[Oisf-users] OT: Sending unencrypted traffic with sslsplit to suricata
C.L. Martinez
carlopmart at gmail.com
Wed May 6 07:12:25 UTC 2015
Hi all,
I have installed sslplit in my home firewall to intercept SSL/TLS
connections and decrypt them.
All is working really well without issues but I am thinking to
redirect this unencrypted traffic to a suricata host to inspect it.
Reading sslplit's man page it seems that is not possible:
To actually implement an attack, you also need to redirect the traffic
to the system running sslsplit. Your options include running sslsplit
on a legitimate router, ARP spoofing, ND spoofing, DNS poisoning,
deploying a rogue access point (e.g. using hostap mode), physical
recabling, malicious VLAN reconfiguration or route injection,
/etc/hosts modification and so on. SSLsplit does not implement the
actual traffic redirection.
Any ideas how can I accomplish this? Maybe using some type of firewall
rule??
Thanks.
More information about the Oisf-users
mailing list