Intercepting HTTPS/SSL with eBlocker?

aaronpawlak shared this question 2 weeks ago
Need Answer


I was browsing Kickstarter web-site earlier and stumbled upon the "eblocker" which is a closed source, subscription-based custom firmware for raspberry/banana pi featuring adblocker, cookie cutter and Tor.What surprised me tho was the last Q&A in their FAQ announcing that HTTPS/SSL support is coming in Spring 2016.I thought the whole point of the HTTPS/SSL is that it guards you against MitM attack which essentially what eBlocker is planning to start doing in spring 2016. How is that possible?

Please help

I didn't find the right solution from the internet.


Comments (1)


Unlike any browser extension the eBlocker can't look into the SSL / HTTPS communication, because the SSL / HTTPS communication has to be decrypted from the Webserver to the Browser. That's why any browser extensions can handle SSL / HTTPS websites (they will be decrypted by the browser).

The eBlocker will work network wide and all the HTTP / HTTPS traffic runs through the eBlocker. The eBlocker can't look into the SSL / HTTPS traffic because the traffic must be encrypted from the Webserver to the browser. The eBlocker can open the encrypted traffic, but must encrypt it again. Therefore the eBlocker uses an own certificate which included a certificate chain. The operation systems certificate management will need the eBlocker certificate to decrypted the SSL / HTTPS traffic from the eBlocker again. This is like a man in the middle attack, but it's in your network, you activated this function and you can look into the websites certificate. There you will see the certificate chain.

If you are unpleasant with the eBlocker SSL function, you can sill not use it. But then the eBlocker will be only able to filter the HTTP traffic.