Snort mailing list archives
Re: Breaking SSL
From: Luis Daniel Lucio Quiroz <luis.daniel.lucio () gmail com>
Date: Mon, 30 Mar 2009 14:30:42 -0600
Snort pre-processor is discontinued, It does not compile against 2.8. However I found viewssld, a daemon that uses dssl lib (owners of ssltech) to crypt and drecrypt. It works but, it has a but. Viewssl reads ssl traffic from a source interface and writes decrypted traffic in other interface. It works, we successfully can snif dummy0 and see "GET request" from a https connectioon. How ever, we are no able to see HTML in return. I dont know if is a miss capability of viewssl or dssl lib does not deals with this. Any of you have tried this? TIA Le dimanche 15 mars 2009 10:46:22, Paul Melson a écrit :
On Sun, Mar 15, 2009 at 12:19 PM, Luis Daniel Lucio Quiroz <luis.daniel.lucio () gmail com> wrote:If I set a snort in line mode, is it possible to break SSL connectiosn to see what is going on? how?There's a third-party project for a Snort SSL prepocessor that can do this where you have the private key (web servers, SSL VPN, etc.) http://www.ssltech.net/sfssl/index.html PaulM
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Breaking SSL Luis Daniel Lucio Quiroz (Mar 15)
- Re: Breaking SSL Paul Melson (Mar 15)
- Re: Breaking SSL Luis Daniel Lucio Quiroz (Mar 26)
- Re: Breaking SSL Joel Esler (Mar 26)
- Re: Breaking SSL Luis Daniel Lucio Quiroz (Mar 30)
- Re: Breaking SSL Luis Daniel Lucio Quiroz (Mar 26)
- Re: Breaking SSL Paul Melson (Mar 15)