Re: Using a transparent SSL proxy like mitmproxy or SSLSplit with Snort.

[Russ <rucombs () cisco com>]

Oliver,

That sounds like a fun project.  If you are using Snort 2.X, a modified 
DAQ is a good way to go since it fits in the architecture well.  For 
Snort++, I'd recommend implementing it Snort itself.  We have the latter 
on our roadmap.

Good luck!
Russ

On 10/16/15 5:07 PM, Olivier Soucy wrote:
> Hi!
>
> I’m Olivier Soucy and I’m a student of Sherbrooke University. I have a
> project to use a transparent SSL proxy with snort. Me and my team want
> to modify the code of afpacket daq to decrypt secure connections with
> the proxy. Do you think it is the best solution to analyse and process
> encrypted data with snort?
>
> Thanks to answer me!
> Olivier Soucy
> Student in computer science at Sherbrooke University
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!


------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!