[Snort-users] Breaking SSL

Luis Daniel Lucio Quiroz luis.daniel.lucio at ...11827...
Mon Mar 30 16:30:42 EDT 2009


Snort pre-processor is discontinued, It does not compile against 2.8.  However 
I found viewssld, a daemon that uses dssl lib (owners of ssltech) to crypt and 
drecrypt. It works but, it has a but.

Viewssl reads ssl traffic from a source interface and writes decrypted traffic in 
other interface.  It works, we successfully can snif dummy0 and see "GET 
request" from a https connectioon.  How ever, we are no able to see HTML in 
return.  I dont know if is a miss capability of viewssl or dssl lib does not 
deals with this.

Any of you have tried this?

TIA

Le dimanche 15 mars 2009 10:46:22, Paul Melson a écrit :
> On Sun, Mar 15, 2009 at 12:19 PM, Luis Daniel Lucio Quiroz
>
> <luis.daniel.lucio at ...11827...> wrote:
> > If I set a snort in line mode, is it possible to break SSL connectiosn to
> > see what is going on? how?
>
> There's a third-party project for a Snort SSL prepocessor that can do
> this where you have the private key (web servers, SSL VPN, etc.)
>
> http://www.ssltech.net/sfssl/index.html
>
> PaulM





More information about the Snort-users mailing list