Re: Security tool for monitoring HTTPS traffic?

> Are they products they can look inside HTTPS traffic?

  Most of the products mentioned can "look" inside the HTTPS
  traffic but they are meant to be used by individuals, as
  part of assessment. They are not actually looking into this
  traffic, rather they are standing in between the client and
  the server and only the traffic between them and the server
  is encrypted. The rest isn't.


> Some customers doesn't
> trust HTTPS traffic going inside the company over the proxy! For example, I
> have heard that a combination of squid and apache configuraion can do these,
> but I have never seen it.

  It sounds like you need to terminate your traffic on a
  different server and then forward unencrypted traffic to the
  actual server, at the same time listening to the unencrypted
  traffic (using Snort, for example).

  With Apache, this is a matter of setting up an SSL server which
  will not serve content itself but forward all requests to
  another server using mod_proxy (in a reverse proxy setup).

  You will find these links useful as they discuss this
  in more details:

  http://www.sans.org/rr/papers/35/249.pdf

http://hillside.net/europlop/europlop2003/papers/WorkshopC/C6_SommerladP.pdf

--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]