the network; establishing a first encrypted connection between the client device and the man-in-the-middle-gateway, and a second encrypted connection between the man-in-the-middle-gateway and the server; retrieving, by the man-in-the-middle-gateway, the first resource from the server; modifying the first resource to change pointers within the first resource to point to location in a domain associated with the man-in-the-middle-gateway within the network; and serving, by the man-in-the-middle-gateway to the client device, the modified first resource. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification