[Snort-users] Breaking SSL
Luis Daniel Lucio Quiroz
luis.daniel.lucio at ...11827...
Mon Mar 30 16:30:42 EDT 2009
Snort pre-processor is discontinued, It does not compile against 2.8. However
I found viewssld, a daemon that uses dssl lib (owners of ssltech) to crypt and
drecrypt. It works but, it has a but.
Viewssl reads ssl traffic from a source interface and writes decrypted traffic in
other interface. It works, we successfully can snif dummy0 and see "GET
request" from a https connectioon. How ever, we are no able to see HTML in
return. I dont know if is a miss capability of viewssl or dssl lib does not
deals with this.
Any of you have tried this?
Le dimanche 15 mars 2009 10:46:22, Paul Melson a écrit :
> On Sun, Mar 15, 2009 at 12:19 PM, Luis Daniel Lucio Quiroz
> <luis.daniel.lucio at ...11827...> wrote:
> > If I set a snort in line mode, is it possible to break SSL connectiosn to
> > see what is going on? how?
> There's a third-party project for a Snort SSL prepocessor that can do
> this where you have the private key (web servers, SSL VPN, etc.)
More information about the Snort-users