LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Copying SSL traffic
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-17-2007, 10:14 AM   #1
LinuxGeek
Member
 
Registered: Jun 2002
Posts: 302

Rep: Reputation: 31
Copying SSL traffic

Hi,
I was wondering if there was any open-source product similar to "BreachView SSL". "BreachView SSL decrypts SSL traffic on the fly without terminating the SSL session and delivers clear text to the IDS sensor, for the first time eliminating the blind spot in most IDSs and extending IDS protection to SSL traffic on the network." Is there any way to get the same effect using open source software? Thank you for your help.
 
Old 03-17-2007, 01:52 PM   #2
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Breachview SSL requires that you have the private keys of the site whose traffic is to be inspected. There are several similar techniques with ettercap and similar open source applications. Wireshark has a "follow SSL stream" that seems to work exactly the same as BreachView SSL.
 
Old 03-18-2007, 03:37 PM   #3
LinuxGeek
Member
 
Registered: Jun 2002
Posts: 302

Original Poster
Rep: Reputation: 31
Thank you for your feedback. I do have the private key (it's my site after all). What I'm trying to do is:

a. copy the SSL stream [so that I have one stream that I can inspect with the IDS and the default stream goes to the web server]

b.allow the IDS to inspect the traffic.

From my understanding, using ettercap or Ethereal/Wireshark aren't really useful if I want to automate the stream copying and relaying.
 
Old 03-18-2007, 03:39 PM   #4
LinuxGeek
Member
 
Registered: Jun 2002
Posts: 302

Original Poster
Rep: Reputation: 31
Actually, I take that back. ettercap might be helpful (still investigating).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 12:09 AM
creating an SSL page under non SSL site with apache1.33? taiwf Linux - Software 1 06-27-2006 01:06 AM
SSL Connections / second and SSL Accelerator Cards on Linux LinuxGeek Linux - Networking 0 06-10-2006 08:18 AM
squid - virus scanning SSL traffic JackDante Linux - Networking 2 12-09-2005 07:01 AM
Wireless traffic stomps isdn traffic on gateway machine Radix999 Linux - Wireless Networking 0 11-14-2003 12:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:40 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration