Abstract: The disclosed computer-implemented method for performing security analyzes on network traffic in cloud-based environments may include (1) collecting network traffic exchanged between a source device and a destination device for a security analysis by (A) receiving, from the destination device, a response to a request sent by the source device, (B) identifying, in a header of the response, information that facilitates access to at least a portion of the request, and (C) obtaining, based at least in part on the information identified in the header of the response, the portion of the request sent by the source device, and then (2) performing the security analysis on the network traffic by analyzing the portion of the request sent by the source device and at least a portion of the response. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for detecting captive portals includes a two phase captive portal detection process whereby an initial HTTP ping request is sent from the endpoint captive portal detection application on an end user computing system to an Internet accessible web server. The Internet accessible web server is expected to return an initial response token to the endpoint captive portal detection application in response to the initial HTTP ping request and if the expected initial response token is received, an initial HTTPS query request is then sent together with the returned initial response token that requires server/client mutual authentication. If mutual authentication is accomplished, then it is determined that the user is not in a captive portal. Follow up HTTP ping requests are then periodically generated by the endpoint captive portal detection application and if the responses to the follow up HTTP ping requests do not change, i.e., the token does not change, no new HTTPS query request is sent.