From: Edward Fjellskål (edwardfjellskaalgmail.com)
Date: Mon Feb 06 2012 - 13:55:32 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I have found this:
http://gnucitizen.googlecode.com/svn/trunk/

httpproxy.py seems to do some of what you want, but
there is no easy way of sending the data to snort.
(you can see the traffic in console)

Maybe someone with a little python skill could split
the code up a bit and send the packets in cleartext
over a local loop interface with snort on it or something.

That would help the community a bit, but I dont know
about performance thought :/

Hope this inspires someone :)

E

On 02/06/2012 07:53 PM, PS wrote:
> Do you have personal experience with viewssld?
>
> I would like to do this for connections that are made out to the internet. Since I do not have the private keys for the public web servers, I will be using a proxy server (squid) with its ssl-bump feature to perform the sslmitm. From looking at the config file of viewssld, it looks like I will have to provide a certificate for each website that I would like to monitor. Is that how sslmitm is usually performed?
>
> Do you know if many companies have sslmitm for internet connections, or is it primarily used for reverse proxy implementations?
>
> Thank you!
>
> On Feb 6, 2012, at 12:04 PM, Richard Bejtlich wrote:
>
>> This is a popular question...
>>
>> http://resources.infosecinstitute.com/ssl-decryption/
>>
>> Sincerely,
>>
>> Richard
>>
>> On Mon, Feb 6, 2012 at 11:51 AM, PS <packetstackgmail.com> wrote:
>>> Hello,
>>>
>>> Does anyone know of a free/opensource tool which could decrypt ssl and make accessible to snort?
>>>
>>> Something like a mitm proxy with the capability to pass the unencrypted packets over to snort for analysis.
>>>
>>> Thanks!
>>>
>>> Victor Pineiro
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Try before you buy = See our experts in action!
>>> The most comprehensive online learning library for Microsoft developers
>>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>>> Metro Style Apps, more. Free future releases when you subscribe now!
>>> http://p.sf.net/sfu/learndevnow-dev2
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-userslists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]