RE: Security tool for monitoring HTTPS traffic?

["David Wong" <david.wong () foundstone com>]

Application IDS's are cool, but if you just want to look inside the SSL
stream, you can use this free/open-source tool to decrypt the SSL
session with the server's private certificate.

SSLdump http://www.rtfm.com/ssldump/



-----Original Message-----
From: Yoram Zahavi [mailto:YoramZ () gilian com] 
Sent: Wednesday, March 10, 2004 4:19 AM
To: webappsec () securityfocus com
Subject: RE: Security tool for monitoring HTTPS traffic?

One way around that is to is to have a sniffer-based device that is
capable
of SSL traffic decryption without the need to perform SSL termination
(i.e.
a proxy based solution). In this case, a server's private key is loaded
into
the device, which allows the reconstruction of decrypted plain text. SSL
handshake, client/server key exchange, and SSL session reuse are
passively
monitored to allow the decryption process. This approach was implemented
within Gilian's application IDS, which analyzes the decrypted text and
learns user and application behaviors, so it is capable of identifying
application attacks or unexpected application reply and information
disclosure.

Yoram Zahavi
R&D Team Leader
Gilian Technologies
Tel:    972-9-9560036 x240
Fax:    972-9-9565668
www.gilian.com


-----Original Message-----
From: Andreas Fredrich [mailto:andreas.fredrich () avinci de]
Sent: Tuesday, February 24, 2004 4:56 PM
To: webappsec () securityfocus com
Subject: Security tool for monitoring HTTPS traffic?



I have a similar question too!

Are they products they can look inside HTTPS traffic? Some customers
doesn't
trust HTTPS traffic going inside the company over the proxy! For
example, I
have heard that a combination of squid and apache configuraion can do
these,
but I have never seen it.

Every information will help me!

Mit freundlichen Gruessen/ Best Regards/ Avec meilleures salutations

A. Fredrich