Feature #2513: Suricata read the SSLProxy header - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #2513

open

Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools

Suricata read the SSLProxy header

Added by Marco Silva over 6 years ago. Updated almost 4 years ago.

Status:

Feedback

Priority:

Normal

Assignee:

Community Ticket

Target version:

TBD

Effort:

medium

Difficulty:

medium

Label:

Description

Hello. is it possible to implement in the suricata for it to read the SSLProxy header to get the source and destination correctly?

UTMFW supports the deep SSL inspection of HTTP, POP3, and SMTP protocols. SSL / TLS encrypted traffic is decrypted by SSLproxy and fed into the UTM services: Web Filter, HTTP Proxy, POP3 Proxy, SMTP Proxy, Virus Scanner, Spam Filter, and Inline IPS.

https://github.com/sonertari/SSLproxy

https://github.com/sonertari/UTMFW

Files

Download all files

log.pcap (11.1 KB) log.pcap	pcap SSLproxy header	Marco Silva, 03/07/2019 09:05 PM
log3.pcap (24.7 KB) log3.pcap	pcap SSLproxy header	Marco Silva, 03/07/2019 09:05 PM
log4.pcap (14.9 KB) log4.pcap	pcap SSLproxy header	Marco Silva, 03/07/2019 09:05 PM

Related issues 1 (1 open — 0 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #2513

Suricata read the SSLProxy header

Updated by Jason Ish over 6 years ago

Updated by Andreas Herz over 6 years ago

Updated by Victor Julien over 6 years ago

Updated by Victor Julien over 5 years ago

Updated by Andreas Herz over 5 years ago

Updated by Marco Silva over 5 years ago

Updated by Marco Silva over 5 years ago

Updated by Victor Julien almost 4 years ago

Updated by Philippe Antoine 4 months ago