[Snort-devel] Using a transparent SSL proxy like mitmproxy or SSLSplit with Snort.

Russ rucombs at ...3461...
Fri Oct 16 17:26:44 EDT 2015


That sounds like a fun project.  If you are using Snort 2.X, a modified 
DAQ is a good way to go since it fits in the architecture well.  For 
Snort++, I'd recommend implementing it Snort itself.  We have the latter 
on our roadmap.

Good luck!

On 10/16/15 5:07 PM, Olivier Soucy wrote:
> Hi!
> I’m Olivier Soucy and I’m a student of Sherbrooke University. I have a
> project to use a transparent SSL proxy with snort. Me and my team want
> to modify the code of afpacket daq to decrypt secure connections with
> the proxy. Do you think it is the best solution to analyse and process
> encrypted data with snort?
> Thanks to answer me!
> Olivier Soucy
> Student in computer science at Sherbrooke University
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
> Please visit http://blog.snort.org for the latest news about Snort!

More information about the Snort-devel mailing list