WebApp Sec mailing list archives

RE: Security tool for monitoring HTTPS traffic?

From: najeeb.hatami () gsa gov
Date: Fri, 27 Feb 2004 07:53:30 -0500


Glyn,

You mentioned a greate point.  some of these people could be hackers trying
to monitor HTTPS Traffice.  what he wants to monitor https first of all.
like you said he should have access to Server SSL KEYS.

NH.





                                                                                                                        
         
                                                                                                                        
         
                    Glyn                 To:     "'John Reilly'" <JReilly () eSpatial com>, "'Thomas Chiverton'"        
            
                    <glyng@moiler.        <thomas.chiverton () bluefinger com>                                          
            
                    com>                 cc:     webappsec () securityfocus com, (bcc: Najeeb 
Hatami/CONTRACTOR/PI/CO/GSA/GOV)      
                                         Subject:     RE: Security tool for monitoring HTTPS traffic?                   
         
                    02/26/2004                                                                                          
         
                    06:41 PM

Are they products they can look inside HTTPS traffic? Some
customers doesn't trust HTTPS traffic going inside the company
over the proxy!


There is no way to look at the plain text content inside

the https traffic

- that would defeat the whole purpose of https.


4 words: Man in the middle.

It's perfectly possable to intercept the inital exchange,

and present

the apperence of HTTPS, while evesdropping on the plain text.


Yes, you can do a man in the middle attack - I was thinking
about passive interception, which is what I thought was being
asked about (a product to look into any arbitrary https
stream going through a proxy).


Its not clear exactly what we're trying to achieve here.

If you are the provider of the HTTPS server then you presumably have access
to the server SSL keys.  There are IDS products(1) that will use the keys
and to monitor the content of HTTPS traffic as they would clear-text
communications.  You could use those to monitor/log/manage all requests

Glyn.

(1) Unforutunately I can't remember which product I've seen that does this.
Hopefully it'll job someone's memory on the list.

Current thread:

Re: Security tool for monitoring HTTPS traffic?, (continued)
- Re: Security tool for monitoring HTTPS traffic? lists AT dawes DOT za DOT net (Feb 26)
- RE: Security tool for monitoring HTTPS traffic? Altheide, Cory B. (IARC) (Feb 26)
- RE: Security tool for monitoring HTTPS traffic? John Reilly (Feb 26)
  - Re: Security tool for monitoring HTTPS traffic? dd (Feb 26)
  - RE: Security tool for monitoring HTTPS traffic? Glyn (Feb 26)
- RE: Security tool for monitoring HTTPS traffic? Satish Chandra Prasad (Feb 26)
- RE: Security tool for monitoring HTTPS traffic? John Floyd (Feb 26)
  - Re: Security tool for monitoring HTTPS traffic? Imre Kertesz (Feb 26)
    - Re: Security tool for monitoring HTTPS traffic? lists AT dawes DOT za DOT net (Feb 28)
    - Re: Security tool for monitoring HTTPS traffic? Gary Flynn (Feb 28)
- RE: Security tool for monitoring HTTPS traffic? najeeb . hatami (Feb 28)
- RE: Security tool for monitoring HTTPS traffic? Amichai Shulman (Mar 07)
- RE: Security tool for monitoring HTTPS traffic? Yoram Zahavi (Mar 10)
  - Re: Security tool for monitoring HTTPS traffic? Romain Vergniol (Mar 10)
- RE: Security tool for monitoring HTTPS traffic? David Wong (Mar 10)