Support #1996
closedSuricata worked in IDS mode ,Could detection the https attack?
Description
I have the private key in the webserver.
If i send the http request:
http://192.168.1.100/a.php?id=1 and 1=1 union select 1,2,3 from test
the attack will be deteced in the fast.log
BUT i used the https request like:
https://192.168.1.100/a.php?id=1 and 1=1 union select 1,2,3 from test
and the suricata didn`t deteced the attack.
thanks.
VJ Updated by Victor Julien over 9 years ago
Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.
VJ Updated by Victor Julien over 9 years ago
- Description updated (diff)
WW Updated by wo wo over 9 years ago
Victor Julien wrote:
Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.
Thanks.
AH Updated by Andreas Herz about 9 years ago
Did you find a tool to that?
VJ Updated by Victor Julien about 9 years ago
- Status changed from New to Closed
- Assignee deleted (
Victor Julien)
HH Updated by Hao Han over 7 years ago
Victor Julien wrote:
Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.
What tool could be used to decrypt ssl/tls traffic with the server's private key?