[Oisf-users] OT: Sending unencrypted traffic with sslsplit to suricata

C.L. Martinez carlopmart at gmail.com
Mon May 11 08:14:39 UTC 2015

On 05/06/2015 07:12 AM, C.L. Martinez wrote:
> Hi all,
>   I have installed sslplit in my home firewall to intercept SSL/TLS
> connections and decrypt them.
>   All is working really well without issues but I am thinking to
> redirect this unencrypted traffic to a suricata host to inspect it.
>   Reading sslplit's man page it seems that is not possible:
> To actually implement an attack, you also need to redirect the traffic
> to the system running sslsplit.  Your options include running sslsplit
> on a legitimate router, ARP spoofing, ND spoofing, DNS poisoning,
> deploying a rogue access point (e.g. using hostap mode), physical
> recabling, malicious VLAN reconfiguration or route injection, /etc/hosts
> modification and so on.  SSLsplit does not implement the actual traffic
> redirection.
>   Any ideas how can I accomplish this? Maybe using some type of firewall
> rule??
> Thanks.

Please, any tip??


More information about the Oisf-users mailing list