WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Security tool for monitoring HTTPS traffic?

From: "Altheide, Cory B. (IARC)" <AltheideC () nv doe gov>
Date: Thu, 26 Feb 2004 09:22:53 -0800
-----Original Message-----
From: John Reilly [mailto:JReilly () eSpatial com] 
Sent: Wednesday, February 25, 2004 2:19 AM
To: webappsec () securityfocus com
Subject: RE: Security tool for monitoring HTTPS traffic?





I have a similar question too!

Are they products they can look inside HTTPS traffic? Some
customers doesn't
trust HTTPS traffic going inside the company over the proxy! 


There is no way to look at the plain text content inside the 
https traffic - that would defeat the whole purpose of https.  

Regards,
John


This is false.

If there were no way to look at the plain text content inside of HTTPS
traffic it would be exceedingly difficult for the intended recipient to do
anything useful with said HTTPS traffic (ie, one-way encryption).

Cory Altheide
Senior Network Forensics Specialist
NNSA Information Assurance Response Center (IARC)
altheidec () nv doe gov
Previous By Date Next
Previous By Thread Next

Current thread: