Selective modification of encrypted application layer data in a transparent security gateway

What is claimed is: 1. A method in a security gateway coupled between a client end station and a web application server (WAS), wherein a protocol stack used between the client end station and the WAS includes an application layer that carries application layer data, an encryption layer under the application layer to carry and encrypt the application layer data, and a transport layer to carry the encryption layer, wherein the encryption layer and the transport layer respectively allow for an encryption layer connection carried over a transport layer connection to be established between the client end station and the WAS to encrypt and transmit application layer data between them, wherein the security gateway includes a transport protocol layer manipulation module capable of making necessary changes at the transport layer to accommodate modifications made to the traffic transmitted between the client end station and the WAS at higher layers of the protocol stack, wherein the changes comprise modifying transport layer headers of packets and generating additional packets to acknowledge or retransmit modified data, the method to improve security through modification in the security gateway of application layer data even though that application layer data was encrypted and transmitted using the encryption layer connection that is between the client end station and WAS and is not terminated by the security gateway, the method comprising: monitoring, in the security gateway implemented in an electronic device, a handshake between the client end station and the WAS that follows a handshake protocol to establish the encryption layer connection over the transport layer connection, wherein the security gateway is transparent and thus does not terminate the encryption layer connection or the underlying transport layer connection, wherein the handshake is to generate a symmetric key to be utilized by the client end station and the WAS when encrypting and decrypting application layer data to be sent using the encryption layer connection, wherein the monitoring includes the security gateway learning the symmetric key using a private key of the WAS, wherein the monitoring comprises, receiving, at the security gateway, a handshake message sent from the client end station and destined to the WAS over the transport layer connection as part of the handshake, modifying, by the security gateway, the handshake message, wherein the modified handshake message participates in the establishment of the encryption layer connection by the client end station and the WAS, transmitting, to the WAS over the transport layer connection, the modified handshake message as part of the handshake instead of the handshake message, receiving, at the security gateway, an encrypted finished handshake message sent from the client end station and destined to the WAS over the encryption layer connection as part of the handshake, the encrypted finished handshake message being the result of the client end station having encrypted a plaintext finished handshake message, the plaintext finished handshake message being the result of the client end station utilizing a hash function and a plurality of handshake messages received by and transmitted from the client end station during the handshake, generating, by the security gateway, a plaintext modified handshake message by utilizing a hash function and a second plurality of handshake messages received from the client end station and transmitted to the client end station by the security gateway during the handshake, wherein at least one of the second plurality of handshake messages is different than a corresponding at least one of the plurality of handshake messages, and wherein the second plurality of handshake messages include the modified handshake message but not the handshake message, generating, by the security gateway, an encrypted modified finished handshake message by encrypting the generated plaintext modified handshake message, and transmitting, from the security gateway to the WAS over the encryption layer connection, the encrypted modified finished handshake message instead of the encrypted finished handshake message; receiving, at the security gateway, an encrypted connection record sent from the WAS and destined to the client end station using the encryption layer connection, the encrypted connection record being the result of the WAS having encrypted a plaintext connection record comprising one or more application layer payloads; generating, by the security gateway, a set of one or more encrypted modified connection records, wherein the generating comprises: decrypting the received encrypted connection record using the symmetric key to yield a plaintext connection record, modifying the plaintext connection record, and encrypting the modified plaintext connection record using the symmetric key; and transmitting, from the security gateway to the client end station using the encryption layer connection carried on the transport layer connection, the set of encrypted modified connection records generated by the security gateway instead of the encrypted connection record sent by the WAS. 2. The method of claim 1 , wherein the security gateway modified the plaintext connection record by: removing, from the plaintext connection record, a Hypertext Transfer Protocol (HTTP) header field. 3. The method of claim 2 , wherein the HTTP header field is a Server HTTP header field. 4. The method of claim 1 , wherein the security gateway modified the plaintext connection record by: inserting, into the plaintext connection record, a custom Hypertext Transfer Protocol (HTTP) cookie. 5. The method of claim 4 , further comprising: receiving, at the security gateway, another encrypted connection record sent from the client end station and destined to the WAS over the encryption layer connection; and responsive to an HTTP cookie of the another encrypted connection record not matching the custom HTTP cookie, stopping the another encrypted connection record from being sent to the WAS. 6. The method of claim 1 , wherein the security gateway modified the plaintext connection record by: inserting, into the plaintext connection record, Hypertext Markup Language (HTML) data or JavaScript code. 7. The method of claim 1 , further comprising: receiving, at the security gateway, a second encrypted connection record sent from the WAS and destined to the client end station over the encryption layer connection, the second encrypted connection record being the result of the WAS having encrypted a second plaintext connection record comprising a second set of one or more application layer payloads; responsive to determining that a first portion of the second plaintext connection record is to be temporarily held by the security gateway, transmitting, from the security gateway to the client end station over the encryption layer connection, a third encrypted connection record, the third encrypted connection record being the result of the security gateway having encrypted all of the second plaintext connection record that is not the first portion; receiving, at the security gateway, a fourth encrypted connection record sent from the WAS and destined to the client end station over the encryption layer connection, the fourth encrypted connection record being the result of the WAS having encrypted a fourth plaintext connection record comprising a fourth set of one or more application layer payloads; and transmitting, from the security gateway to the client end station over the encryption layer connection, a fifth encrypted connection record, the fifth encrypted connection record being the result of the security gateway having modified the first portion and encrypted the modified first portion and a