PaulDotCom mailing list archives
Re: Inspecting SSL traffic for free "A.K.A IDS/IPS on SSLconnections"
From: Sherif El-Deeb <archeldeeb () gmail com>
Date: Thu, 7 Jun 2012 06:50:53 +0300
Liam, Looks like just what I have been looking for, thanks a million! but it will be limited to HTTPS traffic "I guess?",... no POP3s or IMAPS. I managed yesterday to do a workaround that handled everything SSL: using SSLSplit "http://mirror.roe.ch/rel/sslsplit/sslsplit-latest.1.txt" and iptables. After running it for few hours it works fine, will do testing for a couple of days before pushing to production. Thanks again. Sherif Eldeeb. On Thu, Jun 7, 2012 at 5:28 AM, Liam Randall <Liam.Randall () gigaco com> wrote:
squid SSl-bump might do the trick for you. http://wiki.squid-cache.org/Features/SslBump Liam Randall -----Original Message----- From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Sherif El-Deeb Sent: Monday, June 04, 2012 12:50 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Inspecting SSL traffic for free "A.K.A IDS/IPS on SSLconnections" - I would like to inspect traffic for SSL(TLS?) connections, I already pushed our own root CA to all machines' trusted Root certificates and no warnings shows up when a certificate that is signed by it gets served. - The feature I am looking for is like "Burp's invisible proxy + generate CA-signed per-host certificates" where a certificate is generated on the fly for each host using a pre-defined pre-trusted root CA while being able to inspect the payload "No, ettercap is not production friendly and it does not allow HTTPS interception in bridge sniffing, cain is no better". - I know that wireshark decrypts SSL traffic when you provide it with the private key, the tricky part is the "on-the-fly-per-host-certificate-generation". - That particular subnet's gateway is a linux machine with two NICs, simple iptable nat, 30 computers... - I am aware of few commercial products that does this, but I will appreciate telling me how to do it for free. Thanks in advance. Sherif Eldeeb. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Inspecting SSL traffic for free "A.K.A IDS/IPS on SSL connections" Sherif El-Deeb (Jun 04)
- Re: Inspecting SSL traffic for free "A.K.A IDS/IPS on SSLconnections" Liam Randall (Jun 06)
- Re: Inspecting SSL traffic for free "A.K.A IDS/IPS on SSLconnections" Sherif El-Deeb (Jun 06)
- Re: Inspecting SSL traffic for free "A.K.A IDS/IPS onSSLconnections" Liam Randall (Jun 07)
- Re: Inspecting SSL traffic for free "A.K.A IDS/IPS onSSLconnections" Sherif El-Deeb (Jun 07)
- Re: Inspecting SSL traffic for free "A.K.A IDS/IPS on SSLconnections" Sherif El-Deeb (Jun 06)
- Re: Inspecting SSL traffic for free "A.K.A IDS/IPS on SSLconnections" Liam Randall (Jun 06)