Re: Security tool for monitoring HTTPS traffic?

[dd <dd () ghettohackers net>]

ssldump, just provide the servers private key/cert.

dd

John Reilly wrote:

> > > > Are they products they can look inside HTTPS traffic? Some
> > > > customers doesn't
> > > > trust HTTPS traffic going inside the company over the proxy!
> > >
> > > There is no way to look at the plain text content inside 
> >
> > the https traffic
> >
> > > - that would defeat the whole purpose of https.
> >
> > 4 words: Man in the middle.
> >
> > It's perfectly possable to intercept the inital exchange, and 
> > present the 
> > apperence of HTTPS, while evesdropping on the plain text.
>
>
> Yes, you can do a man in the middle attack - I was thinking about passive
> interception, which is what I thought was being asked about (a product to
> look into any arbitrary https stream going through a proxy).