WebApp Sec mailing list archives
RE: Security tool for monitoring HTTPS traffic?
From: John Reilly <JReilly () eSpatial com>
Date: Thu, 26 Feb 2004 11:40:43 -0000
Are they products they can look inside HTTPS traffic? Some customers doesn't trust HTTPS traffic going inside the company over the proxy!There is no way to look at the plain text content insidethe https traffic- that would defeat the whole purpose of https.4 words: Man in the middle. It's perfectly possable to intercept the inital exchange, and present the apperence of HTTPS, while evesdropping on the plain text.
Yes, you can do a man in the middle attack - I was thinking about passive interception, which is what I thought was being asked about (a product to look into any arbitrary https stream going through a proxy).
Current thread:
- RE: Security tool for monitoring HTTPS traffic? John Reilly (Feb 26)
- Re: Security tool for monitoring HTTPS traffic? Thomas Chiverton (Feb 26)
- Re: Security tool for monitoring HTTPS traffic? lists AT dawes DOT za DOT net (Feb 26)
- <Possible follow-ups>
- RE: Security tool for monitoring HTTPS traffic? Altheide, Cory B. (IARC) (Feb 26)
- RE: Security tool for monitoring HTTPS traffic? John Reilly (Feb 26)
- Re: Security tool for monitoring HTTPS traffic? dd (Feb 26)
- RE: Security tool for monitoring HTTPS traffic? Glyn (Feb 26)
- RE: Security tool for monitoring HTTPS traffic? Satish Chandra Prasad (Feb 26)
- RE: Security tool for monitoring HTTPS traffic? John Floyd (Feb 26)
- Re: Security tool for monitoring HTTPS traffic? Imre Kertesz (Feb 26)
- Re: Security tool for monitoring HTTPS traffic? lists AT dawes DOT za DOT net (Feb 28)
- Re: Security tool for monitoring HTTPS traffic? Gary Flynn (Feb 28)
- Re: Security tool for monitoring HTTPS traffic? Imre Kertesz (Feb 26)
- RE: Security tool for monitoring HTTPS traffic? najeeb . hatami (Feb 28)
- RE: Security tool for monitoring HTTPS traffic? Amichai Shulman (Mar 07)
- RE: Security tool for monitoring HTTPS traffic? Yoram Zahavi (Mar 10)