[Snort-users] SSL and Snort

PS packetstack at ...11827...
Mon Feb 6 13:53:58 EST 2012

Do you have personal experience with viewssld?

I would like to do this for connections that are made out to the internet. Since I do not have the private keys for the public web servers, I will be using a proxy server (squid) with its ssl-bump feature to perform the sslmitm. From looking at the config file of viewssld, it looks like I will have to provide a certificate for each website that I would like to monitor. Is that how sslmitm is usually performed?

Do you know if many companies have sslmitm for internet connections, or is it primarily used for reverse proxy implementations? 

Thank you!

On Feb 6, 2012, at 12:04 PM, Richard Bejtlich wrote:

> This is a popular question...
> http://resources.infosecinstitute.com/ssl-decryption/
> Sincerely,
> Richard
> On Mon, Feb 6, 2012 at 11:51 AM, PS <packetstack at ...11827...> wrote:
>> Hello,
>> Does anyone know of a free/opensource tool which could decrypt ssl and make accessible to snort?
>> Something like a mitm proxy with the capability to pass the unencrypted packets over to snort for analysis.
>> Thanks!
>> Victor Pineiro
>> ------------------------------------------------------------------------------
>> Try before you buy = See our experts in action!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-dev2
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list