Project

General

Profile

Actions
Copy link

Support #1996

closed

Suricata worked in IDS mode ,Could detection the https attack?

Added by wo wo over 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

I have the private key in the webserver.

If i send the http request:

http://192.168.1.100/a.php?id=1 and 1=1 union select 1,2,3 from test

the attack will be deteced in the fast.log

BUT i used the https request like:

https://192.168.1.100/a.php?id=1 and 1=1 union select 1,2,3 from test

and the suricata didn`t deteced the attack.

thanks.

Actions
Copy link
 #1

Updated by Victor Julien over 7 years ago

Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.

Actions
Copy link
 #2

Updated by Victor Julien over 7 years ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by wo wo over 7 years ago

Victor Julien wrote:

Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.

Thanks.

Actions
Copy link
 #4

Updated by Andreas Herz over 7 years ago

Did you find a tool to that?

Actions
Copy link
 #5

Updated by Victor Julien about 7 years ago

  • Status changed from New to Closed
  • Assignee deleted (Victor Julien)
Actions
Copy link
 #6

Updated by Hao Han over 5 years ago

Victor Julien wrote:

Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.

What tool could be used to decrypt ssl/tls traffic with the server's private key?

Actions
Copy link

Also available in: Atom PDF