Support #1996
closedSuricata worked in IDS mode ,Could detection the https attack?
Description
I have the private key in the webserver.
If i send the http request:
http://192.168.1.100/a.php?id=1 and 1=1 union select 1,2,3 from test
the attack will be deteced in the fast.log
BUT i used the https request like:
https://192.168.1.100/a.php?id=1 and 1=1 union select 1,2,3 from test
and the suricata didn`t deteced the attack.
thanks.
Updated by Victor Julien almost 8 years ago
Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.
Updated by wo wo almost 8 years ago
Victor Julien wrote:
Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.
Thanks.
Updated by Victor Julien almost 8 years ago
- Status changed from New to Closed
- Assignee deleted (
Victor Julien)
Updated by Hao Han about 6 years ago
Victor Julien wrote:
Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.
What tool could be used to decrypt ssl/tls traffic with the server's private key?