Re: SSL and Snort

["Edward Fjellskål" <edwardfjellskaal () gmail com>]

Hi,

I have found this:
http://gnucitizen.googlecode.com/svn/trunk/

httpproxy.py seems to do some of what you want, but
there is no easy way of sending the data to snort.
(you can see the traffic in console)

Maybe someone with a little python skill could split
the code up a bit and send the packets in cleartext
over a local loop interface with snort on it or something.

That would help the community a bit, but I dont know
about performance thought :/

Hope this inspires someone :)

E


On 02/06/2012 07:53 PM, PS wrote:
> Do you have personal experience with viewssld?
>
> I would like to do this for connections that are made out to the internet. Since I do not have the private keys for 
> the public web servers, I will be using a proxy server (squid) with its ssl-bump feature to perform the sslmitm. From 
> looking at the config file of viewssld, it looks like I will have to provide a certificate for each website that I 
> would like to monitor. Is that how sslmitm is usually performed?
>
> Do you know if many companies have sslmitm for internet connections, or is it primarily used for reverse proxy 
> implementations? 
>
> Thank you!
>
> On Feb 6, 2012, at 12:04 PM, Richard Bejtlich wrote:
>
> > This is a popular question...
> >
> > http://resources.infosecinstitute.com/ssl-decryption/
> >
> > Sincerely,
> >
> > Richard
> >
> > On Mon, Feb 6, 2012 at 11:51 AM, PS <packetstack () gmail com> wrote:
> > > Hello,
> > >
> > > Does anyone know of a free/opensource tool which could decrypt ssl and make accessible to snort?
> > >
> > > Something like a mitm proxy with the capability to pass the unencrypted packets over to snort for analysis.
> > >
> > > Thanks!
> > >
> > > Victor Pineiro
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > Try before you buy = See our experts in action!
> > > The most comprehensive online learning library for Microsoft developers
> > > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> > > Metro Style Apps, more. Free future releases when you subscribe now!
> > > http://p.sf.net/sfu/learndevnow-dev2
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!