Project

General

Profile

Actions

Support #1996

closed

Suricata worked in IDS mode ,Could detection the https attack?

Added by wo wo about 8 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

I have the private key in the webserver.

If i send the http request:

http://192.168.1.100/a.php?id=1 and 1=1 union select 1,2,3 from test

the attack will be deteced in the fast.log

BUT i used the https request like:

https://192.168.1.100/a.php?id=1 and 1=1 union select 1,2,3 from test

and the suricata didn`t deteced the attack.

thanks.

Actions #1

Updated by Victor Julien about 8 years ago

Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.

Actions #2

Updated by Victor Julien about 8 years ago

  • Description updated (diff)
Actions #3

Updated by wo wo about 8 years ago

Victor Julien wrote:

Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.

Thanks.

Actions #4

Updated by Andreas Herz almost 8 years ago

Did you find a tool to that?

Actions #5

Updated by Victor Julien almost 8 years ago

  • Status changed from New to Closed
  • Assignee deleted (Victor Julien)
Actions #6

Updated by Hao Han about 6 years ago

Victor Julien wrote:

Suricata does not decrypt https traffic. You will need a third party tool to decrypt it and have that tool send the decrypted traffic to Suricata.

What tool could be used to decrypt ssl/tls traffic with the server's private key?

Actions

Also available in: Atom PDF