Re: Inspecting SSL traffic for free "A.K.A IDS/IPS on SSLconnections"

["Liam Randall" <Liam.Randall () gigaco com>]

squid SSl-bump might do the trick for you.

http://wiki.squid-cache.org/Features/SslBump

Liam Randall

-----Original Message-----
From: pauldotcom-bounces () mail pauldotcom com
[mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Sherif
El-Deeb
Sent: Monday, June 04, 2012 12:50 AM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Inspecting SSL traffic for free "A.K.A IDS/IPS on
SSLconnections"

- I would like to inspect traffic for SSL(TLS?) connections, I already
pushed our own root CA to all machines' trusted Root certificates and no
warnings shows up when a certificate that is signed by it gets served.

- The feature I am looking for is like "Burp's invisible proxy +
generate CA-signed per-host certificates" where a certificate is
generated on the fly for each host using a pre-defined pre-trusted root
CA while being able to inspect the payload "No, ettercap is not
production friendly and it does not allow HTTPS interception in bridge
sniffing, cain is no better".

- I know that wireshark decrypts SSL traffic when you provide it with
the private key, the tricky part is the
"on-the-fly-per-host-certificate-generation".

- That particular subnet's gateway is a linux machine with two NICs,
simple iptable nat, 30 computers...

- I am aware of few commercial products that does this, but I will
appreciate telling me how to do it for free.

Thanks in advance.
Sherif Eldeeb.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com