Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Security tool for monitoring HTTPS traffic?

RE: Security tool for monitoring HTTPS traffic?

From: Altheide, Cory B. (IARC) <AltheideC_at_nv.doe.gov>
Date: Thu, 26 Feb 2004 09:22:53 -0800

> -----Original Message-----
> From: John Reilly [mailto:JReilly_at_eSpatial.com]
> Sent: Wednesday, February 25, 2004 2:19 AM
> To: webappsec_at_securityfocus.com
> Subject: RE: Security tool for monitoring HTTPS traffic?
>
>
>
>
> > I have a similar question too!
> >
> > Are they products they can look inside HTTPS traffic? Some
> > customers doesn't
> > trust HTTPS traffic going inside the company over the proxy!
>
> There is no way to look at the plain text content inside the
> https traffic - that would defeat the whole purpose of https.
>
> Regards,
> John

This is false.

If there were no way to look at the plain text content inside of HTTPS
traffic it would be exceedingly difficult for the intended recipient to do
anything useful with said HTTPS traffic (ie, one-way encryption).

Cory Altheide
Senior Network Forensics Specialist
NNSA Information Assurance Response Center (IARC)
altheidec_at_nv.doe.gov
 
Received on Feb 26 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos