Snort mailing list archives
Re: Log HTTP(S) URLs
From: Manu <manu () yms ath cx>
Date: Thu, 15 Mar 2007 13:59:56 +0100
Hi Patrik, that makes sense. The same with dsniff. I was able to sniff the https URLs only by dnsspoofing and having the webmitm running. Well, I had hoped that snort would provide another way to sniff the URLs. Anyway, thanks. Regards, Manuel On Thu, 15 Mar 2007 11:29:24 +0100, Patrik Israelsson <patrik.israelsson () sentor se> wrote:
Huh? I believe you've missed the very point of HTTPS, which is that it is encrypted by definition. The Snort FAQ indeed states that you can use Snort to log HTTP requests, but you will never be able to do the same for HTTPS as all its traffic is encrypted (well, if you knew the key for the session in question you could theoretically decrypt it, but that's something else). Regards, Patrik On Thursday 15 March 2007 10:13, Manu wrote:Hi there, I am using Snort 2.6.1.3 on FreeBSD 6.2. The plan is to use snort onlyforlogging HTTP(S) URLs requested from the internal network. I already read in the faq that it is possible, but I should use thedsniffpackage for that kind of work. Well, I tried it, but the urlsnarf toolonlygets http urls. So, I am asking for help how the rule(s) must look like and hope thatyoucan help me. Many thanks in advance, Manuel-------------------------------------------------------------------------Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earncashhttp://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Log HTTP(S) URLs Manu (Mar 15)
- Re: Log HTTP(S) URLs Patrik Israelsson (Mar 15)
- Re: Log HTTP(S) URLs Manu (Mar 15)
- Re: Log HTTP(S) URLs Petersen, Mark (Mar 15)
- Re: Log HTTP(S) URLs Manu (Mar 16)
- Re: Log HTTP(S) URLs Jason Haar (Mar 16)
- Re: Log HTTP(S) URLs Manu (Mar 17)
- Re: Log HTTP(S) URLs Paul Melson (Mar 19)
- Re: Log HTTP(S) URLs Manu (Mar 15)
- Re: Log HTTP(S) URLs Patrik Israelsson (Mar 15)