Project

General

Profile

Actions

Feature #2513

open

Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools

Suricata read the SSLProxy header

Added by Marco Silva over 6 years ago. Updated about 4 years ago.

Status:
Feedback
Priority:
Normal
Target version:
Effort:
medium
Difficulty:
medium
Label:

Description

Hello. is it possible to implement in the suricata for it to read the SSLProxy header to get the source and destination correctly?

UTMFW supports the deep SSL inspection of HTTP, POP3, and SMTP protocols. SSL / TLS encrypted traffic is decrypted by SSLproxy and fed into the UTM services: Web Filter, HTTP Proxy, POP3 Proxy, SMTP Proxy, Virus Scanner, Spam Filter, and Inline IPS.

https://github.com/sonertari/SSLproxy

https://github.com/sonertari/UTMFW


Files

log.pcap (11.1 KB) log.pcap pcap SSLproxy header Marco Silva, 03/07/2019 09:05 PM
log3.pcap (24.7 KB) log3.pcap pcap SSLproxy header Marco Silva, 03/07/2019 09:05 PM
log4.pcap (14.9 KB) log4.pcap pcap SSLproxy header Marco Silva, 03/07/2019 09:05 PM

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #4965: Suricata should detect application layer protocol underneath SOCKSNewOISF DevActions
Actions

Also available in: Atom PDF