Snort mailing list archives
Re: snort ssl plug-in
From: "Jason Haar" <Jason.Haar () trimble co nz>
Date: Tue, 13 Jan 2004 23:41:19 +1300 (NZDT)
Derya Sezen said:
I wanna collect the private keys in my local trusted area & see the crypted traffic, ( i have the public keys of the both side) i think it is possible logically, no? Is there any Snort plug-in for that?!
Probably not doable. There was a discussion of this on the OpenSSL list a couple of months ago. Just having the full cert (pub+priv) in question doesn't necessarily mean you can build a sniffer that can decrypt SSL traffic. If static (RSA) keys are used, then yes, you can decrypt, but nothing I know of defaults to those SSL algorithms anymore. See http://ssldump.sourceforge.net/TROUBLESHOOTING for a good explanation of why decrypting SSL traffic via a network sniffer isn't easy. Jason ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort ssl plug-in Derya Sezen (Jan 13)
- Re: snort ssl plug-in Matt Kettler (Jan 13)
- Re: snort ssl plug-in Derya Sezen (Jan 13)
- RE: snort ssl plug-in robert schwartz (Jan 14)
- <Possible follow-ups>
- Re: snort ssl plug-in Jason Haar (Jan 13)
- Re: snort ssl plug-in Matt Kettler (Jan 13)