Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

RE: Security tool for monitoring HTTPS traffic?
From: "Altheide, Cory B. (IARC)" <AltheideC () nv doe gov>
Date: Thu, 26 Feb 2004 09:22:53 -0800
-----Original Message-----
From: John Reilly [mailto:JReilly () eSpatial com] 
Sent: Wednesday, February 25, 2004 2:19 AM
To: webappsec () securityfocus com
Subject: RE: Security tool for monitoring HTTPS traffic?





I have a similar question too!

Are they products they can look inside HTTPS traffic? Some
customers doesn't
trust HTTPS traffic going inside the company over the proxy! 


There is no way to look at the plain text content inside the 
https traffic - that would defeat the whole purpose of https.  

Regards,
John


This is false.

If there were no way to look at the plain text content inside of HTTPS
traffic it would be exceedingly difficult for the intended recipient to do
anything useful with said HTTPS traffic (ie, one-way encryption).

Cory Altheide
Senior Network Forensics Specialist
NNSA Information Assurance Response Center (IARC)
altheidec () nv doe gov

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]