In-Flight Web Page Modifications

By creis at 5:29 pm on April 20, 2008 | 1 Comment

Our research group (Charlie Reis, Yoshi Kohno, and Steve Gribble from UW CSE, and Nick Weaver from ICSI) has just presented a measurement study showing that many users are receiving web pages that have been modified in-flight.  The pages are changed between the web server and the user’s browser, either by ISPs injecting advertisements, enterprise firewalls injecting script code, or client-side proxies that block popups and ads.  These changes are often unwanted by either publishers or users, and they can also be dangerous: we found that several types of changes introduced bugs and security vulnerabilities into otherwise safe and functional pages.

To study this, we measured how often our own web page, http://vancouver.cs.washington.edu, was modified when users visited it.  A piece of JavaScript code that we call a “web tripwire” detected such modifications, allowing us to record the change and notify the user.  Our study found that about 1% of the 50,000 visitors to our page received a modified version.  While 70% of these changes were caused by client-side proxies, we did see many changes caused by ISPs and firewalls as well.

For more information on our study and our results, you can read our analysis at Detecting In-Flight Page Changes with Web Tripwires, as well as our recent NSDI 2008 paper (PDF).  Our results have also been covered recently in the news media here, here, and here.

If you would like to add a web tripwire to your own page, we have an open source toolkit that you can download and host on your web server.  We also have a web tripwire service that is hosted by our server, which you can add to your page with a single line of JavaScript code.

Filed under: Current Events,Integrity,Research1 Comment »

1 Comment

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Advocaat

    August 2, 2008 @ 5:48 am

    For me it’s great knowing what is done to the web page after it leaves the server. Both for security reasons and to have an extra tool agains adblockers. Thanks for sharing this study.

RSS feed for comments on this post