Support #1996
closed
Suricata worked in IDS mode ,Could detection the https attack?
Added by wo wo over 7 years ago.
Updated over 5 years ago.
Description
I have the private key in the webserver.
If i send the http request:
http://192.168.1.100/a.php?id=1 and 1=1 union select 1,2,3 from test
the attack will be deteced in the fast.log
BUT i used the https request like:
https://192.168.1.100/a.php?id=1 and 1=1 union select 1,2,3 from test
and the suricata didn`t deteced the attack.
thanks.
Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.
- Description updated (diff)
Victor Julien wrote:
Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.
Thanks.
Did you find a tool to that?
- Status changed from New to Closed
- Assignee deleted (
Victor Julien)
Victor Julien wrote:
Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.
What tool could be used to decrypt ssl/tls traffic with the server's private key?
Also available in: Atom
PDF